Exception changing a password of a user linked to AD

Solution Verified - Updated -

Issue

  • Error when changing the password of a user that is external in a read-write AD provider.

  • The following exception appears in the log when trying to change an AD user password:

    ERROR [org.keycloak.services] (default task-5) KC-SERVICES0065: Failed to update Password: org.keycloak.models.ModelException: Could not modify attribute for DN [CN=aduser1,CN=Users,DC=SAMPLE,DC=COM]
        at org.keycloak.storage.ldap.idm.store.ldap.LDAPOperationManager.modifyAttributes(LDAPOperationManager.java:476)
        at org.keycloak.storage.ldap.idm.store.ldap.LDAPIdentityStore.updateADPassword(LDAPIdentityStore.java:282)
        at org.keycloak.storage.ldap.idm.store.ldap.LDAPIdentityStore.updatePassword(LDAPIdentityStore.java:251)
        at org.keycloak.storage.ldap.LDAPStorageProvider.updateCredential(LDAPStorageProvider.java:555)
        at org.keycloak.credential.UserCredentialStoreManager.updateCredential(UserCredentialStoreManager.java:171)
        at org.keycloak.services.resources.AccountService.processPasswordUpdate(AccountService.java:653)
        ...
Caused by: javax.naming.OperationNotSupportedException: [LDAP: error code 53 - 0000001F: SvcErr: DSID-031A1262, problem 5003 (WILL_NOT_PERFORM), data 0 ^@]; remaining name 'CN=aduser1,CN=Users,DC=SAMPLE,DC=COM'
        at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3209)
        at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:3082)
        at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2888)
        at com.sun.jndi.ldap.LdapCtx.c_modifyAttributes(LdapCtx.java:1475)
        at com.sun.jndi.toolkit.ctx.ComponentDirContext.p_modifyAttributes(ComponentDirContext.java:277)
        at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.modifyAttributes(PartialCompositeDirContext.java:192)
        at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.modifyAttributes(PartialCompositeDirContext.java:181)
        at javax.naming.directory.InitialDirContext.modifyAttributes(InitialDirContext.java:167)
        at javax.naming.directory.InitialDirContext.modifyAttributes(InitialDirContext.java:167)
        at org.keycloak.storage.ldap.idm.store.ldap.LDAPOperationManager$7.execute(LDAPOperationManager.java:471)
        at org.keycloak.storage.ldap.idm.store.ldap.LDAPOperationManager$7.execute(LDAPOperationManager.java:468)
        at org.keycloak.storage.ldap.idm.store.ldap.LDAPOperationManager.execute(LDAPOperationManager.java:631)
        at org.keycloak.storage.ldap.idm.store.ldap.LDAPOperationManager.modifyAttributes(LDAPOperationManager.java:468)
        ... 52 more

Environment

  • Red Hat Single Sign On (RH-SSO)
    • 7
  • Active Directory User Federation (AD)

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase of over 48,000 articles and solutions.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Close

Welcome! Check out the Getting Started with Red Hat page for quick tours and guides for common tasks.