[keycloak-user] Handling disabled users from LDAP
Marek Posolda
mposolda at redhat.com
Mon Apr 9 15:17:20 EDT 2018
What is your Keycloak version? And what is your LDAP vendor? Is it MSAD?
For MSAD, we have builtin support with the MSAD mapper as long as you
use "userAccountControl" attribute to track if user is enabled/disabled
(which is standard for MSAD environments AFAIK).
Marek
Dne 6.4.2018 v 14:38 Dockendorf, Trey napsal(a):
> Currently we use Keycloak as an IdP tied to our LDAP environment. We are curious how we would go about having Keycloak reject logins from accounts we deem disabled in LDAP. Disabled could be for many reasons, one of which is password expiration. I see I could add a filter to our User Federation for LDAP, but the user would likely just show up as not found and get no kind of “Your account is disabled” message I presume.
>
> Thanks,
> - Trey
>
> --
> Trey Dockendorf
> HPC Systems Engineer
> Ohio Supercomputer Center
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
More information about the keycloak-user
mailing list