[keycloak-user] Keycloak, Samba, and ldap password modify extended operation (RFC3062)
Gary Kennedy
gary at apnic.net
Mon Aug 12 01:31:52 EDT 2019
Someone has installed the smbk5pwd module into our ldap system used by our Keycloak instance. They wish to share the ldap service with another system that needs the samba password hash attributes. Unfortunately this means I now need keycloak to perform the ldap v3 password modify extended operation.
I've hacked this into our current user federation provider (which apparently extends the in-built ldap one), by having the provider implement `CredentialInputUpdater`, and everything is working within the realms of our tests.
What I am interested in, is if there is already usable work out there in having Keycloak use the password modify extended operation? and/or how other people have integrated similar requirements (ldap password modify extended operation, or samba/extra password hashes in ldap) - without extending too much of Keycloak (I was sooo close to removing our custom user federation provider) :p
Cheers,
Gary
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3492 bytes
Desc: not available
Url : http://lists.jboss.org/pipermail/keycloak-user/attachments/20190812/9e0a0f46/attachment.bin
More information about the keycloak-user
mailing list