[keycloak-user] another small enhancement request for MSAD password mapper
Marek Posolda
mposolda at redhat.com
Thu Jan 26 05:47:14 EST 2017
On 26/01/17 11:08, mj wrote:
> Hi Marek,
>
> On 01/24/2017 11:47 AM, Marek Posolda wrote:
>> Can you doublecheck this scenario on your side? Are you using latest
>> Keycloak master?
>
> So I double checked. We are using 2.5.0, NOT latest master, but it
> does NOT work:
>
> As soon as I check "user must change password on next logon", the MSAD
> attribute pwdLastSet changes to 0. (that is correct, confirmed with an
> ldif)
>
> However, keycloak tells me: invalid username or password. Removing the
> checkbox sets pwdLastSet to -1, and the logon succeeds again.
>
> Searching through jira, I don't see an explanation for the difference
> in behaviour between 2.5.0 and 2.5.1. If I can find some time, I'll
> try installing 2.5.1, to see if it works there...
There were some changes for the KEYCLOAK-2333 and KEYCLOAK-4069, which
were related to this. If upgrade to 2.5.1 won't help for you, then could
you enable DEBUG logging for the "org.keycloak.storage.ldap" in
standalone.xml and attach your log?
Thanks,
Marek
>
> MJ
More information about the keycloak-user
mailing list