|Project:||Lightweight Directory Access Protocol (LDAP)|
User A logs in successful against the AD server. User B then logs in successfully on a separate computer. User A looks at his account via the "My Account" link and is now logged in as User B.
Under Servers, we are using a Service Account Bind, AuthName/AccountName is "SAMAccountName", Email Attribute is "UserPrincipalName", Unique User ID Attribute is "dn", Expression for user DN is "cn=%username,%basedn".
Under User, we "Show option on user create form to determine how account conflict is resolved", "Create or Sync to Drupal user anytime a Drupal user account is created or updated. Requires a server with binding method of "Service Account Bind" or "Anonymous Bind", "Associate Drupal Account with the LDAP entry", "Account creation settings at /admin/config/people/accounts/settings do not affect LDAP Associated Drupal accounts", "Do not check for orphaned Drupal accounts".
Authentication settings are "Only LDAP Authentication is allowed except for user 1", "Show disabled email field on usr forms...", and "Update stored email if LDAP email differs at login but don't notify user."
Thanks for any help you can lend!