LDAP Caching
- From: "Adrian Marsh (NNTP)" <adrian.marsh@xxxxxxxxxxxxxxxxxxxxxxx>
- Date: Fri, 18 Apr 2008 16:19:43 +0100
Hi All,
This is a bit longwinded, so heres a quick version: LDAP lookups on SBS seem to be cached, unexpectedly, and need to figure out if this is true and/or where the settings are.
Detail:
I'm experimenting between Apache and my SBS server for LDAP lookups for authentication.
I have Apache set with a 10s window for LDAP caching (test environment so this should be ok).
I execute an SVN command to Apache, which in turn should authenticate against LDAP. I loop this every 5s to get a repetative test.
Heres the problem: When I change the target users password, I expect SVN to re-prompt for a new password. However 90% of the time it doesn't. It seems to continue using the old password.
I put wireshark between Apache and SBS, and I can see LDAP Bind and Unbind requests, with a Success message. I see this repeat every 10-15s as per the Apache directive I have for a 10s cache.
If I disable the target account, on the next itteration I get an immediate failure/prompt. (100% of the time as hoped).
If I login via the Exchange WWW interface, then I cant login with the old password, and have to use the new one (as expected). At the same time, my loop is still succeeding with the old password.
So I setup another LDAP client tool, and I find that I can still authenticate using the old password.
So it seems that internally in SBS, the ldap <> NT system is caching (?)
If so, how long for and how do I config it?
There have been times though, where on changing the password, the LDAP lookup has immediately failed - as hoped for..
Any ideas?
Thanks,
Adrian
.
- Prev by Date: CompanyWeb Question
- Next by Date: Re: Need good basic Exchange implementation documentation
- Previous by thread: CompanyWeb Question
- Next by thread: Sending messages to different smtp servers?
- Index(es):
Relevant Pages
|
Loading
