Details

      Description

      The Active Directory support is currently limited to AD DS. Support for AD LDS is missing. The latter is quite different in several terms.
      The most important difference is that it lacks the userControlAttribute bitmask and offers dedicated attributes instead of which the following are relevant for Keycloak:

      • msDS-UserAccountDisabled
      • msDS-UserPasswordExpired
      • msDS-UserPasswordNotRequired

      Another imporant difference is that it's using the userPassword attribute in favor of unicodePwd for setting passwords.

      See the pull request for details.

        Gliffy Diagrams

          Attachments

            Issue Links

              Activity

                People

                • Assignee:
                  Unassigned
                  Reporter:
                  sldab Slawomir Dabek
                • Votes:
                  0 Vote for this issue
                  Watchers:
                  3 Start watching this issue

                  Dates

                  • Created:
                    Updated:
                    Resolved: