[Freeipa-users] Keycloak + FreeIPA New password expiry
Georgijs Radovs
georgijsr at scandiweb.com
Wed Jan 25 17:46:31 UTC 2017
Thank you very much, Brian!
Georgijs Radovs
Junior Sysadmin
<http://scandiweb.com/services>
On Wed, Jan 25, 2017 at 7:13 PM, Brian Candler <b.candler at pobox.com> wrote:
> On 25/01/2017 13:48, Georgijs Radovs wrote:
>
> Is it possible to configure FreeIPA server so it does not mark new
> passwords, set by Keycloak's LDAP bind user, expired?
>
> Yes, you need to configure the privileged LDAP bind user in
> passSyncManagersDNs:
>
> dn: cn=ipa_pwd_extop,cn=plugins,cn=config
> passSyncManagersDNs: uid=....
>
> Note that this setting does not replicate - it needs to be applied to all
> replicas by hand.
>
> See:
> https://access.redhat.com/documentation/en-US/Red_Hat_
> Enterprise_Linux/7/html/Windows_Integration_Guide/
> pass-sync.html#password-sync
>
--
<https://www.youtube.com/watch?v=coVJlV1LJ84>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20170125/b3e198f9/attachment.htm>
More information about the Freeipa-users
mailing list