Re: [keycloak-user] Handling disabled users from LDAP
What is your Keycloak version? And what is your LDAP vendor? Is it MSAD?
For MSAD, we have builtin support with the MSAD mapper as long as you
use "userAccountControl" attribute to track if user is enabled/disabled
(which is standard for MSAD environments AFAIK).
Marek
Dne 6.4.2018 v 14:38 Dockendorf, Trey napsal(a):
Currently we use Keycloak as an IdP tied to our LDAP environment. We
are curious how we would go about having Keycloak reject logins from accounts we deem
disabled in LDAP. Disabled could be for many reasons, one of which is password
expiration. I see I could add a filter to our User Federation for LDAP, but the user
would likely just show up as not found and get no kind of “Your account is disabled”
message I presume.
Thanks,
- Trey
--
Trey Dockendorf
HPC Systems Engineer
Ohio Supercomputer Center
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user