Hi Marek,
On 01/26/2017 11:47 AM, Marek Posolda wrote:
There were some changes for the KEYCLOAK-2333 and KEYCLOAK-4069,
which were related to this. If upgrade to 2.5.1 won't help for you,
then could you enable DEBUG logging for the
"org.keycloak.storage.ldap" in standalone.xml and attach your log?
Tested with 2.5.1,a and the behaviour remains. Debug log tells me:
2017-01-27 09:49:22,664 DEBUG
[org.keycloak.storage.ldap.idm.store.ldap.LDAPOperationManager]
(default task-10) Authentication failed for DN
[CN=username,CN=Users,DC=samba,DC=company,DC=com]:
javax.naming.AuthenticationException: [LDAP: error code 49 - Simple
Bind Failed: NT_STATUS_PASSWORD_MUST_CHANGE]
Could you tell me the domain functional level of your AD environment?
I have the feeling that the behaviour might be different between
different functional levels.
MJ