[Freeipa-users] Re: Keycloak with FreeIPA federation / expired Password

Hello! I have a simple setup running keycloak 9.0.0 setup with LDAP user federation to my FreeIPA instance (4.8). Runs smooth so far, but everytime a user changes his password in keycloak it is marked expired in FreeIPA and gets prompted to change it once trying to login in FreeIPA. The very same issue popped up in this mail thread: https://www.redhat.com/archives/freeipa-users/2017-January/msg00393.html The answer does not seem to be valid for freeipa 4.8 though, as the described DN doesn't even exist anymore. Searching through the RedHat docs i can see several configuration guides for windows AD password sync but not a mention how to fix it for keycloak.... Any hint what I could try here?