[keycloak-user] Password expiry policy not working for federated user
kapil joshi
kapilkumarjoshi001 at gmail.com
Wed Apr 17 05:08:35 EDT 2019
Hi All,
We are using OpenLDAP.
I found out that there is ldap mapper precisely
user-account-control-mapper, by adding this LDAP password policy will be
respected.
on doing this we are getting update password UI, on login. But while
updating the password we are getting below error:
On update the password:
On UI: Could not modify attribute for DN [uid=xxxxxxx,dc=tt,dc=zz,dc=br]
On ldap.log we can see below error coming up:
conn=1159 op=1 do_modify: get_ctrls failed
Please suggest us what are we missing or can correct in our configuration.
Thanks & Regards
Kapil
On Thu, Apr 11, 2019 at 7:32 PM kapil joshi <kapilkumarjoshi001 at gmail.com>
wrote:
> Hi All,
>
> Password expiry policy not working for federated user. We can see that the
> password has expired for LDAP user, which was set to 90 days, but user can
> still login to UI via keycloak authentication.
>
> Kindly point us what are we missing.
>
> Please note we have enabled the switch to sync password policy with
> federated user.
>
> Thanks & regards
>
> Kapil
>
More information about the keycloak-user
mailing list