Marty see response in-line On 7/31/16 11:32 PM, Marty Godsey wrote: > The password has been changed. If I try to log onto a machine in the domain > with the old password it tells me the password is incorrect. correct behavior
If I use the new one, it logs me into the machine. also correct behavior There are only three accounts in the ACS instance: admin, bare-metal and testallow. Testallow is the LDAP account. not following where the issue might be > > > Regards, > Marty Godsey > > -----Original Message----- > From: ilya [mailto:ilya.mailing.li...@gmail.com] > Sent: Monday, August 1, 2016 2:29 AM > To: users@cloudstack.apache.org > Subject: Re: LDAP (Active Directory) password concerns > > Do you happen to have local account as well as ldap account set? > > It usually follows one authentication method (ldap) followed by another > (local). Please confirm the passwords are different. > > I will be testing ldap this week and will let you know if i see this issue. > I've used it in past, I'd be surprised to see this behavoiur, last i recall, > we dont cache - and do a lookup to LDAP each time user tries to > authenticate.. You should see this in the logs.. > > > Regards, > ilya > > On 7/31/16 11:01 PM, Marty Godsey wrote: >> Hello, >> >> I have a lab CloudStack that is authenticating to an active directory and it >> works great accept one thing. If I change the password on the AD user, ACS >> still allows the user to log into the ACS portal with the old AND the new >> password... >> >> Is there a refresh interval for LDAP accounts? Does it store a hash in the >> ACS database? Did I miss a setting? >> >> Regards, >> Marty Godsey >> >>