Hello, I setup an LDAP User Federation in Keycloak to our FreeIPA domain. Unfortunately, the password reset functionality appears to only work when the user Keycloak binds as is in the admins group. I tried both the User Administrator and helpdesk roles, but always got this error:
Caused by: javax.naming.NoPermissionException: [LDAP: error code 50 - Insufficient 'write' privilege to the 'userPassword' attribute of entry 'uid=xxxxx,cn=users,cn=accounts,dc=example,dc=com' Is there a way to allow password resets without adding the keycloak bind user to the admins group? -- Tiemen Ruiten Systems Engineer R&D Media
_______________________________________________ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org