Hi,

I setup a domain to use external AD auth. It seemed that whenever I change the password of an AD user (using AD to change and not Zimbra), I can login using the NEW and the PREVIOUS password. Is this a bug and how can I workaround it?

1.0 Expected behaviour:
.1 Should only allow the latest changed password to login.

2.0 Steps to reproduce:
.1 Create user = tester in AD
.2 Assign e.g. password = abc123
.3 Login via Zimbra Web UI as tester, abc123

.4 Change password ==> cde456 (Do this using AD).
.5 Login via Zimbra Web UI as tester, abc123 [Able to log in!]
.6 Login via Zimbra Web UI as tester, cde456 [Able to log in - expected behaviour]

.7 Change password ==> fgh789 (Do this using AD).
.8 Login via Zimbra Web UI as tester, abc123 [Cannot log in - expected behaviour]
.9 Login via Zimbra Web UI as tester, cde456 [Able to log in!]
.10 Login via Zimbra Web UI as tester, fgh789[Able to log in - expected behaviour]


3.0 Configurations:
.1 zcs 4.0.5 GA 518 (x86)
.2 rhel es 4



thanks for any reply.
James