Please excuse me for the delay.
I investigated the issue further and here's what I found out:
Ldap users are handled in out LdapMembership provider, which is read-only - you can't change any properties of the users through it. It simply pulls users from your AD. The password of the user is not stored anywhere, nor it can be changed from somewhere in Sitefinity. On your question - what is the functionality of the Reset password button, I would say - it doesn't work for Ldap users, because we don't store the password anywhere (as mentioned before). Furthermore, the ChangePassword method of the provider is configured to raise a NotSupportedException.
What happens when the users logs in is that ValidateUser method is called, then the AuthenticateUser method of Ldapfacade. What happens is that A Network connection is opened and the Ldap credentials are passed to it. If the credentials are not correct, a connection can't be established. Then the code goes to some generic system classes. User credentials are not cached on Sitefinity level. Possible reasons for what you experience is authentication cookies, that weren't deleted, because you changed the password of the user, while he was logged in to the server. Another possible reason is if you're using an Ldap forest, the password that you changed may not have been updated on all nodes and when you tried to log in with the old password again, you were redirected to a node, where the new password still hasn't been applied. These are just possible reasons for the behavior. In short, we don't have mechanism in Sitefinity that stores the user credentials of caches them.
Hope you find this information useful!
the Telerik team
Do you want to have your say in the Sitefinity development roadmap? Do you want to know when a feature you requested is added or when a bug fixed? Explore the Telerik Public Issue Tracking
system and vote to affect the priority of the items