Why are ldap attributes also updated when user password is changed ?
Issue
When the user password is updated, all the following ldap attributes are updated as well.
This can be seen throughout the RH-SSO server log trace
[org.keycloak.storage.ldap.idm.store.ldap.LDAPOperationManager] (default task-374) Modifying attributes for entry [cn=user1,ou=people,dc=example,dc=com]
[org.keycloak.storage.ldap.idm.store.ldap.LDAPOperationManager] (default task-374) Op [2]: pwdLastSet = -1
[org.keycloak.storage.ldap.idm.store.ldap.LDAPOperationManager] (default task-374) Op [2]: employeeType = developer
[org.keycloak.storage.ldap.idm.store.ldap.LDAPOperationManager] (default task-374) Op [2]: company = RedHat
[org.keycloak.storage.ldap.idm.store.ldap.LDAPOperationManager] (default task-374) Op [2]: mail = user1@example.com
[org.keycloak.storage.ldap.idm.store.ldap.LDAPOperationManager] (default task-374) Op [2]: givenName = user1_f
[org.keycloak.storage.ldap.idm.store.ldap.LDAPOperationManager] (default task-374) Op [2]: sn = user1_l
Environment
- Red Hat Single Sign-On (RH-SSO)
- 7
- LDAP
- User Federation LDAP mappers
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.
