Jonatan Zint via FreeIPA-users wrote:
Hello!
I have a simple setup running keycloak 9.0.0 setup with LDAP user federation to my
FreeIPA instance (4.8).
Runs smooth so far, but everytime a user changes his password in keycloak it is marked
expired in FreeIPA and gets prompted to change it once trying to login in FreeIPA.
The very same issue popped up in this mail thread:
https://www.redhat.com/archives/freeipa-users/2017-January/msg00393.html
The answer does not seem to be valid for freeipa 4.8 though, as the described DN
doesn't even exist anymore. Searching through the RedHat docs i can see several
configuration guides for windows AD password sync but not a mention how to fix it for
keycloak.... Any hint what I could try here?
The procedure hasn't changed. You need to bind as Directory Manager to
change (or see) this part of the tree.
rob