I've set up LDAP authentication using pam_ldap on a server and it seemed to be working just fine to begin with, but now I have a problem. Whenever a user changes his password in Active directory, it syncs just fine with LDAP and therefor every system that uses LDAP authentication, except this server which still accepts the old password.
I've tried "getent passwd" and it does list every user in LDAP, and I also tried adding a new user in LDAP, which my server immediately recognized when I try "getent passwd" again.
So apparently my server is commmunicating with LDAP, just not when it comes to new passwords, those the server chooses to cache somewhere.
Google hasn't been helpful at all and some people seem to have had similar problems but thei开发者_如何学Gor questions always go unanswered.
Hope someone can help.
You may have nscd installed. Check /etc/nscd.conf and lower the TTL.
精彩评论