User can login with original password even if password at ldap side has been changed (OD-24)

Robin Shen opened 6 years ago

No description

OneDev referenced from other issue 6 years ago

Setting up LDAP Authentication (onedev/manual#1)

Closed
Algy Taylor commented 6 years ago

Thanks dude :)
Robin Shen commented 6 years ago

I checked again with Active Directory, and it turns out that AD will cache last used passwords for some time. So even if password has been changed at AD side, user can still login with previous password. This article tells how to disable password cache:

https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2003/cc755473(v=ws.10)?redirectedfrom=MSDN

Also for administrator account, OneDev will always use internal password instead of LDAP, in order not to be locked out of the system.

Please verify.

BTW: 3.0.5 is released with some improvements and bug fixes.
Algy Taylor commented 6 years ago

Ah, I've just realised ... I created a local 'algy.taylor' username and couldn't work out how to switch the user to LDAP ... it turns out, you don't need to create a local user first!!

Sorry, that's me being an idiot and there's not an issue at all. Might be worth adding that to the documentation, though, just to stop future morons from doing what I've done ;)

Did I mention onedev is amazing? Hehe
Robin Shen changed state to 'Closed' 6 years ago
Previous Value Current Value
Open

Closed
Robin Shen commented 6 years ago

No problem at all. Closing it now.
Login to comment

Previous Value	Current Value
Open	Closed

Issue Votes (0)

Watchers (2)

Reference

OD-24