Hello all,
I am currently using Moodle 2.4.4+ (Build: 20130614) on a WIMP platform of Windows Server 2008 R2 Datacenter, IIS 7.5, MySQL 5.5.24, PHP 5.5.7 with Microsoft AD serving as our LDAP platform.
Everything has appeared to be working perfectly with regards to our LDAP authentication until recently. I am getting reports from users with the following scenario;
User logs into Moodle and has authenticated successfully sometime in the past 42 days(Timeframe of password change requests). Users password expires, user changes password and is able to login into other systems successfully (i.e Windows). User tries to login to Moodle using new password(Timeframe has been greater than 5 days meaning users have rebooted or logged off several times before trying Moodle with new PW), is unsuccessful, gets the message they have exceeded their allotted login attempts, LDAP(Active Directory)shows that the account is not locked. I can see the DC they get the bad pw count from is the one we set for Moodle.
I am at a loss as I have been unable to replicate this but I am starting to see it more and more. Is it possible that LDAP is caching the old password somewhere? Any suggestions on how to resolve this would be most appreciated. Thanks.
Scott