AD/LDAP authentification doesn't work anymore after user AD pwds have been changed

[mariusmotoc]

hello every one,

I have the following problem:

On a Linux box I put my SugarCRM Version 5.0.0e (Build 3276) and configured to use an AD/LDAP authentification. All worked just fine for 2-3 months.
Last week my sequrity policy on AD server forced users to change passwords for their AD accounts.
since then the AD/LDAP authentification doesen't work anymore.

Auto Create Users: is checked

I can only think that at the moment the new user is created in SugarCRM DB it meomrises the username and the first password for any user. When the password is changed in AD for the user account their is a problem... Sugar doesen't know what is the password for the user.

I tried for the account the old AD password, the new AD password, but the same error appeared : Invalid credentials.

The other test I made was the following:
I changed manually in Sugar the password for my user. I used the new password for the user and it worked. This is not a good solution in my oppinion... I don't want to manually change the passwords for al users and after that tell them the passwords..... so I am asking for your help to solve this issue.

If you need any other supplimentary settings configuration from me I'll provide them to you.

My regards,
Marius Motoc

thank you for any piece of idea.

[kuske]

Sugar does not memorize the AD passwords.
So if the password is changed in AD, Sugar needs automatically the new password.
Perhaps your administrators password does not work anymore? (see system Settings - LDAP support)

The authetification mechanism is a little bit funny, I agree, if Sugar cannot login in AD, it tries the original Sugar authentification and checks the password against the md5 encrypted own password.
This is done in module /modules/Users/authentification/SugarAuthenticate/SugarAutheticateUser.php in functionauthenticateUser.
If you want to forbid this just write a
return '';
at the beginning of the function.