Exception changing a password of a user linked to AD
Issue
- Error when changing the password of a user that is external in a read-write AD provider.
-
The following exception appears in the log when trying to change an AD user password:
ERROR [org.keycloak.services] (default task-5) KC-SERVICES0065: Failed to update Password: org.keycloak.models.ModelException: Could not modify attribute for DN [CN=aduser1,CN=Users,DC=SAMPLE,DC=COM] at org.keycloak.storage.ldap.idm.store.ldap.LDAPOperationManager.modifyAttributes(LDAPOperationManager.java:476) at org.keycloak.storage.ldap.idm.store.ldap.LDAPIdentityStore.updateADPassword(LDAPIdentityStore.java:282) at org.keycloak.storage.ldap.idm.store.ldap.LDAPIdentityStore.updatePassword(LDAPIdentityStore.java:251) at org.keycloak.storage.ldap.LDAPStorageProvider.updateCredential(LDAPStorageProvider.java:555) at org.keycloak.credential.UserCredentialStoreManager.updateCredential(UserCredentialStoreManager.java:171) at org.keycloak.services.resources.AccountService.processPasswordUpdate(AccountService.java:653) ... Caused by: javax.naming.OperationNotSupportedException: [LDAP: error code 53 - 0000001F: SvcErr: DSID-031A1262, problem 5003 (WILL_NOT_PERFORM), data 0 ^@]; remaining name 'CN=aduser1,CN=Users,DC=SAMPLE,DC=COM' at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3209) at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:3082) at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2888) at com.sun.jndi.ldap.LdapCtx.c_modifyAttributes(LdapCtx.java:1475) at com.sun.jndi.toolkit.ctx.ComponentDirContext.p_modifyAttributes(ComponentDirContext.java:277) at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.modifyAttributes(PartialCompositeDirContext.java:192) at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.modifyAttributes(PartialCompositeDirContext.java:181) at javax.naming.directory.InitialDirContext.modifyAttributes(InitialDirContext.java:167) at javax.naming.directory.InitialDirContext.modifyAttributes(InitialDirContext.java:167) at org.keycloak.storage.ldap.idm.store.ldap.LDAPOperationManager$7.execute(LDAPOperationManager.java:471) at org.keycloak.storage.ldap.idm.store.ldap.LDAPOperationManager$7.execute(LDAPOperationManager.java:468) at org.keycloak.storage.ldap.idm.store.ldap.LDAPOperationManager.execute(LDAPOperationManager.java:631) at org.keycloak.storage.ldap.idm.store.ldap.LDAPOperationManager.modifyAttributes(LDAPOperationManager.java:468) ... 52 more
Environment
- Red Hat Single Sign On (RH-SSO)
- 7
- Active Directory User Federation (AD)
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.
