Openfire caches and uses outdated LDAP password for authentication
It seems that Openfire uses a cache or OFUSER instead of trying to query LDAP when a user tries to authenticate. That's fine for a good login performance but bad when the LDAP password is changed.
I recommend to disable the cache completely (or to set the timeout to a low value which makes the cache useless). So one improves security as the password are no longer stored in Openfire.
Another option would be to use the cache only when LDAP is not available but I do not like it because of the password security.
Openfire + LDAP
No responses to my query last year, closing. Can reopen if somebody has a current reproducer.
Anybody on this ticket able to comment if this is still valid with current release (3.10.2)?
version 3.8.2 "ldap.authCache.enabled" System Property doesn't help.
I have the same problem any solution???? thank you
I think the LDAP cache can be switched on or off via the "ldap.authCache.enabled" System Property - does this help?