i’ve noticed an issue in our RC-Instance about the authentication process with LDAP-Directory/Active-Directory.
- Disabled or deleted User in LDAP are still able to logon in RC and be not deleted in RC
- If a LDAP-User change the password the user ist still able to logon with the old password
I’ve read some comments on github. There the deactivation of LDAP-Fallback was suggested. Unfortunately this also disables the possibility of local logins. However, this functionality is very important in case of error.
We are runnig RC 0.74.3. and the issus seem to persist. Is there any information as to whether the mentioned issues will be fixed in upcoming releases?