Keycloak update password AD

thiebaut · June 18, 2021, 8:15am

Hey,

I’ll try to configure keycloak with an AD widows server 2016 as a provider LDAP.
The connexion is ok, i can synchronise all user with the UPN username but i can’t update
the passwords for each user, is is not a question of type of password, but the AD seems
don’t want to update or change the attribute.
2021-06-18 08:03:02,949 DEBUG [org.keycloak.storage.ldap.mappers.msad.MSADUserAccountControlStorageMapper] (default task-77) Failed to update password in Active Directory. Exception message: [LDAP: error code 53 - 0000001F: SvcErr: DSID-031A1254, problem 5003 (WILL_NOT_PERFORM), data 0 ]

I found a post which explains that it’s a problem with the LDAP protocole and we must implement the LDAPS. I don’t know if it’s the problem.

Olivier

klepptor · July 9, 2021, 8:56am

Hi @thiebaut

I had the same problem.

Maybe this helps:

So I finally managed the LDAPS connection problems. The official documentation is too much for my simple usecase. And I messed up the rights for the ldaps user…

Topic		Replies	Views
Cannot Update password from Keycloak	0	770	August 31, 2021
Use Keycloak as IAM Getting advice ldap	0	489	June 17, 2021
Error=password_rejected, reason='Could not modify attribute for DN Securing applications authentication	14	9899	February 21, 2023
What Ad permissions does the LDAP bind user really need Configuring the server user-federation , ldap	0	1257	May 9, 2023
Active Directory user password change: Keycloak accepts both old and new password Configuring the server	2	2998	November 9, 2020

Keycloak update password AD

Related topics