From b325933195a3c7b1af504170a5a4bae389f1cc15 Mon Sep 17 00:00:00 2001 From: gerardma77 <115136373+gerardma77@users.noreply.github.com> Date: Wed, 18 Sep 2024 17:32:50 +0200 Subject: [PATCH 1/3] adding_OldPasswordAllowedPeriod_waring --- website/content/docs/secrets/ldap.mdx | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/website/content/docs/secrets/ldap.mdx b/website/content/docs/secrets/ldap.mdx index 5ac9b4aa9042..1597cb7e2fa4 100644 --- a/website/content/docs/secrets/ldap.mdx +++ b/website/content/docs/secrets/ldap.mdx @@ -199,6 +199,10 @@ Some important things to remember when crafting your LDIF entries: ### Active directory (AD) +-> Note: Active Directory might allow old passwords to be used for authentication during a certain amount of time. +This is refered to as `lifetime period of an old password`, this setting is configurable on the Windows Servers hosting Active Directory. +For more information refer to the following Microsoft [guide](https://learn.microsoft.com/en-us/troubleshoot/windows-server/windows-security/new-setting-modifies-ntlm-network-authentication) + For Active Directory, there are a few additional details that are important to remember: To create a user programmatically in AD, you first `add` a user object and then `modify` that user to provide a From 28b957387603b8d99184cd9ee98420c94fb66648 Mon Sep 17 00:00:00 2001 From: Equus quagga Date: Thu, 19 Sep 2024 10:07:26 +0200 Subject: [PATCH 2/3] Updated note for AD passwords --- website/content/docs/secrets/ldap.mdx | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/website/content/docs/secrets/ldap.mdx b/website/content/docs/secrets/ldap.mdx index 1597cb7e2fa4..000be7f61204 100644 --- a/website/content/docs/secrets/ldap.mdx +++ b/website/content/docs/secrets/ldap.mdx @@ -200,7 +200,7 @@ Some important things to remember when crafting your LDIF entries: ### Active directory (AD) -> Note: Active Directory might allow old passwords to be used for authentication during a certain amount of time. -This is refered to as `lifetime period of an old password`, this setting is configurable on the Windows Servers hosting Active Directory. +This is refered to as the `lifetime period of an old password`, this setting is configurable on the Windows Servers hosting Active Directory. For more information refer to the following Microsoft [guide](https://learn.microsoft.com/en-us/troubleshoot/windows-server/windows-security/new-setting-modifies-ntlm-network-authentication) For Active Directory, there are a few additional details that are important to remember: From bf0e8fa1b4f978db8852f684fa1fcc0845a9eab0 Mon Sep 17 00:00:00 2001 From: gerardma77 <115136373+gerardma77@users.noreply.github.com> Date: Thu, 19 Sep 2024 20:19:49 +0200 Subject: [PATCH 3/3] Update website/content/docs/secrets/ldap.mdx Co-authored-by: Sarah Chavis <62406755+schavis@users.noreply.github.com> --- website/content/docs/secrets/ldap.mdx | 14 +++++++++++--- 1 file changed, 11 insertions(+), 3 deletions(-) diff --git a/website/content/docs/secrets/ldap.mdx b/website/content/docs/secrets/ldap.mdx index 000be7f61204..114d513fdb9e 100644 --- a/website/content/docs/secrets/ldap.mdx +++ b/website/content/docs/secrets/ldap.mdx @@ -199,9 +199,17 @@ Some important things to remember when crafting your LDIF entries: ### Active directory (AD) --> Note: Active Directory might allow old passwords to be used for authentication during a certain amount of time. -This is refered to as the `lifetime period of an old password`, this setting is configurable on the Windows Servers hosting Active Directory. -For more information refer to the following Microsoft [guide](https://learn.microsoft.com/en-us/troubleshoot/windows-server/windows-security/new-setting-modifies-ntlm-network-authentication) + + + Windows Servers hosting Active Directory include a + `lifetime period of an old password` configuration setting that lets clients + authenticate with old passwords for a specified amount of time. + + For more information, refer to the + [NTLM network authentication behavior](https://learn.microsoft.com/en-us/troubleshoot/windows-server/windows-security new-setting-modifies-ntlm-network-authentication) + guide by Microsoft. + + For Active Directory, there are a few additional details that are important to remember: