Uploaded image for project: 'Keycloak'
  1. Keycloak
  2. KEYCLOAK-12948

KeyCloak 8.0 no longer syncs reset passwords to OpenLDAP

    Details

    • Release Notes Text:
      Dupe of KEYCLOAK-12340.
    • Docs QE Status:
      NEW
    • QE Status:
      NEW

      Description

      Using KeyCloak 7.0.0 with LDAP user federation enabled, calling the `/users/

      {id}

      /reset-password` endpoint would sync a user's new password with OpenLDAP.

      Using KeyCloak 8.0.1, the password is no longer synced to the LDAP server. The only way to force a password sync seems to be to login as the user, and change the password using the form-based interface. I've attempted this both via the API and the web UI (which just calls the same API endpoint anyway)

      I attach two LDAP dumps. In case it's material, the 7.0.0 (working) dump was using osixia/openldap-server v1.2.4, whereas the 8.0.1 (non-working) dump was using v1.3.0. There doesn't seem to be significant drift in the underlying base OpenLDAP version however (https://github.com/osixia/docker-openldap/blob/stable/CHANGELOG.md). Additionally, the fact that a manual user password change triggers the expected syncing behaviour seems to rule out compatibility issues with the OpenLDAP version.

        Gliffy Diagrams

          Attachments

            Issue Links

              Activity

                People

                • Assignee:
                  iankko Ján Lieskovský
                  Reporter:
                  funkypenguin David young
                • Votes:
                  0 Vote for this issue
                  Watchers:
                  3 Start watching this issue

                  Dates

                  • Created:
                    Updated:
                    Resolved: