Re: LDAP bind allowing old password for 1 hour
- From: AlanAlbany <AlanAlbany@xxxxxxxxxxxxx>
- Date: Sun, 25 May 2008 21:36:00 -0700
Hi
The test code I supplied is not the code from the (third party) SSO
application but just something we wrote to reproduce the problem.
Unfortunately we do not have access to the code used in the SSO application.
The domain controller is in a stand-alone domain/forest used primarily as a
central password synchronisation domain and the client is external to this
domain/forest. Its looking like we will need to ask them to use a different
technique to authenticate other than using a simple LDAP bind to avoid this
"feature" in Windows 2003 Active Directory. (For other purposes we have
written web services that use .Net to authenticate a user and these do not
exhibit the problem - we may need to get the SSO application to use such a
web service.)
Regards,
Alan
.
- References:
- LDAP bind allowing old password for 1 hour
- From: AlanAlbany
- RE: LDAP bind allowing old password for 1 hour
- From: Jian-Ping Zhu [MSFT]
- RE: LDAP bind allowing old password for 1 hour
- From: AlanAlbany
- Re: LDAP bind allowing old password for 1 hour
- From: Joe Kaplan
- Re: LDAP bind allowing old password for 1 hour
- From: Michael Ströder
- LDAP bind allowing old password for 1 hour
- Prev by Date: Re: Global Catalog not Found
- Next by Date: Re: Global Catalog not Found
- Previous by thread: Re: LDAP bind allowing old password for 1 hour
- Next by thread: Re: change domain admin password
- Index(es):
Relevant Pages
|
