Skip to content

Releases: keycloak/keycloak

26.1.5

11 Apr 07:58
@keycloak-bot keycloak-bot
26.1.5
8d60461

Choose a tag to compare

View all tags
26.1.5

Upgrading

Before upgrading refer to the migration guide for a complete list of changes.

All resolved issues

Enhancements

  • #38409 Upgrade to Quarkus 3.15.4 dist/quarkus
  • #38764 OTel: Unable to disable sampling at runtime; tracing-sampler-ratio validation prevents setting 0.0 dist/quarkus

Bugs

  • #36482 The root cause of error is suppressed in KC 26 at building dependencies
  • #37792 Save Button Not Enabled When Switching OTP Type from "Time Based" to "Counter Based" admin/ui
  • #37869 ConditionalOtpFormAuthenticator fails to set CONFIGURE_TOTP required action for LDAP read-only users
  • #38041 [Keycloak CI] - WebAuthn tests ci
  • #38063 Issue in clearing offline sessions internally using ClearExpiredUserSessions Scheduled task
  • #38152 Broken guides link on reverseproxy page docs
  • #38353 Keycloak email message ID contains the local host name or IP address core
  • #38454 Keycloak account console is missing the Keycloak logo account/ui
  • #38576 Define a max expiration window for Signed JWT client authentication oidc
  • #38607 Recaptcha secret key configuration lost when migrating from 24.0.5 to 26.1.4 authentication
  • #38740 OTelHttpClientFactory not configured properly when tracing enabled dist/quarkus
Loading

26.1.4

13 Mar 15:41
@keycloak-bot keycloak-bot
26.1.4
b281b5f

Choose a tag to compare

View all tags
26.1.4

Upgrading

Before upgrading refer to the migration guide for a complete list of changes.

All resolved issues

Enhancements

  • #37433 Allow admin to disable automatic refresh of event views admin/ui
  • #37711 Upgrade to Infinispan 15.0.14

Bugs

  • #37320 Cannot fetch realm role that was renamed admin/api
  • #37621 When calling the token revoke endpoint multiple times with the same token, a database REVOKED-TOKEN constraint error is reported storage
  • #37843 Admin events: resource type filter does not work admin/ui
  • #37911 Unwanted placeholder texts in user profile fields admin/ui
  • #37944 KC_HTTPS_TRUST_STORE_TYPE not working dist/quarkus
  • #38038 The default setting of the client request object parameter is empty admin/ui
Loading

26.1.3

28 Feb 10:04
@keycloak-bot keycloak-bot
26.1.3
c11d93d

Choose a tag to compare

View all tags
26.1.3

Highlights

Send Reset Email force login again for federated users after reset credentials

In version 26.1.1 a new configuration option was added to the reset-credential-email (Send Reset Email) authenticator to allow changing the default behavior after the reset credentials flow. Now the option force-login (Force login after reset) is adding a third configuration value only-federated, which means that the force login is true for federated users and false for the internal database users. The new behavior is now the default. This way all users managed by user federation providers, whose implementation can be not so tightly integrated with Keycloak, are forced to login again after the reset credentials flow to avoid any issue. This change in behavior is due to the secure by default policy.

For more information, see Enable forgot password.

Upgrading

Before upgrading refer to the migration guide for a complete list of changes.

All resolved issues

Bugs

  • #32535 Invalid migration export for empty database core
  • #36405 Redirect after linking account account/ui
  • #36527 Viewing user events requires `view-realm`-role admin/ui
  • #36585 Keycloak user attribute key broken in Keycloak 26.1.0 admin/ui
  • #36703 When linking IDP to an organization hide on login sets as off admin/ui
  • #36709 SAML2 Client Signing Keys Config does not accept PEM import admin/ui
  • #36842 Comboxes do not display selected option after reset admin/ui
  • #36927 MeterFilter is configured after a Meter has been registered dist/quarkus
  • #36965 CVE-2025-0736 Error during JGroups channel creation may reveal secure information
  • #36985 Admin console: unable to edit user profile attribute either on the form or the JSON editor. admin/ui
  • #37029 CI fails with "Problem creating zip: Execution exception: Java heap space" ci
  • #37066 Error on import of a public key (pem) authentication
  • #37128 Customized quarkus.properties for MySQL cause "Unable to find the JDBC driver (org.h2.Driver)",The server fails to start. storage
  • #37169 Wrong organization claim assignment in JWT access token organizations
  • #37207 Change default value for force-login option in reset-credential-email authentication
  • #37229 Login form can be used to determine which email addresses / usernames are in the system login/ui
  • #37268 Problems changing pre-defined user profile attributes admin/ui
  • #37285 Upgrade to latest JGroups patch version
  • #37360 CVE-2024-47072 - XStream is vulnerable to a Denial of Service attack due to stack overflow from a manipulated binary input stream
  • #37431 Password policies like NoUsername consider case-sensitivity authentication
  • #37434 External Link Test failing docs
  • #37577 Property Name Casing Mismatch in ProtocolMapperUtils saml
Loading

26.1.2

11 Feb 08:50
@keycloak-bot keycloak-bot
26.1.2
affa4f9

Choose a tag to compare

View all tags
26.1.2

Upgrading

Before upgrading refer to the migration guide for a complete list of changes.

