Re: [keycloak-user] Password expiry policy not working for federated user

Hi All, We are using OpenLDAP. I found out that there is ldap mapper precisely user-account-control-mapper, by adding this LDAP password policy will be respected. on doing this we are getting update password UI, on login. But while updating the password we are getting below error: On update the password: On UI: Could not modify attribute for DN [uid=xxxxxxx,dc=tt,dc=zz,dc=br] On ldap.log we can see below error coming up: conn=1159 op=1 do_modify: get_ctrls failed Please suggest us what are we missing or can correct in our configuration. Thanks & Regards Kapil On Thu, Apr 11, 2019 at 7:32 PM kapil joshi <kapilkumarjoshi001(a)gmail.com&gt; wrote: > Hi All, > > Password expiry policy not working for federated user. We can see that > the password has expired for LDAP user, which was set to 90 days, but user > can still login to UI via keycloak authentication. > > Kindly point us what are we missing. > > Please note we have enabled the switch to sync password policy with > federated user. > > Thanks & regards > > Kapil >