[keycloak-user] Password expiry policy not working for federated user
kapil joshi
kapilkumarjoshi001 at gmail.com
Wed Apr 17 07:13:30 EDT 2019
As i understand, there is no support for OpenLDAP, can we still create
custom mappers and map attributes like pwdLastSet to pwdChangedTime
such that few password policies like password expiry time works. ?
Thanks & Regards
Kapil
On Wed, Apr 17, 2019 at 2:38 PM kapil joshi <kapilkumarjoshi001 at gmail.com>
wrote:
> Hi All,
>
> We are using OpenLDAP.
>
> I found out that there is ldap mapper precisely
> user-account-control-mapper, by adding this LDAP password policy will be
> respected.
> on doing this we are getting update password UI, on login. But while
> updating the password we are getting below error:
>
> On update the password:
>
> On UI: Could not modify attribute for DN [uid=xxxxxxx,dc=tt,dc=zz,dc=br]
>
> On ldap.log we can see below error coming up:
>
> conn=1159 op=1 do_modify: get_ctrls failed
>
>
> Please suggest us what are we missing or can correct in our configuration.
>
>
> Thanks & Regards
>
> Kapil
>
>
>
>
> On Thu, Apr 11, 2019 at 7:32 PM kapil joshi <kapilkumarjoshi001 at gmail.com>
> wrote:
>
>> Hi All,
>>
>> Password expiry policy not working for federated user. We can see that
>> the password has expired for LDAP user, which was set to 90 days, but user
>> can still login to UI via keycloak authentication.
>>
>> Kindly point us what are we missing.
>>
>> Please note we have enabled the switch to sync password policy with
>> federated user.
>>
>> Thanks & regards
>>
>> Kapil
>>
>
More information about the keycloak-user
mailing list