DS Version 1.2 build 730.

- User XX has password of 'pwd' in directory and in Exchange account configuration on mobile device and the device is syncing fine.
- User XX has his password temporarily set to 'newpwd'.
- Device fails next sync attempt as stored password on the device doesn't match directory. This is as expected.
- Wait about 10 minutes.
- Re-set User XX's password to the original password of 'pwd' in the LDAP directory.
- User's device which has always had password set to 'pwd' in Exchange account configuration on mobile device continues to fail sync with an Authentication error.
- If user changes saved password in device configuration, saves, tries to sync (which will fail), then changes password back, device will start syncing again.

Why is this?

It seems that once the DS server verifies that the device is supplying the wrong password for a period of 10 minutes, then all subsequent attempts with the same password will fail because the DS Server doesn't even try to authenticate the user because it "knows" the password won't work anyway so why even try.

Log entries to back up this theory:

2012-03-22 14:29:30.521 DEBUG_VERBOSE [CP WSGIServer Thread-21] [DeviceInterface:1191] [userID:] [eventID:] [objectID:] [] !!!AUTHDATA - same wrong password
2012-03-22 14:29:30.521 DEBUG_VERBOSE [CP WSGIServer Thread-21] [DeviceInterface:1069] [userID:XX] [eventID:] [objectID:] [Server] Auth time = 0.00 seconds
2012-03-22 14:29:30.521 DEBUG_VERBOSE [CP WSGIServer Thread-21] [DeviceInterface:1071] [userID:] [eventID:] [objectID:] [Server] Failed to Authenticate user XX
...
[these log entries repeated for however many times the user tries to sync]

Can this behavior be changed so that the DS server will always hit the LDAP server to try and auth the user?

Thanks,

-jim

Jim Harfst
Information Technology Services
Mississippi State University