Password Expiry for LDAP users

I’m trying to configure password expiry in Keyloack. But my data source is LDAP. Is it possible to configure password expiry for federated data sources like LDAP?

I haven’t tested it, but I think yes since the data is provisioned from and to keycloak. I will test it locally and get back to you.

@keaz

1 Like

I would say no, or maybe you can implement some custom provider that will do password check but I think it is not possible by default. When you implement custom user federation, you have to do it manually because method isValid is calling external service for password check.
Let’s see what @lamoboos223 says after testing.

1 Like

I’m sorry @keaz I couldn’t manage to pull it off.

A quick look into the source code will you, that the password policies are not taken into account when validating the password. Only during update of a password and if you enabled the usage of Keycloak password policies in your LDAP config.

1 Like

Thank you all for the response. I created a custom authenticator for this. For now, this is working for direct grant flow and I’m trying to get this to work for Browser flow.

1 Like