When connecting to LDAP for authentication, user can still login with old password. At the same time, even new password works. What can be done so that only one password works?

The possible steps to be followed to encounter this issue are as follows: 1) Login to application 2) Change windows password 3) Logout of application 4) Login to application using old password 5) This succeeds when it should not. 6) Login to application using new password. This succeeds and it should. 7) Reboot application, old password still works and still shouldn't. 8) Reboot machine, old password still works and still shouldn't. There is an option with Windows OS to have both old as well as new passwords working for the first 1 hour. Hence, even after changing the LDAP password, it will allow the user to login using old or new password for the first 1 hour. The below-specified link provides more information on this behavior: (https://jira.springsource.org/browse/SEC-1145). Also, Microsoft recommends a setting that has to be made called "old password lifetime period". By making this setting, only the new password shall work. This varies depending on the Operating System used. The link specified below has more information on this: (http://support.microsoft.com/?kbid=906305).

Related Articles
User has changed the LDAP password, but old one still works. Why?
Follow the steps given below to resolve this issue: 1) Login to application. 2) Change the windows password. 3) Log out of application. 4) Login to application using old password. 5) Login to application using new password. 6) Restart the ...
Login Page: New Products added taking longer time to Load
The portlet - 'New Products Added' available in the login page is meant to view a list of products for last 1 week/1 month etc. We have observed that there were close to 320 Products in the last 1 week. Therefore, the login page is taking longer time ...
How can I get the new user password information mail in Spanish language?
Ensure that the below specified property values contain the equivalent Spanish translations in the 'arc_labels_es.properties' file.- (Tomcat\webapps\config\locale) a) arc.hello = (S) Hello b) arc.best.regards = (S) Best Regards c) arc.system.admin = ...
I had changed the server password recently. Now I cannot login to ARC using LDAP. What should I do?
You have to update the 'adminPassword' in the 'ldap.properties' file (Example,D:\ARC6.0\LDAPTool\config), with the new password. Otherwise, LDAP might provide authentication errors, after changing the server password.
Unable to auto-login to ARC even if LDAP settings are set right. What could be the Issue?
Attached are the docs which can be referred to cross-verify LDAP configurations. Also cross-verify the IE setting if they are optimally configured as specified in the IE Compatibility Settings doc

When connecting to LDAP for authentication, user can still login with old password. At the same time, even new password works. What can be done so that only one password works?

When connecting to LDAP for authentication, user can still login with old password. At the same time, even new password works. What can be done so that only one password works?

Related Articles

User has changed the LDAP password, but old one still works. Why?

Login Page: New Products added taking longer time to Load

How can I get the new user password information mail in Spanish language?

I had changed the server password recently. Now I cannot login to ARC using LDAP. What should I do?

Unable to auto-login to ARC even if LDAP settings are set right. What could be the Issue?