[keycloak-user] Issues with Keycloak and AD

Marek Posolda mposolda at redhat.com
Mon Apr 24 14:30:27 EDT 2017 

The configuration is what I mentioned. You have LDAP provider configured 
with "Sync registration" to "off" and then newly created users in 
Keycloak won't be created to LDAP.

Marek

On 24/04/17 17:37, Nabeel Ahmed wrote:
> is this the default behaviour or we need to do any configurations ?
>
> Regards,
>
> Nabeel Ahmed
> Cell # +92 333 540 5542
>
> On Mon, Apr 24, 2017 at 5:05 PM, Marek Posolda <mposolda at redhat.com 
> <mailto:mposolda at redhat.com>> wrote:
>
>     On 24/04/17 13:58, Nabeel Ahmed wrote:
>>     i have relevant question but different scenario.
>>     If i have configure ldap account with READ_ONLY mode and
>>     registration are off.
>>     Is there a way to create local users? I mean is there anyway to
>>     tell keycloak that it creates user in his database instead in ldap.
>     You mean LDAP provider has edit mode as "READ_ONLY" and "Sync
>     registrations" is off?
>
>     Then yes, any newly created users in Keycloak will be added just
>     to Keycloak DB. Not to LDAP.
>
>     Marek
>
>>
>>     Regards,
>>
>>     Nabeel Ahmed
>>     Cell # +92 333 540 5542
>>
>>     On Fri, Apr 21, 2017 at 6:42 PM, Charles Hardin
>>     <chardin at shadowforge-computing.com
>>     <mailto:chardin at shadowforge-computing.com>> wrote:
>>
>>         2016
>>
>>         On Fri, Apr 21, 2017 at 7:57 AM, Marek Posolda
>>         <mposolda at redhat.com <mailto:mposolda at redhat.com>> wrote:
>>
>>         > I will try to reproduce that. What's your MSAD version btv?
>>         >
>>         > Thanks,
>>         > Marek
>>         >
>>         >
>>         > On 20/04/17 23:55, Charles Hardin wrote:
>>         >
>>         >> Hello All,
>>         >>
>>         >> I have setup an instance of Keycloak 3 and connected it to
>>         AD. It is setup
>>         >> to sync users and is writeable edit mode. I also have
>>         Pasword Policy Hints
>>         >> enabled in the MSAD Account Controls mapper. I have user
>>         registration
>>         >> turned on in Keycloak.
>>         >>
>>         >> When I register a user in keycloak, it creates the user in
>>         a disabled
>>         >> state
>>         >> in AD, and prompts the user in keycloak to change the
>>         password they just
>>         >> set during account creation to activate the account. This
>>         then fails
>>         >> because AD is currently configured to enforce a minimum
>>         password age of
>>         >> one
>>         >> day.
>>         >>
>>         >> I am ok with the account being created disabled, but how
>>         do I get around
>>         >> the immediate 2nd password request?
>>         >>
>>         >> Thanks,
>>         >>
>>         >> Chuck
>>         >> _______________________________________________
>>         >> keycloak-user mailing list
>>         >> keycloak-user at lists.jboss.org
>>         <mailto:keycloak-user at lists.jboss.org>
>>         >> https://lists.jboss.org/mailman/listinfo/keycloak-user
>>         <https://lists.jboss.org/mailman/listinfo/keycloak-user>
>>         >>
>>         >
>>         >
>>         >
>>         _______________________________________________
>>         keycloak-user mailing list
>>         keycloak-user at lists.jboss.org
>>         <mailto:keycloak-user at lists.jboss.org>
>>         https://lists.jboss.org/mailman/listinfo/keycloak-user
>>         <https://lists.jboss.org/mailman/listinfo/keycloak-user>
>>
>>
>
>

More information about the keycloak-user mailing list