1
17.1 Legacy Series / LDAP Authentication
« on: February 23, 2017, 10:32:29 pm »
I just finished setting up LDAP which so far is flaky at best. The first major thing I notice is that it is fully manual. although it binds to users, I still have to manually add each user rather than it monitoring or checking a user against a security group membership for permissions.
The second thing I notice that is a major concern is that all the information it uses seems to be cached. I am able to import a user and login, but if I disable the user in AD afterwards, they can still login without issues. I changed the password for one of these users and was able to login using the new password as well as the old interchangeably, another major security concern.
Is there a way to clean this functionality up or should I just disable all LDAP based access on the system?
The second thing I notice that is a major concern is that all the information it uses seems to be cached. I am able to import a user and login, but if I disable the user in AD afterwards, they can still login without issues. I changed the password for one of these users and was able to login using the new password as well as the old interchangeably, another major security concern.
Is there a way to clean this functionality up or should I just disable all LDAP based access on the system?