[keycloak-user] Keycloak cannot change LDAP user password

Thomas Barcia TBarcia at wfscorp.com
Wed Oct 12 09:59:29 EDT 2016 

It is MS AD and it turns out that the service account didn't have sufficient privileges despite the AD guru telling me multiple times that it did.  I'll look into trace logging for the next hurdle to getting this thing into production.

Thank you.

-----Original Message-----
From: Marek Posolda [mailto:mposolda at redhat.com] 
Sent: Wednesday, October 12, 2016 2:40 AM
To: Thomas Barcia; keycloak-user at lists.jboss.org
Subject: [EXTERNAL]Re: [keycloak-user] Keycloak cannot change LDAP user password 

Which LDAP are you using? Is it MS Active Directory? Typical case is, that there are some password policies on MSAD side, maybe you can try with some more tricky password like "MyPASSwor"!#d154;:@" and see if it helps?

Also you can enable try to enable TRACE logging for "org.keycloak.federation.ldap" category in standalone.xml and see more logging messages in standalone/log/server.log.

Marek

On 11/10/16 22:39, Thomas Barcia wrote:
> FYI, I'm running 2.2.1.Final, using LDAPS and literally created the user, clicked save and tried to change the password after getting the acknowledgement that the save was successful.  I've also gone into previously created users and am unable to modify their passwords either.
>
> Thanks in advance!
>
> -----Original Message-----
> From: keycloak-user-bounces at lists.jboss.org 
> [mailto:keycloak-user-bounces at lists.jboss.org] On Behalf Of Thomas 
> Barcia
> Sent: Tuesday, October 11, 2016 4:32 PM
> To: keycloak-user at lists.jboss.org
> Subject: [EXTERNAL][keycloak-user] Keycloak cannot change LDAP user 
> password
>
> After fighting thru getting Keycloak able to create users, I'm now trying to change an LDAP user's password but the only message I get is on the screen that says "Could not modify attribute for DN" and there are no messages in the logs nor on the console output or in "Events" in the UI.  Can anyone suggest what I may need to change to be able to change LDAP passwords?
>
> Thank you.
> *** This communication has been sent from World Fuel Services Corporation or its subsidiaries or its affiliates for the intended recipient only and may contain proprietary, confidential or privileged information.
> If you are not the intended recipient, any review, disclosure, 
> copying, use, or distribution of the information included in this 
> communication and any attachments is strictly prohibited. If you have 
> received this communication in error, please notify us immediately by 
> replying to this communication and delete the communication, including 
> any attachments, from your computer. Electronic communications sent to 
> or from World Fuel Services Corporation or its subsidiaries or its 
> affiliates may be monitored for quality assurance and compliance 
> purposes.***
>
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
>
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user

More information about the keycloak-user mailing list