Are you using Active Directory as the LDAP server? If so, that's where the issue lies. When a user changes their password in an AD domain, both the old and new passwords are accepted for a period to allow time for replication between the Domain Controllers. From what I understand, this is related to NTLM authentication (http://support.microsoft.com/kb/906305/en-us) as AD is actually doing some type of NTLM authentication internally when you do an LDAP bind.
-Eric -- Eric Pierce Identity Management Architect Information Technology University of South Florida (813) 974-8868 -- [email protected] ________________________________ From: David Olivier <[email protected]> Sent: Thursday, February 27, 2014 12:01 PM To: [email protected] Subject: [cas-user] A cache somewhere in CAS? Hi to all. We have a problem with our CAS server. It authenticates against an LDAP server. I include the deployerConfigContext.xml file that specifies (if I understand correctly) the method used. (Passwords deleted.) I'm sorry for not being more specific about our configuration, but our CAS server was originally installed by an external company and we don't understand all the workings. Our problem is that when we change the password of a user through another application in our LDAP server, for about 15 minutes the CAS server accepts both the old and the new passwords. It is as if there was some cache involved somewhere. It appears to be session-independent. Does that ring a bell? Thanks for any answer you can give. David -- David Olivier<http://david.olivier.name/> Fixe 0478773079; portable 0642060747 ????Accorder notre pr??f??rence ?? la vie d??'un ??tre simplement parce qu??'il est membre de notre esp??ce nous mettrait dans la m??me position que les racistes qui accordent leur pr??f??rence aux membres de leur propre race.???? - Peter Singer, La Lib??ration animale -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
