[keycloak-user] active directory | change password after first login and account expiration
Marek Posolda
mposolda at redhat.com
Tue Dec 6 04:41:08 EST 2016
We are testing with MSAD as an LDAP server and we use just the LDAP
connection from Keycloak to CRUD users (and other data). I personally
never saw the ADUC tool. It seems it is just something like
user-friendly frontend editory, but the actual user data are saved in
MSAD server, right? So is it using MSAD under the hood?
Few other comments:
- The bug you reported related to email might be already fixed in latest
master. See https://issues.jboss.org/browse/KEYCLOAK-4028 . You can
either re-test with latest master and/or wait for the 2.5.0.CR1
- The dialog like "You need to change your password in X days" - we
don't have any support for it and we don't plan it ATM. However in case
that user authenticates into Keycloak with his MSAD password, which is
already expired, we allow the authentication, but user must immediatelly
change his password (Required action "Update Password" is added to him
and he is then required by Keycloak to update his password. Updated
password is then propagated to MSAD).
Marek
On 06/12/16 10:23, lists wrote:
> Hi,
>
> On 6-12-2016 9:22, Marek Posolda wrote:
>> We are testing with MSAD and that should work. We don't test with ADUC.
>
> I'm not sure I understand... You're testing with MSAD (="Micro Soft
> Active Directory"?) and not ADUC ("Active Directory Users and
> Computers") the default microsoft tool to add/edit users in an active
> directory environment?
>
> MJ
More information about the keycloak-user
mailing list