Old and New Password Working with LDAP

Hello Everyone,

First off I’‘d like to say I love wildfire server. It’‘s by far the best Jabber implementation I’'ve worked with to date. Now onto my question.

I have my jabber server setup with LDAP integration to a Windows 2003 AD Server. Authentication against the server appears to work fine however if I reset a users password they can then login with both the old password and the new password. I’'ve tried clearing the cache as well as resetting the server.

Does anyone know why this is happening and how to correct it?

Thank you

Without looking into it, it sounds like the LDAP server is allowing logins with either password. I know I can make OpenLDAP users have multiple passwords (and often do for testing). But I cant imagine AD doing that by default. Do you have any other utilities that are using LDAP authentication you can verify with?