When the LDAP Bind User changes password in LDAP, other users are locked out until the password is changed in the QuickBuild. The delay depends on whether the LDAP in use is replicated. It also depends on whether the Bind User's account was locked due to forced password changes.

Here is the best case scenario:

1. Bind User changes password in LDAP - users can no longer login to QuickBuild.
2. Bind User immediately logs in to QuickBuild and changes password to match.
3. Users can now login again.

Here is the worst case:

1. Bind User ignores notices that password will expire. Users are required to change their LDAP password every 90 days.
2. Bind User's password is disabled. Users cannot log in to QuickBuild.
3. Someone finally figures it out and yells at Bind User who then resets LDAP password, then synchronizes password in QuickBuild.
4. Now, after a day or so of lockout, users can login again.

Suggestion to fix this is to allow self-binding. Login user is the Bind User. I made this same change to BuildForge and it works fine. I believe that users logging in generally have the same access as the Bind User. Many companies require periodic password changes.