I’ll try to configure keycloak with an AD widows server 2016 as a provider LDAP.
The connexion is ok, i can synchronise all user with the UPN username but i can’t update
the passwords for each user, is is not a question of type of password, but the AD seems
don’t want to update or change the attribute.
2021-06-18 08:03:02,949 DEBUG [org.keycloak.storage.ldap.mappers.msad.MSADUserAccountControlStorageMapper] (default task-77) Failed to update password in Active Directory. Exception message: [LDAP: error code 53 - 0000001F: SvcErr: DSID-031A1254, problem 5003 (WILL_NOT_PERFORM), data 0 ]
I found a post which explains that it’s a problem with the LDAP protocole and we must implement the LDAPS. I don’t know if it’s the problem.