using Keycloak, in federated mode with LDAP, I have a problem with creating or changing the user password, if I try to create or change one for an existing user, the application returns the following error message: “Error saving password: Could not modify attribute for DN [CN=strange_username,CN=Users,O=TP,DC=w2019,DC=tp,DC=cbs,DC=com]”
Searching the internet I found articles that attribute the error to the user not being enabled to do this operation like : “… you need to have MSAD User Account Controls mapper enabled. ”
“… It was not enough to delegate the right to change passwords to the LDAP-Proxy-User. He needs also the right to write the field userAccountControl.”
Has anyone already dealt with this problem?