Disabled account and LDAP

G

Guest

We have a 2003 server running AD and are using it with LDAPS for
authentication. If I disable an account, I can still authenticate using that
account over LDAP. Has anyone else seen this?
 
J

Joe Richards [MVP]

How specifically are you trying to authenticate. Windows auth is normally based
on kerberos. If you already have a kerb cert for a resource, it isn't affect by
disables until it expires and has to be renewed which could be up to 10 hours.

If you are forcing a new auth against AD with the LDAP bind then you should be
seeing it fail immediately.


joe
 
G

Guest

We are using LDAP bind. I tried patching the server with SP1 last night and
a number of services wouldn't start after it was applied. Not sure what is
causing the problem but since the box is used for testing only, I'm not in a
really big hurry to figure out what is wrong.
 
J

Joe Richards [MVP]

LDAP Simple Bind? Or sending creds and a password and asking for secure auth?
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

LDAP Query Question 2
SSL connect to LDAP 0
LDAP questions 2
LDAP 1
how to tell if an AD server supports LDAP over SSL? 2
Authenticating users in external LDAP 2
Licensing: Linux/PHP auth against AD 2
LDAP Authentication 1

Top