On 26/01/17 11:08, mj wrote:
Hi Marek,
On 01/24/2017 11:47 AM, Marek Posolda wrote:
> Can you doublecheck this scenario on your side? Are you using latest
> Keycloak master?
So I double checked. We are using 2.5.0, NOT latest master, but it
does NOT work:
As soon as I check "user must change password on next logon", the MSAD
attribute pwdLastSet changes to 0. (that is correct, confirmed with an
ldif)
However, keycloak tells me: invalid username or password. Removing the
checkbox sets pwdLastSet to -1, and the logon succeeds again.
Searching through jira, I don't see an explanation for the difference
in behaviour between 2.5.0 and 2.5.1. If I can find some time, I'll
try installing 2.5.1, to see if it works there...
There were some changes for the
KEYCLOAK-2333 and KEYCLOAK-4069, which
were related to this. If upgrade to 2.5.1 won't help for you, then could
you enable DEBUG logging for the "org.keycloak.storage.ldap" in
standalone.xml and attach your log?
Thanks,
Marek
MJ