LDAP Exception since update from 13.01 to 16.1.1

MBernsau · February 23, 2022, 11:23am

Hi!

Since we updated out Keycloak environment from 13.0.1 to 16.1.1 last week we’re getting the following exception:

2022-02-23 09:41:20,160 ERROR [org.keycloak.services] (Timer-2) KC-SERVICES0062: Error occurred during sync of changed users: org.keycloak.component.ComponentValidationException: ldapErrorValidatePasswordPolicyAvailableForWritableOnly
	at org.keycloak.keycloak-ldap-federation@16.1.1//org.keycloak.storage.ldap.LDAPStorageProviderFactory.validateConfiguration(LDAPStorageProviderFactory.java:292)
	at org.keycloak.keycloak-model-jpa@16.1.1//org.keycloak.models.jpa.RealmAdapter.updateComponent(RealmAdapter.java:2072)
	at org.keycloak.keycloak-model-infinispan@16.1.1//org.keycloak.models.cache.infinispan.RealmAdapter.updateComponent(RealmAdapter.java:1597)
	at org.keycloak.keycloak-services@16.1.1//org.keycloak.services.managers.UserStorageSyncManager$6.lambda$run$1(UserStorageSyncManager.java:267)
	at java.base/java.util.stream.ForEachOps$ForEachOp$OfRef.accept(ForEachOps.java:183)
	at java.base/java.util.stream.ReferencePipeline$2$1.accept(ReferencePipeline.java:177)
	at java.base/java.util.stream.SortedOps$SizedRefSortingSink.end(SortedOps.java:357)
	at java.base/java.util.stream.Sink$ChainedReference.end(Sink.java:258)
	at java.base/java.util.stream.AbstractPipeline.copyInto(AbstractPipeline.java:485)
	at java.base/java.util.stream.AbstractPipeline.wrapAndCopyInto(AbstractPipeline.java:474)
	at java.base/java.util.stream.ForEachOps$ForEachOp.evaluateSequential(ForEachOps.java:150)
	at java.base/java.util.stream.ForEachOps$ForEachOp$OfRef.evaluateSequential(ForEachOps.java:173)
	at java.base/java.util.stream.AbstractPipeline.evaluate(AbstractPipeline.java:234)
	at java.base/java.util.stream.ReferencePipeline.forEachOrdered(ReferencePipeline.java:502)
	at org.keycloak.keycloak-services@16.1.1//org.keycloak.services.managers.UserStorageSyncManager$6.run(UserStorageSyncManager.java:263)
	at org.keycloak.keycloak-server-spi-private@16.1.1//org.keycloak.models.utils.KeycloakModelUtils.runJobInTransaction(KeycloakModelUtils.java:239)
	at org.keycloak.keycloak-services@16.1.1//org.keycloak.services.managers.UserStorageSyncManager.updateLastSyncInterval(UserStorageSyncManager.java:256)
	at org.keycloak.keycloak-services@16.1.1//org.keycloak.services.managers.UserStorageSyncManager.access$100(UserStorageSyncManager.java:45)
	at org.keycloak.keycloak-services@16.1.1//org.keycloak.services.managers.UserStorageSyncManager$3$1.call(UserStorageSyncManager.java:149)
	at org.keycloak.keycloak-services@16.1.1//org.keycloak.services.managers.UserStorageSyncManager$3$1.call(UserStorageSyncManager.java:143)
	at org.keycloak.keycloak-model-infinispan@16.1.1//org.keycloak.cluster.infinispan.InfinispanClusterProvider.executeIfNotExecuted(InfinispanClusterProvider.java:78)
	at org.keycloak.keycloak-services@16.1.1//org.keycloak.services.managers.UserStorageSyncManager$3.run(UserStorageSyncManager.java:143)
	at org.keycloak.keycloak-server-spi-private@16.1.1//org.keycloak.models.utils.KeycloakModelUtils.runJobInTransaction(KeycloakModelUtils.java:239)
	at org.keycloak.keycloak-services@16.1.1//org.keycloak.services.managers.UserStorageSyncManager.syncChangedUsers(UserStorageSyncManager.java:133)
	at org.keycloak.keycloak-services@16.1.1//org.keycloak.services.managers.UserStorageSyncManager$5.run(UserStorageSyncManager.java:219)
	at org.keycloak.keycloak-services@16.1.1//org.keycloak.timer.basic.BasicTimerProvider$1.run(BasicTimerProvider.java:53)
	at java.base/java.util.TimerThread.mainLoop(Timer.java:556)
	at java.base/java.util.TimerThread.run(Timer.java:506)

I’m not seeing any errors on the LDAP side.

I’ve no idea how to fix this. It would be great if someone could give me a hint or advice.

Thanks in advance.

regards
Manuel

dasniko · February 23, 2022, 11:50am

Are you still using Java 8?
I read a lot errors about KC16 + LDAP + Java 8, may be upgrading to Java 11 helps (if you are still on 8)

MBernsau · February 28, 2022, 1:43pm

No we’re using Java 11.

Also we found the solution:
When you have Read Only LDAP Federations into a realm and the checkbox for “Validate Password Policy” checked you get the error.

Topic		Replies	Views
Error on LDAP user federation - Test authentication on version v16.1.1 Configuring the server user-federation	1	1247	February 10, 2022
Problem with ldap sync with error, try to debug Configuring the server	0	688	October 27, 2021
Group-ldap-mapper: Uncaught server error: java.lang.NullPointerException Configuring the server user-federation , ldap	2	1702	July 21, 2021
Keycloak error test user authentication	0	603	February 24, 2020
User Federation - synchronize all users Configuring the server ldap	4	7059	March 3, 2021

LDAP Exception since update from 13.01 to 16.1.1

Related Topics