We're using SugarCRM community edition 5.2.0f (Build 5688 running on OpenSuSE 11.1), and have the LDAP stuff set up so that users can log in with their AD credentials by contacting our DC (Server 2008).
We're having an issue with a couple of users; they've recently (a week or so ago) changed their AD passwords, and now can't log in to Sugar. Other users can still do LDAP logins, and if I set the problem users' passwords manually then they can log in too, but LDAP just doesn't want to know about them. I get the following in the log when they try:
Mon Sep 21 16:16:16 2009 [17854][-none-][FATAL] [LDAP ERROR][1]Operations error
Mon Sep 21 16:16:16 2009 [17854][-none-][FATAL] SECURITY: ldapauth: failed LDAP bind (login) by user@domain, could not construct bind_user
Mon Sep 21 16:16:16 2009 [17854][-none-][FATAL] SECURITY: User authentication for user@domain failed
Mon Sep 21 16:16:16 2009 [17854][-none-][FATAL] SECURITY: User authentication for user@domain failed
Mon Sep 21 16:16:16 2009 [17854][-none-][FATAL] FAILED LOGIN:attempts[1] - user@domain
Does anyone have any idea what might be going on here? Are there any restrictions on the allowable password - length, presence of special characters, etc? I know the user's new password ends with a single-quote, which is a SQL delimiter, but I assumed that the login code would correctly escape that.
