Re: ADAM proxy authentication + Old password still working after resetPassword

From: Dmitri Gavrilov [MSFT] (dmitrig_at_online.microsoft.com)
Date: 05/26/04

Next message: Al Mulnick: "Re: DSmove command line"
Previous message: anonymous_at_discussions.microsoft.com: "Re: User Logon hours Server 2003"
In reply to: Seetha: "ADAM proxy authentication + Old password still working after resetPassword"
Next in thread: Eric Fleischman [MSFT]: "Re: ADAM proxy authentication + Old password still working after resetPassword"
Reply: Eric Fleischman [MSFT]: "Re: ADAM proxy authentication + Old password still working after resetPassword"
Reply: Joe Kaplan \(MVP - ADSI\): "Re: ADAM proxy authentication + Old password still working after resetPassword"
Messages sorted by: [ date ] [ thread ]

Date: Wed, 26 May 2004 15:01:20 -0600

Try this from LDP. If it works as expected, then the problem is with ADSI
connection caching. Make sure you close all connections, though I don't know
if you can force close with S.DS. In the worst case, call garbage
collection.

-- 
Dmitri Gavrilov
SDE, Active Directory Core
This posting is provided "AS IS" with no warranties, and confers no rights.
Use of included script samples are subject to the terms specified at
http://www.microsoft.com/info/cpyright.htm
"Seetha" <seethaj@yahoo.com> wrote in message
news:O86gdA2QEHA.3596@tk2msftngp13.phx.gbl...
> I have AD and ADAM setup in a Win 2003 server. Usernames and passwords are
> maintained at AD and it acts as the authentication source. All the other
> information about users are stored in ADAM using bind proxies.
>
>
> After I issue ResetPassword command to AD, I am able to authenticate for a
> while (anywhere between 10 mts to 30 mts) using both the old password and
> new password through ADAM bind proxy.  Am not sure where the old password
is
> still cached. Here is the code for  authenticate() and resetPassword().
>
> public bool authenticate(string username, string password)
>   {
>    string userDN;
>    string userLoginName;
>    DirectoryEntry entry;
>
>     userDN = "LDAP://" + m_adamServerName+ "/" + "CN=" + username + "," +
> m_adamUsersContainerPath;
>    userLoginName = "CN=" + username +  ", " +
this.m_adamUsersContainerPath;
>    entry = new DirectoryEntry( userDN, userLoginName, password,
> AuthenticationTypes.None);
>    try
>    {
>     // Bind to the native AdsObject to force authentication.
>     Object obj = entry.NativeObject;
>    }
>    catch(System.Exception ex)
>    {
>     m_log.Error("Error logging in the user " +username, ex);
>     return false;
>    }
>    return true;
>   }
>
>
>  public bool ResetPassword(string username, string password)
>   {
>
>    // Get the user in Active Directory to reset the password
>    // Note that AuthenticationsTypes is set to Secure and ServerBind
>    // so that SetPassword can go through successfully in a later step.
>    string userDN = "LDAP://" + m_adServer + "/CN=" + username + "," +
> m_adUsersContainerPath;
>    DirectoryEntry user = new DirectoryEntry(userDN,
this.m_adAdminUsername,
> this.m_adAdminPassword,
> AuthenticationTypes.Secure|AuthenticationTypes.ServerBind);
>    try
>    {
>     user.Invoke("SetPassword", new object[] { password } );
>    }
>    catch(System.Exception ex)
>    {
>     m_log.Error("Failed to reset password for " + username,
> ex.InnerException);
>     return false;
>    }
>    return true;
>   }
>
>
> Any idea why old password still works?  I have made sure that after the
> password is changed all the objects are destroyed before user logs in to
> avoid any ADSI caching...).
>
> Thanks,
> Seetha.
>
>

Next message: Al Mulnick: "Re: DSmove command line"
Previous message: anonymous_at_discussions.microsoft.com: "Re: User Logon hours Server 2003"
In reply to: Seetha: "ADAM proxy authentication + Old password still working after resetPassword"
Next in thread: Eric Fleischman [MSFT]: "Re: ADAM proxy authentication + Old password still working after resetPassword"
Reply: Eric Fleischman [MSFT]: "Re: ADAM proxy authentication + Old password still working after resetPassword"
Reply: Joe Kaplan \(MVP - ADSI\): "Re: ADAM proxy authentication + Old password still working after resetPassword"
Messages sorted by: [ date ] [ thread ]

Relevant Pages

Authenticate user in OpenLDAP with username and password
... I need to validate a user with username and password against our ... Private bool ValidateUser (string username, ... DirectoryEntry userEntry = new DirectoryEntry( ... //Bind to the native AdsObject to force authentication. ...
(microsoft.public.dotnet.framework)
Authenticate user in OpenLDAP with username and password
... I need to validate a user with username and password against our ... Private bool ValidateUser (string username, ... DirectoryEntry userEntry = new DirectoryEntry( ... //Bind to the native AdsObject to force authentication. ...
(microsoft.public.dotnet.general)
Re: Authenticate user in OpenLDAP with username and password
... I need to validate a user with username and password against our ... Private bool ValidateUser (string username, ... DirectoryEntry userEntry = new DirectoryEntry( ... //Bind to the native AdsObject to force authentication. ...
(microsoft.public.dotnet.languages.csharp)
Authenticate user in OpenLDAP with username and password
... I need to validate a user with username and password against our ... Private bool ValidateUser (string username, ... DirectoryEntry userEntry = new DirectoryEntry( ... //Bind to the native AdsObject to force authentication. ...
(microsoft.public.dotnet.languages.csharp)
Re: ADAM proxy authentication + Old password still working after resetPassword
... you can call Dispose on all of your DirectoryEntry ... Here is the code for authenticate() and resetPassword. ... >> public bool ResetPassword(string username, string password) ...
(microsoft.public.windows.server.active_directory)