[Freeipa-users] Keycloak + FreeIPA New password expiry
Brian Candler
b.candler at pobox.com
Wed Jan 25 17:13:32 UTC 2017
On 25/01/2017 13:48, Georgijs Radovs wrote:
> Is it possible to configure FreeIPA server so it does not mark new
> passwords, set by Keycloak's LDAP bind user, expired?
Yes, you need to configure the privileged LDAP bind user in
passSyncManagersDNs:
dn: cn=ipa_pwd_extop,cn=plugins,cn=config
passSyncManagersDNs: uid=....
Note that this setting does not replicate - it needs to be applied to
all replicas by hand.
See:
https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/Windows_Integration_Guide/pass-sync.html#password-sync
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20170125/89f9f3f7/attachment.htm>
More information about the Freeipa-users
mailing list