[keycloak-user] another small enhancement request for MSAD password mapper
mj
lists at merit.unu.edu
Fri Jan 27 04:09:31 EST 2017
Hi Marek,
On 01/26/2017 11:47 AM, Marek Posolda wrote:
> There were some changes for the KEYCLOAK-2333 and KEYCLOAK-4069,
> which were related to this. If upgrade to 2.5.1 won't help for you,
> then could you enable DEBUG logging for the
> "org.keycloak.storage.ldap" in standalone.xml and attach your log?
Tested with 2.5.1,a and the behaviour remains. Debug log tells me:
> 2017-01-27 09:49:22,664 DEBUG
> [org.keycloak.storage.ldap.idm.store.ldap.LDAPOperationManager]
> (default task-10) Authentication failed for DN
> [CN=username,CN=Users,DC=samba,DC=company,DC=com]:
> javax.naming.AuthenticationException: [LDAP: error code 49 - Simple
> Bind Failed: NT_STATUS_PASSWORD_MUST_CHANGE]
Could you tell me the domain functional level of your AD environment?
I have the feeling that the behaviour might be different between
different functional levels.
MJ
More information about the keycloak-user
mailing list