Hi,
We configured a writeable federated ldap (AD) provider. Needs to be
writeable, because we use the keycloak password change function.
Now, in case a user doesn't remember his password, we can use the
"Credential Reset" function, which sends a password reset email to the
LDAP email address.
However, since the user doesn't remember his password, he will not be
able to access the reset email... Chicken and egg situtation...
So we can change the email address in keycloak temporarily, but that
will also change the email in AD LDAP (since it's writeable) which
causes many problems in other ldap-connected applications.
So: Is there a way to send the password reset email to a 'secondary'
email address? Perhaps an address we can manually enter at the moment a
user requests the password reset (using a popup?), or is there a
secondary password field for a user in keycloak? (perhaps importable
from ldap, as we keep secondary emails there as well)
Best regards,
MJ
Show replies by date