I setup an LDAP User Federation in Keycloak to our FreeIPA domain.
Unfortunately, the password reset functionality appears to only work when
the user Keycloak binds as is in the admins group. I tried both the User
Administrator and helpdesk roles, but always got this error:

Caused by: javax.naming.NoPermissionException: [LDAP: error code 50 -
Insufficient 'write' privilege to the 'userPassword' attribute of entry

Is there a way to allow password resets without adding the keycloak bind
user to the admins group?

Tiemen Ruiten
Systems Engineer
R&D Media
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org

Reply via email to