I've done a bit of searching and haven't found any answers to this problem. I apologize in advance if this has been brought up before (if it has, send me a link please).

I am using an active directory server to authenticate my drupal site. When I change the password for a user on the AD server, I can use both the old and new passwords to successfully log into the drupal site for a large period of time after changing the password. I've tried running cron, clearing the cache (using devel.module), and even restarting the browser and server and I can still log in with both passwords. I have the ldap_integration module set to use "LDAP directory only". The old password does seem to eventually stop working.

Is there a way to have the change take place immediately (or at least when the user next logs in) and/or not have two valid passwords at one time? Let me know if you need any more information about my setup.

Comments

rick.archibald’s picture

Subscribing - have the same issue.

johnbarclay’s picture

Status: Active » Closed (won't fix)

Closing 5.x issues to clean out issue queue.