[keycloak-user] Issues with Keycloak and AD
Nabeel Ahmed
mr.beel at gmail.com
Mon Apr 24 07:58:32 EDT 2017
i have relevant question but different scenario.
If i have configure ldap account with READ_ONLY mode and registration are
off.
Is there a way to create local users? I mean is there anyway to tell
keycloak that it creates user in his database instead in ldap.
Regards,
Nabeel Ahmed
Cell # +92 333 540 5542
On Fri, Apr 21, 2017 at 6:42 PM, Charles Hardin <
chardin at shadowforge-computing.com> wrote:
> 2016
>
> On Fri, Apr 21, 2017 at 7:57 AM, Marek Posolda <mposolda at redhat.com>
> wrote:
>
> > I will try to reproduce that. What's your MSAD version btv?
> >
> > Thanks,
> > Marek
> >
> >
> > On 20/04/17 23:55, Charles Hardin wrote:
> >
> >> Hello All,
> >>
> >> I have setup an instance of Keycloak 3 and connected it to AD. It is
> setup
> >> to sync users and is writeable edit mode. I also have Pasword Policy
> Hints
> >> enabled in the MSAD Account Controls mapper. I have user registration
> >> turned on in Keycloak.
> >>
> >> When I register a user in keycloak, it creates the user in a disabled
> >> state
> >> in AD, and prompts the user in keycloak to change the password they just
> >> set during account creation to activate the account. This then fails
> >> because AD is currently configured to enforce a minimum password age of
> >> one
> >> day.
> >>
> >> I am ok with the account being created disabled, but how do I get around
> >> the immediate 2nd password request?
> >>
> >> Thanks,
> >>
> >> Chuck
> >> _______________________________________________
> >> keycloak-user mailing list
> >> keycloak-user at lists.jboss.org
> >> https://lists.jboss.org/mailman/listinfo/keycloak-user
> >>
> >
> >
> >
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
>
More information about the keycloak-user
mailing list