We use an Active Directory for portal user authentication (the portal has read access to the Active Directory).
When a user changes his/her password on the Active Directory, the user can still log on to the portal using both the old password and the new password.
Any ideas ?