[keycloak-user] another small enhancement request for MSAD password mapper
mj
lists at merit.unu.edu
Fri Jan 27 04:58:58 EST 2017
Hi Marek,
So, I found out a bit more. It seems that there is a difference between
samba, and a real AD.
The Errorcode is the same (49), but the additional information is NOT
exactly the same. Please compare:
Samba4:
Enter LDAP Password:
ldap_bind: Invalid credentials (49)
additional info: Simple Bind Failed: NT_STATUS_PASSWORD_MUST_CHANGE
MSAD
Enter LDAP Password:
ldap_bind: Invalid credentials (49)
additional info: 80090308: LdapErr: DSID-0C0903A9, comment:
AcceptSecurityContext error, data 773, v1db1
There is a samba bugreport about this here:
https://bugzilla.samba.org/show_bug.cgi?id=9048
However, if keycloak would rely only on the Errorcode 49, password would
work with _both_ samba and MSAD.
Would it be possible to change keycloak like that?
MJ
More information about the keycloak-user
mailing list