Users can still login with old LDAP password
 Technote (troubleshooting)
 
Problem(Abstract)
Users running with Global Security enabled authenticating to an Active Directory LDAP may notice after changing a user's LDAP password, the user is still able to login with the OLD password.
 
Cause
The problem is caused by a change in the NTLM network authentication behavior on Windows®. See the following link for details:
http://support.microsoft.com/default.aspx?scid=kb;EN-US;906305
 
Resolving the problem
To resolve this problem follow the steps in the above article. If the above does not work or does not apply to your environment, try disabling the AuthCache to be sure the authentication is going to the back end registry each time. This can be achieved by setting the JVM (Java™ Virtual Machine) Property:

Application servers > server1 > Process Definition > Java Virtual Machine > Custom Properties. Click New.

Name: com.ibm.websphere.security.util.authCacheEnabled
Value: BasicAuthDisabled

For questions about this, please see this Information Center article.

After setting this property and restarting the server, if the problem still occurs then the problem is the back end registry is still authenticating the old password. To resolve that, you would need to check with the back end registry provider.

Note: It is not recommended to disable the AuthCache permanently. This is only suggested for testing purposes.
 
 
Cross Reference information
Segment Product Component Platform Version Edition
Application Servers Runtimes for Java Technology Java SDK
 
 


Document Information


Product categories: Software > Application Servers > Distributed Application & Web Servers > WebSphere Application Server > Security
Operating system(s): Windows
Software version: 6.1
Software edition:
Reference #: 1249979
IBM Group: Software Group
Modified date: Oct 19, 2007