cancel
Showing results for 
Search instead for 
Did you mean: 

Changing Passwords in AD

Former Member
0 Kudos

At our company we connect to MII 11.5 using our network domain's credentials. Our policy is every 90 days we have to change our password for security reasons. After people change their password, they are usually locked out of MII for about 24 hours or so. Now, I am seeing more and more people locked out for 3 - 5 days at a time. Then miraculously their new password works on MII. I spoke with our IT Security personnel and finds it odd that Active Directory allows OLD and NEW passwords for 24 hours, but MII does not allow EITHER. He is scratching his head and I need to know which direction I need to go to solve this nuisance.

Accepted Solutions (0)

Answers (1)

Answers (1)

jcgood25
Active Contributor
0 Kudos

Is the LDAP pointer in LHSecurity the same as the primary network? Assuming the user only has 1 actual password at a time, unless there is some sort of LDAP replication going on where MII points to a backup LDAP system I would think that MII would only ever work with the most recent password.

Check the LHSecurity logs for any potentially revealing messages.

Former Member
0 Kudos

I am in the process of emailing IT Security the LDAP logs. Can you interpret what this log means?

2008-10-17 13:52:57,454 FATAL LdapLoginModule javax.naming.AuthenticationException: [LDAP: error code 49 - 80090308: LdapErr: DSID-0C090334, comment: AcceptSecurityContext error, data 52e, vece]

2008-10-17 13:48:10,155 WARN Login Invalid username or password

2008-10-17 13:48:10,155 ERROR JAASHandler Could not authenticate javax.security.auth.login.LoginException: Could not login into LDAP System at com.lighthammer.cas.authentication.security.spi.LdapLoginModule.doAuthenticate(LdapLoginModule.java:159) at com.lighthammer.cas.authentication.security.spi.AbstractLoginModule.login(AbstractLoginModule.java:123) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) at java.lang.reflect.Method.invoke(Method.java:324) at com.lighthammer.cas.authentication.security.spi.LHLoginContext.invoke(LHLoginContext.java:572) at com.lighthammer.cas.authentication.security.spi.LHLoginContext.access$000(LHLoginContext.java:32) at com.lighthammer.cas.authentication.security.spi.LHLoginContext$4.run(LHLoginContext.java:507) at java.security.AccessController.doPrivileged(Native Method) at com.lighthammer.cas.authentication.security.spi.LHLoginContext.invokeModule(LHLoginContext.java:504) at com.lighthammer.cas.authentication.security.spi.LHLoginContext.login(LHLoginContext.java:431) at com.lighthammer.cas.authentication.handler.JAASHandler.authenticate(JAASHandler.java:43) at com.lighthammer.cas.gui.servlet.Login.service(Login.java:206) at javax.servlet.http.HttpServlet.service(HttpServlet.java:856) at com.newatlanta.servletexec.SERequestDispatcher.forwardServlet(SERequestDispatcher.java:638) at com.newatlanta.servletexec.SERequestDispatcher.forward(SERequestDispatcher.java:236) at com.newatlanta.servletexec.SERequestDispatcher.internalForward(SERequestDispatcher.java:283) at com.newatlanta.servletexec.ApplicationInfo.processApplRequest(ApplicationInfo.java:1846) at com.newatlanta.servletexec.ServerHostInfo.processApplRequest(ServerHostInfo.java:937) at com.newatlanta.servletexec.ServletExec.ProcessRequest(ServletExec.java:1091) at com.newatlanta.servletexec.ServletExec.ProcessRequest(ServletExec.java:973) at com.newatlanta.servletexec.ServletExecService.processServletRequest(ServletExecService.java:167) at com.newatlanta.servletexec.ServletExecService.Run(ServletExecService.java:204) at com.newatlanta.servletexec.HttpServerRequest.run(HttpServerRequest.java:487)

2008-10-17 13:48:10,155 FATAL LdapLoginModule javax.naming.AuthenticationException: [LDAP: error code 49 - 80090308: LdapErr: DSID-0C090334, comment: AcceptSecurityContext error, data 52e, vece]

2008-10-17 13:47:08,530 ERROR RetrieveResults javax.naming.CommunicationException: connection closed [Root exception is java.io.IOException: connection closed]; remaining name 'OU=Cleveland,dc=na,dc=corp,dc=le'

2008-10-17 13:46:44,046