Password expiration update in freeipa

[not a body]

Hello dear all,

I'm strugling to integrate keycloak with our FreeIPA installation. We would like to use the password update as well as the password reset feature.

FreeIPA uses the 'krbPasswordExpiration' field of an user object to store the information when the password expire. Unfortunately, Keycloak does not update this field when a password is changed. We configured a password policy that should give the password a lifespan of one year.

I also couldn't find a mapper for this in the LDAP binding. Do you have any idea how to deal with this problem? Is there a capable workaround?

Have a nice day!

David

PS: This is my first post to a user list. Please forgive me if I didn't follow all guidelines. I'd be happy about feedback if I did anything wrong.

[not a body]

I also asked the question in GitHub discussions here: https://github.com/keycloak/keycloak/discussions/21449