1:30 p.m.
The configuration is what I mentioned. You have LDAP provider configured
with "Sync registration" to "off" and then newly created users in
Keycloak won't be created to LDAP.
Marek
On 24/04/17 17:37, Nabeel Ahmed wrote:
is this the default behaviour or we need to do any configurations ?
Regards,
Nabeel Ahmed
Cell # +92 333 540 5542
On Mon, Apr 24, 2017 at 5:05 PM, Marek Posolda <mposolda(a)redhat.com
<mailto:mposolda@redhat.com>> wrote:
On 24/04/17 13:58, Nabeel Ahmed wrote:
> i have relevant question but different scenario.
> If i have configure ldap account with READ_ONLY mode and
> registration are off.
> Is there a way to create local users? I mean is there anyway to
> tell keycloak that it creates user in his database instead in ldap.
You mean LDAP provider has edit mode as "READ_ONLY" and "Sync
registrations" is off?
Then yes, any newly created users in Keycloak will be added just
to Keycloak DB. Not to LDAP.
Marek
>
> Regards,
>
> Nabeel Ahmed
> Cell # +92 333 540 5542
>
> On Fri, Apr 21, 2017 at 6:42 PM, Charles Hardin
> <chardin(a)shadowforge-computing.com
> <mailto:chardin@shadowforge-computing.com>> wrote:
>
> 2016
>
> On Fri, Apr 21, 2017 at 7:57 AM, Marek Posolda
> <mposolda(a)redhat.com <mailto:mposolda@redhat.com>> wrote:
>
> > I will try to reproduce that. What's your MSAD version btv?
> >
> > Thanks,
> > Marek
> >
> >
> > On 20/04/17 23:55, Charles Hardin wrote:
> >
> >> Hello All,
> >>
> >> I have setup an instance of Keycloak 3 and connected it to
> AD. It is setup
> >> to sync users and is writeable edit mode. I also have
> Pasword Policy Hints
> >> enabled in the MSAD Account Controls mapper. I have user
> registration
> >> turned on in Keycloak.
> >>
> >> When I register a user in keycloak, it creates the user in
> a disabled
> >> state
> >> in AD, and prompts the user in keycloak to change the
> password they just
> >> set during account creation to activate the account. This
> then fails
> >> because AD is currently configured to enforce a minimum
> password age of
> >> one
> >> day.
> >>
> >> I am ok with the account being created disabled, but how
> do I get around
> >> the immediate 2nd password request?
> >>
> >> Thanks,
> >>
> >> Chuck
> >> _______________________________________________
> >> keycloak-user mailing list
> >> keycloak-user(a)lists.jboss.org
> <mailto:keycloak-user@lists.jboss.org>
> >> https://lists.jboss.org/mailman/listinfo/keycloak-user
> <https://lists.jboss.org/mailman/listinfo/keycloak-user>
> >>
> >
> >
> >
> _______________________________________________
> keycloak-user mailing list
> keycloak-user(a)lists.jboss.org
> <mailto:keycloak-user@lists.jboss.org>
> https://lists.jboss.org/mailman/listinfo/keycloak-user
> <https://lists.jboss.org/mailman/listinfo/keycloak-user>
>
>