All resolved issues

Deprecated features

  • #525 Drop support for end-of-life versions of Node.js

Enhancements

  • #573 Convert tests to standard modules to upgrade dependencies
  • #576 Upgrade `@keycloak/keycloak-admin-client` to latest version dependencies

Bugs

  • #567 Connections with an error code are not terminated
  • #571 CI status badge in README is incorrect
  • #36858 JDBC Ping with Docker infinispan
  • #36919 Latency issue after Keycloak version upgrade core
  • #36926 Invoking dynamic client registration with lightweight access token results in a 404 oidc
  • #37162 Pods become unresponsive after upgrade to 26.1.0 infinispan
Loading

26.1.1

05 Feb 09:38
@keycloak-bot keycloak-bot
26.1.1
217a341

Choose a tag to compare

View all tags
26.1.1

Highlights

New option in X.509 authenticator to abort authentication if CRL is outdated

The X.509 authenticator has a new option x509-cert-auth-crl-abort-if-non-updated (CRL abort if non updated in the Admin Console) to abort the login if a CRL is configured to validate the certificate and the CRL is not updated in the time specified in the next update field. The new option defaults to true in the Admin Console. For more details about the CRL next update field, see RFC5280, Section-5.1.2.5.

The value false is maintained for compatibility with the previous behavior. Note that existing configurations will not have the new option and will act as if this option was set to false, but the Admin Console will add the default value true on edit.

New option in Send Reset Email to force a login after reset credentials

The reset-credential-email (Send Reset Email) is the authenticator used in the reset credentials flow (forgot password feature) for sending the email to the user with the reset credentials token link. This authenticator now has a new option force-login (Force login after reset). When this option is set to true, the authenticator terminates the session and forces a new login.

For more details about this new option, see Enable forgot password.

Upgrading

Before upgrading refer to the migration guide for a complete list of changes.

All resolved issues

Enhancements

  • #552 Clean up old release code from Node.js adapter repo
  • #34275 Organizations: Allow Organization Selection organizations
  • #34343 CreatedResponseUtil.getCreatedId should expose the actual error message from the server admin/client-java
  • #36440 Remove Node.js adapter documentation from main repo docs
  • #36456 Clarify IPv6 JGroups requirements in Keycloak documenation
  • #36798 Add detail on dependencyManagement section for POM files

Bugs

  • #558 The draft nightly untagged release is created by "Release nightly" GH action
  • #562 Incorrectly resolved {project_versionNpm} expression in the documentation
  • #32766 Translation error in messages_fr.properties translations
  • #33477 LDAP groups not showing members in Groups when using memberOf attribute ldap
  • #36159 Realm not found while exists and works if entered directly in the URL admin/ui
  • #36460 Deployment artifacts for Quarkus extensions are not in deployment dir dist/quarkus
  • #36483 Wrong link for tracing in 26.1.0 release notes docs
  • #36514 The organization claim does not appear if the Organization Membership Mapper is added through a custom client scope organizations
  • #36531 WebAuthN and dark mode: device icons are hardly readable login/ui
  • #36559 keycloak.v2 forms are too small for mobile view login/ui
  • #36629 All IDPs shown when reloading login page login/ui
  • #36649 When organizations feature is turned on, login_hint doesn't prefill identity-first login's page email field organizations
  • #36669 --spi-connections-liquibase-default-index-creation-threshold does not work core
  • #36675 Links error for https://jwt.io in documentation docs
  • #36728 Logging errors on DB transaction retries core
  • #36745 Conflict when Keycloak uses an OpenShift cluster ingress certificate operator
  • #36781 Flaky test: org.keycloak.testsuite.webauthn.account.WebAuthnTransportLocaleTest#localizationTransportInternal ci
  • #36782 Flaky test: org.keycloak.testsuite.webauthn.account.WebAuthnSigningInTest#multipleSecurityKeys ci
  • #36844 Provide an option to force login after reset credentials authentication
  • #36887 Outdated documentation about how to use reCAPTCHA in development with localhost docs
  • #36902 Flaky test: org.keycloak.testsuite.webauthn.account.WebAuthnErrorTest#errorPageWithTimeout ci
  • #36945 Bad escape apostrophe character in messages_fr.properties login/ui
  • #36988 Typos in English email message templates translations
  • #36998 UI tests failing admin/ui
Loading

26.1.0

15 Jan 10:45
@keycloak-bot keycloak-bot
26.1.0
90f2553

Choose a tag to compare

View all tags
26.1.0

Highlights

Transport stack jdbc-ping as new default

Keycloak now uses by default its database to discover other nodes of the same cluster, which removes the need of additional network related configurations especially for cloud providers. It is also a default that will work out-of-the-box in cloud environments.

Previous versions of Keycloak used as a default UDP multicast to discover other nodes to form a cluster and to synchronize the replicated caches of Keycloak. This required multicast to be available and to be configured correctly, which is usually not the case in cloud environments.

