Disabled account and LDAP

[Guest]

We have a 2003 server running AD and are using it with LDAPS for
authentication. If I disable an account, I can still authenticate using that
account over LDAP. Has anyone else seen this?

 

[Joe Richards [MVP]]

How specifically are you trying to authenticate. Windows auth is normally based
on kerberos. If you already have a kerb cert for a resource, it isn't affect by
disables until it expires and has to be renewed which could be up to 10 hours.

If you are forcing a new auth against AD with the LDAP bind then you should be
seeing it fail immediately.


joe

 

[Guest]

We are using LDAP bind. I tried patching the server with SP1 last night and
a number of services wouldn't start after it was applied. Not sure what is
causing the problem but since the box is used for testing only, I'm not in a
really big hurry to figure out what is wrong.

 

[Joe Richards [MVP]]

LDAP Simple Bind? Or sending creds and a password and asking for secure auth?