CloudStack doesnt store LDAP password locally. It queries AD server for every authentication.Both the passwords being usable for sometime is actually AD feature. You can change the time interval for which both are usable in AD. I think the default is 60 min.https://support.microsoft.com/en-us/kb/906305
~ Rajanihttp://cloudplatform.accelerite.com/ On August 1, 2016 at 11:32 AM, Marty Godsey (ma...@gonsource.com) wrote:Hello, I have a lab CloudStack that is authenticating to an active directory and it works great accept one thing. If I change the password on the AD user, ACS still allows the user to log into the ACS portal with the old AND the new password... Is there a refresh interval for LDAP accounts? Does it store a hash in the ACS database? Did I miss a setting? Regards,Marty Godsey