[Fedora-directory-users] PassSync : Windows Active Directory remember my last 2 passwords
Hugo Etievant
hugo.etievant at inrp.fr
Wed Nov 12 10:37:19 UTC 2008
It is not a bug, it is a feature !
thanks
devzero2000 a écrit :
> Not so strange. It is a Windows Feature well know (sigh)
>
> On Fri, Nov 7, 2008 at 2:25 PM, Hugo Etievant <hugo.etievant at inrp.fr
> <mailto:hugo.etievant at inrp.fr>> wrote:
>
> hello,
>
> I discovered a strange behavior with Active Directory LDAP protocol !
>
> My config :
> - an Active Directory on MS Windows Server 2003 SP2 + PassSync service
> - a Fedora Directory Server 1.1.3 + Replication Agreement for
> Windows synchronization
>
> Bidirectional synchronization of accounts is running, it is OKAY.
>
> When an administrator reset an user password with Administration
> Server Console,
> this user can connects him to Windows LDAP with the new password
> choosed by administrator (the sync of password is OK),
> But this user can also uses the previous password (big surprise) !
> => both are accepted by Windows LDAP : the last and the previous
> password !!!
>
> How that can be possible ???!
> And how to stop this strange behavior ?
>
>
> User connexions are made with ldapsearch command :
> /usr/lib/mozldap/ldapsearch -h adfds -P /etc/dirsrv/slapd-fds3/ -m
> /etc/dirsrv/slapd-fds3/ -D "cn=Gontran
> Bonheur,cn=Users,dc=example,dc=fr" -b "cn=Users,dc=example,dc=fr"
> -w - "(cn=Gontran Bonheur)" dn
> This request accepts the new and the previous passwords !!!!!!
>
> If I force "Send and Receive Updates Now" in the Console, the
> behavior does not change.
>
> If my user uses Windows login banner, this behavior doesn't appear.
>
--
* Hugo Étiévant *
More information about the Fedora-directory-users
mailing list