Re: ADAM proxy authentication + Old password still working after resetPassword

From: Joe Kaplan \(MVP - ADSI\) (joseph.e.kaplan_at_removethis.accenture.com)
Date: 05/26/04 

Date: Wed, 26 May 2004 16:34:37 -0700

FWIW, you can (and should) call Dispose on all of your DirectoryEntry
objects to make sure the underlying COM objects are cleaned up.

However, I'm not sure if that will fix the issue.

Joe K.

"Dmitri Gavrilov [MSFT]" <dmitrig@online.microsoft.com> wrote in message
news:%23Po4VS2QEHA.3944@tk2msftngp13.phx.gbl...
> Try this from LDP. If it works as expected, then the problem is with ADSI
> connection caching. Make sure you close all connections, though I don't
know
> if you can force close with S.DS. In the worst case, call garbage
> collection.
>
> --
> Dmitri Gavrilov
> SDE, Active Directory Core
>
> This posting is provided "AS IS" with no warranties, and confers no
rights.
> Use of included script samples are subject to the terms specified at
> http://www.microsoft.com/info/cpyright.htm
>
> "Seetha" <seethaj@yahoo.com> wrote in message
> news:O86gdA2QEHA.3596@tk2msftngp13.phx.gbl...
> > I have AD and ADAM setup in a Win 2003 server. Usernames and passwords
are
> > maintained at AD and it acts as the authentication source. All the other
> > information about users are stored in ADAM using bind proxies.
> >
> >
> > After I issue ResetPassword command to AD, I am able to authenticate for
a
> > while (anywhere between 10 mts to 30 mts) using both the old password
and
> > new password through ADAM bind proxy. Am not sure where the old
password
> is
> > still cached. Here is the code for authenticate() and resetPassword().
> >
> > public bool authenticate(string username, string password)
> > {
> > string userDN;
> > string userLoginName;
> > DirectoryEntry entry;
> >
> > userDN = "LDAP://" + m_adamServerName+ "/" + "CN=" + username + ","
+
> > m_adamUsersContainerPath;
> > userLoginName = "CN=" + username + ", " +
> this.m_adamUsersContainerPath;
> > entry = new DirectoryEntry( userDN, userLoginName, password,
> > AuthenticationTypes.None);
> > try
> > {
> > // Bind to the native AdsObject to force authentication.
> > Object obj = entry.NativeObject;
> > }
> > catch(System.Exception ex)
> > {
> > m_log.Error("Error logging in the user " +username, ex);
> > return false;
> > }
> > return true;
> > }
> >
> >
> > public bool ResetPassword(string username, string password)
> > {
> >
> > // Get the user in Active Directory to reset the password
> > // Note that AuthenticationsTypes is set to Secure and ServerBind
> > // so that SetPassword can go through successfully in a later step.
> > string userDN = "LDAP://" + m_adServer + "/CN=" + username + "," +
> > m_adUsersContainerPath;
> > DirectoryEntry user = new DirectoryEntry(userDN,
> this.m_adAdminUsername,
> > this.m_adAdminPassword,
> > AuthenticationTypes.Secure|AuthenticationTypes.ServerBind);
> > try
> > {
> > user.Invoke("SetPassword", new object[] { password } );
> > }
> > catch(System.Exception ex)
> > {
> > m_log.Error("Failed to reset password for " + username,
> > ex.InnerException);
> > return false;
> > }
> > return true;
> > }
> >
> >
> > Any idea why old password still works? I have made sure that after the
> > password is changed all the objects are destroyed before user logs in to
> > avoid any ADSI caching...).
> >
> > Thanks,
> > Seetha.
> >
> >
>
>

Relevant Pages