Jonatan Zint via FreeIPA-users wrote:
Hey rob,
thanks for quick reply. Am I doing something utterly stupid? Usually I
use ADS for ldap adminstration, I confirmed i use cn=Directory Manager
for connection, and I am not able to find
cn=ipa_pwd_extop,cn=plugins,cn=config .
Same with ldapsearch:
ldapsearch -x -D "cn=Directory Manager"
cn=ipa_pwd_extop,cn=plugins,cn=config -W
Enter LDAP Password:
# extended LDIF
#
# LDAPv3
# base <dc=alt,dc=coop> (default) with scope subtree
# filter: cn=ipa_pwd_extop,cn=plugins,cn=config
# requesting: ALL
#
# search result
search: 2
result: 0 Success
# numResponses: 1
Thanks a lot,
Add -b before cn=ipa_pwd_extop...
rob
Jonatan
Am Montag, den 23.03.2020, 16:27 -0400 schrieb Rob Crittenden:
> Jonatan Zint via FreeIPA-users wrote:
>> Hello!
>>
>> I have a simple setup running keycloak 9.0.0 setup with LDAP user
>> federation to my FreeIPA instance (4.8).
>> Runs smooth so far, but everytime a user changes his password in
>> keycloak it is marked expired in FreeIPA and gets prompted to
>> change it once trying to login in FreeIPA.
>>
>> The very same issue popped up in this mail thread:
>>
https://www.redhat.com/archives/freeipa-users/2017-January/msg00393.html
>> The answer does not seem to be valid for freeipa 4.8 though, as the
>> described DN doesn't even exist anymore. Searching through the
>> RedHat docs i can see several configuration guides for windows AD
>> password sync but not a mention how to fix it for keycloak.... Any
>> hint what I could try here?
>
> The procedure hasn't changed. You need to bind as Directory Manager
> to
> change (or see) this part of the tree.
>
> rob
>
_______________________________________________
FreeIPA-users mailing list -- freeipa-users(a)lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-leave(a)lists.fedorahosted.org
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines:
https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedoraho...