We are using LDAP for user authentification in Moodle, and I'm aware that there is an admin setting ("preventpassindb") that allows caching of passwords in Moodle, which would actually be the default setting.
If I understand this correctly, having the LDAP passwords cached would allow users to log into Moodle even when the LDAP server is not available, right?
Unfortunately, a security audit of our IT infrastructure a few years back told us that caching all our LDAP passwords on the Moodle server is a security issue, and since then we disabled this, setting preventpassindb to YES.
How do other sites handle this? Is it even any security problem at all to have the LDAP passwords cached?