0001557: Ldap Password got cached - SOGo

ID	Project	Category	View Status	Date Submitted	Last Update

0001557	SOGo	Web General	public	2011-12-26 16:44	2012-03-16 19:00

Reporter	lowgitek	Assigned To
Priority	normal	Severity	minor	Reproducibility	always
Status	closed	Resolution	fixed
Product Version	1.3.11

Summary	0001557: Ldap Password got cached
Description	After login for the first time, and the user change his password on Active Directory, the user can't use the new password. The only way is to truncate all the tables on mysql and restart server again. Even after the update the password the user can still use the old password.
Additional Information	SOGoCacheCleanupInterval 5
Tags	No tags attached.

ludovic 2011-12-26 16:47 administrator ~0003194	Read the documentation: http://www.sogo.nu/english/nc/support/faq/article/sogo-caches-my-password-1.html

lowgitek 2011-12-26 16:49 reporter ~0003195	Sorry but I'm already using the parameter as noted: sogod SOGoCacheCleanupInterval 5 Is that all right?

ludovic 2011-12-26 17:22 administrator ~0003196	That means the password will get cached for at least 5 mins. SOGo will not cache the password anywhere else.

lowgitek 2011-12-26 17:50 reporter ~0003197	Yes that was what I supposed to be. I tried to set the parameter to 0, 1 or 5, it just doens't care for it. The only way is to truncate all the tables to get the new password from ldap. Does is it the expected?

lowgitek 2011-12-26 19:23 reporter ~0003198 Last edited: 2011-12-26 19:24	And now a most strange thing now... after change the password and set the value to: SOGoCacheCleanupInterval 1 I rebooted the server and now, I may login with old and new passwords with same username and account. And if I change the password again I can use any of the last passwords.

ludovic 2011-12-29 16:43 administrator ~0003204	Do you have more than one AD servers? Sometimes replication can take a few minutes to carry on with AD. I've just tested here and it works as expected. If you invalidate the memcached cache, you can't login with the old password.

ludovic 2012-02-08 20:02 administrator ~0003389	Reduced severity to minor as no feedback was provided in many weeks.

ludovic 2012-03-16 19:00 administrator ~0003588	No feedback provided, closing.

Date Modified	Username	Field	Change
2011-12-26 16:44	lowgitek	New Issue
2011-12-26 16:47	ludovic	Note Added: 0003194
2011-12-26 16:47	ludovic	Status	new => closed
2011-12-26 16:47	ludovic	Resolution	open => won't fix
2011-12-26 16:49	lowgitek	Note Added: 0003195
2011-12-26 16:49	lowgitek	Status	closed => feedback
2011-12-26 16:49	lowgitek	Resolution	won't fix => reopened
2011-12-26 17:22	ludovic	Note Added: 0003196
2011-12-26 17:22	ludovic	Status	feedback => closed
2011-12-26 17:22	ludovic	Resolution	reopened => won't fix
2011-12-26 17:50	lowgitek	Note Added: 0003197
2011-12-26 17:50	lowgitek	Status	closed => feedback
2011-12-26 17:50	lowgitek	Resolution	won't fix => reopened
2011-12-26 19:23	lowgitek	Note Added: 0003198
2011-12-26 19:24	lowgitek	Note Edited: 0003198
2011-12-29 16:43	ludovic	Note Added: 0003204
2012-02-08 20:02	ludovic	Note Added: 0003389
2012-02-08 20:02	ludovic	Severity	major => minor
2012-03-16 19:00	ludovic	Note Added: 0003588
2012-03-16 19:00	ludovic	Status	feedback => closed
2012-03-16 19:00	ludovic	Resolution	reopened => fixed

View Issue Details

Activities

Issue History