Microsoft KB Archive/261148

= Password Changes Take Ten Minutes to Become Effective =

Article ID: 261148

Article Last Modified on 7/28/2003

-

APPLIES TO


 * Microsoft Site Server 3.0 Standard Edition

-



This article was previously published under Q261148



SYMPTOMS
When a user's password is changed in a Site Server Membership database, the user cannot use the new password for ten minutes.



CAUSE
The Active User Object (AUO) maintains a cache of Membership directory information and updates the directory every 10 minutes by default.



RESOLUTION
To force a cache update for a particular user, you need to use the IssueRecentChangesCookie method after you make any modifications. For more information on this method, refer to the Site Server online documentation or the Site Server Software Development Kit (SDK).



MORE INFORMATION
Lightweight Directory Access Protocol (LDAP) caches everything for 10 minutes. To make the AUO instance see this, you need to add specific code to the password change form that gives the user a cookie. The cookie tells the server that changes have been made and to ignore the cached data. This only works if the clients are doing Web-based actions that require authentication to the LDAP service.

The code resembles the following: <% On Error Resume Next ' Create the AUO. ' *******************   Set objAUO = Server.CreateObject(&quot;Membership.UserObjects.1&quot;) If Err.Number <> 0 Then Response.Write &quot;Unable to create the AUO.&quot; Response.End End If

strMember = objAUO.cn  ' Create the VerifUsr object. ' ******************  Set objVerif = Server.CreateObject(&quot;Membership.VerifUsr.1&quot;) If Err.Number <> 0 Then Response.Write &quot;Unable to create the Verif object.&quot; Response.End End If

' Issue the MemRightsChanged Cookie. ' *******************  objVerif.IssueRecentChangesCookie(strMember) %> Note This code may not operate reliably in a Web farm. If multiple LDAP servers are present, each LDAP server contains a cache of the membership database. This code only results in a refresh of the user data in question for a single LDAP server instance.

If you access the membership directory with something other than Web-based use (such as an SMTP connection) that requires authentication against the LDAP instance, you need to disable the cache. To do this, save the following code in a Microsoft Visual Basic Scripting Edition (.vbs) file, then execute it by using Cscript.exe. Set objcreator = CreateObject(&quot;ObjCreator.ObjCreator.1&quot;) Set config = objcreator.CreateObjAuth(&quot;memadmin.brokConfig&quot;) Call config.getconfig(2) Config.lCacheTimeout = 0 Call config.setconfig NOTE: The number that is indicated for the config.getconfig(#) line should equal the number for the BrokerService Instance in the metabase. To find the instance for your BrokerService, execute the following code from a command prompt on your LDAP server: Pmadmin List Instance WARNING: Running the above VBScript file disables caching for your Broker service on the specified instance. This may result in less than optimal performance.

Keywords: kbprb KB261148

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© Microsoft Corporation. All rights reserved.