On 26/01/17 11:08, mj wrote:
On 01/24/2017 11:47 AM, Marek Posolda wrote:
> Can you doublecheck this scenario on your side? Are you using latest
> Keycloak master?
So I double checked. We are using 2.5.0, NOT latest master, but it
does NOT work:
As soon as I check "user must change password on next logon", the MSAD
attribute pwdLastSet changes to 0. (that is correct, confirmed with an
However, keycloak tells me: invalid username or password. Removing the
checkbox sets pwdLastSet to -1, and the logon succeeds again.
Searching through jira, I don't see an explanation for the difference
in behaviour between 2.5.0 and 2.5.1. If I can find some time, I'll
try installing 2.5.1, to see if it works there...
There were some changes for the
KEYCLOAK-2333 and KEYCLOAK-4069, which
were related to this. If upgrade to 2.5.1 won't help for you, then could
you enable DEBUG logging for the "org.keycloak.storage.ldap" in
standalone.xml and attach your log?