External Authentication Plugin Allows Active Directory Synchronized Accounts to Use Old Password For 60 Mins on Windows Server 2003 SP1 (Doc ID 741638.1)

Last updated on JULY 01, 2016

Applies to:

Oracle Internet Directory - Version 11.1.1 and later
Information in this document applies to any platform.
***Checked for relevance on 30-July-2013***

Symptoms

Oracle Internet Directory and Active Directory (AD) are synchronizing successfully
However, after changing a user password in AD, the External Authentication Plugin allows that user to use both the old and new passwords for next 60 minutes.

This problem occurs with Active Directory (AD) server on Windows Server 2003, and OID 10.1.2.0.2 through 11g.




Changes

Installed Microsoft Windows Server 2003 Service Pack 1 (SP1)

Cause

Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms