here it goes:
I have a java server that has a service that validates users in an AD. While the server is running, an user inputs his user/password information to be validated. When the user changes is password, in AD, while the server is running, the jndi api gives an valid context for the 2 passwords, old and new password. Its lilttle strange.
after the password has been modified, the old password and the new can get an valid Context.
code that i use to initialize the context:
private DirContext getInitialContext(String phostname, int pport, String pusername, String ppassword) throws NamingException
String providerURL = new StringBuffer("ldap://").append(phostname).append(":").append(pport).toString();
Properties props = new Properties();
// props.put("com.sun.jndi.ldap.connect.pool", "true");
if (pusername != null && !pusername.equals(""))
props.put(javax.naming.Context.SECURITY_CREDENTIALS, (ppassword == null ? "" : ppassword));
return new InitialDirContext(props);
if this method returns an Context, then the user is valid.
thanks for any help. :)
so if, after i get the InitialContext , i do a search for the same user is enough get any validity?
i think the problem is that the context its already valid, and all the operations that we do return valid values.
Another info that i get from some tests i do, if we change password 3 times in a row, only with the last 2 passwords i can get a valid context object. Is there any option/parameter that is active to save the last connection or something like that?
i found what is the problem AD saves the oldPasswordValue during a time, the default time is 60 min according to http://support.microsoft.com/?id=906305.
if i do the same java code after the 60 min(AD default time), all goes OK.
thanks for the help, other vision of the problem.