[keycloak-user] Issues with Keycloak and AD

Marek Posolda mposolda at redhat.com
Mon Apr 24 08:05:15 EDT 2017 

On 24/04/17 13:58, Nabeel Ahmed wrote:
> i have relevant question but different scenario.
> If i have configure ldap account with READ_ONLY mode and registration 
> are off.
> Is there a way to create local users? I mean is there anyway to tell 
> keycloak that it creates user in his database instead in ldap.
You mean LDAP provider has edit mode as "READ_ONLY" and "Sync 
registrations" is off?

Then yes, any newly created users in Keycloak will be added just to 
Keycloak DB. Not to LDAP.

Marek
>
> Regards,
>
> Nabeel Ahmed
> Cell # +92 333 540 5542
>
> On Fri, Apr 21, 2017 at 6:42 PM, Charles Hardin 
> <chardin at shadowforge-computing.com 
> <mailto:chardin at shadowforge-computing.com>> wrote:
>
>     2016
>
>     On Fri, Apr 21, 2017 at 7:57 AM, Marek Posolda
>     <mposolda at redhat.com <mailto:mposolda at redhat.com>> wrote:
>
>     > I will try to reproduce that. What's your MSAD version btv?
>     >
>     > Thanks,
>     > Marek
>     >
>     >
>     > On 20/04/17 23:55, Charles Hardin wrote:
>     >
>     >> Hello All,
>     >>
>     >> I have setup an instance of Keycloak 3 and connected it to AD.
>     It is setup
>     >> to sync users and is writeable edit mode. I also have Pasword
>     Policy Hints
>     >> enabled in the MSAD Account Controls mapper. I have user
>     registration
>     >> turned on in Keycloak.
>     >>
>     >> When I register a user in keycloak, it creates the user in a
>     disabled
>     >> state
>     >> in AD, and prompts the user in keycloak to change the password
>     they just
>     >> set during account creation to activate the account. This then
>     fails
>     >> because AD is currently configured to enforce a minimum
>     password age of
>     >> one
>     >> day.
>     >>
>     >> I am ok with the account being created disabled, but how do I
>     get around
>     >> the immediate 2nd password request?
>     >>
>     >> Thanks,
>     >>
>     >> Chuck
>     >> _______________________________________________
>     >> keycloak-user mailing list
>     >> keycloak-user at lists.jboss.org
>     <mailto:keycloak-user at lists.jboss.org>
>     >> https://lists.jboss.org/mailman/listinfo/keycloak-user
>     <https://lists.jboss.org/mailman/listinfo/keycloak-user>
>     >>
>     >
>     >
>     >
>     _______________________________________________
>     keycloak-user mailing list
>     keycloak-user at lists.jboss.org <mailto:keycloak-user at lists.jboss.org>
>     https://lists.jboss.org/mailman/listinfo/keycloak-user
>     <https://lists.jboss.org/mailman/listinfo/keycloak-user>
>
>

More information about the keycloak-user mailing list