Starting with this version, the default changes to the jdbc-ping configuration which uses Keycloak’s database to discover other nodes. As this removes the need for multicast network capabilities and UDP and no longer using dynamic ports for the TCP-based failure detection, this is a simplification and a drop-in replacement for environments which used the previous default. To enable the previous behavior, choose the transport stack udp which is now deprecated.

The Keycloak Operator will continue to configure kubernetes as a transport stack.

See the Configuring distributed caches guide for more information.

Virtual Threads enabled for Infinispan and JGroups thread pools

Starting from this release, Keycloak automatically enables the virtual thread pool support in both the embedded Infinispan and JGroups when running on OpenJDK 21. This removes the need to configure the JGroups thread pool, the need to align the JGroups thread pool with the HTTP worker thread pool, and reduces the overall memory footprint.

OpenTelemetry Tracing supported

In the previous release, the OpenTelemetry Tracing feature was preview and is fully supported now. It means the opentelemetry feature is enabled by default.

There were made multiple improvements to the tracing capabilities in Keycloak such as:

  • Configuration via Keycloak CR in Keycloak Operator

  • Custom spans for:

    • Incoming/outgoing HTTP requests including Identity Providers brokerage

    • Database operations and connections

    • LDAP requests

    • Time-consuming operations (passwords hashing, persistent sessions operations, …​)

For more information, see the Enabling Tracing guide.

Infinispan default XML configuration location

Previous releases ignored any change to conf/cache-ispn.xml if the --cache-config-file option was not provided.

Starting from this release, when --cache-config-file is not set, the default Infinispan XML configuration file is conf/cache-ispn.xml as this is both the expected behavior and the implied behavior given the docs of the current and previous releases.

Individual options for category-specific log levels

It is now possible to set category-specific log levels as individual log-level-category options.

For more details, see the Logging guide.

OpenID for Verifiable Credential Issuance

The OpenID for Verifiable Credential Issuance (OID4VCI) remains an experimental feature in Keycloak, but it has great improvements in this release. This feature benefits from much polishing of the existing configuration and making the feature more dynamic and customizable.

You will find significant development and discussions in the Keycloak OAuth SIG. Anyone from the Keycloak community is welcome to join.

Many thanks to all members of the OAuth SIG group for the participation in the development and discussions about this feature. Especially thanks to Francis Pouatcha, Ingrid Kamga, Pascal Knüppel, Thomas Darimont, Ogen Bertrand, Awambeng Rodrick and Takashi Norimatsu.

Minimum ACR Value for the client

The option Minimum ACR value is added as a configuration option on the realm OIDC clients. This addition is an enhancement related to step-up authentication, which makes it possible to enforce minimum ACR level when logging in to the particular client.

Many thanks to Simon Levermann for the contribution.

Support for prompt=create

Support now exists for the Initiating user registration standard, which allows OIDC clients to initiate the login request with the parameter prompt=create to notify Keycloak that a new user should be registered rather than an existing user authenticated. Initiating user registration was already supported in Keycloak with the use of dedicated endpoint /realms/<realm>/protocol/openid-connect/registrations. However, this endpoint is now deprecated in favor of the standard way as it was a proprietary solution specific to Keycloak.

Many thanks to Thomas Darimont for the contribution.

Option to create certificates for generated EC keys

A new option, Generate certificate, exists for EC-DSA and Ed-DSA key providers. When the generated key is created by a realm administrator, a certificate might be generated for this key. The certificate information is available in the Admin Console and in the JWK representation of this key, which is available from JWKS endpoint with the realm keys.

Many thanks to Pascal Knüppel for the contribution.

Authorization Code Binding to a DPoP Key

Support now exists for Authorization Code Binding to a DPoP Key including support for the DPoP with Pushed Authorization Requests.

Many thanks to Takashi Norimatsu for the contribution.

Maximum count and length for additional parameters sent to OIDC authentication request

The OIDC authentication request supports a limited number of additional custom parameters of maximum length. The additional parameters can be used for custom purposes (for example, adding the claims into the token with the use of the protocol mappers). In the previous versions, the maximum count of the parameters was hardcoded to 5 and the maximum length of the parameters was hardcoded to 2000. Now both values are configurable. Additionally it can be possible to configure if additional parameters cause a request to fail or if parameters are ignored.

Many thanks to Manuel Schallar and Patrick Weiner for the contribution.

Network Policy support added to the Keycloak Operator

Note
 Preview feature.

To improve the security of your Kubernetes deployment, Network Policies can be specified in your Keycloak CR. The Keycloak Operator accepts the ingress rules, which define from where the traffic is allowed to come from, and automatically creates...

Read more
Loading

26.0.8

13 Jan 16:08
@keycloak-bot keycloak-bot
26.0.8
9ca0ccd

Choose a tag to compare

View all tags
26.0.8

Upgrading

Before upgrading refer to the migration guide for a complete list of changes.

All resolved issues

Enhancements

  • #33569 Show User Events on dedicated tab on Client-/User-Details
  • #34091 Username Form should support autocomplete login/ui

Bugs

  • #34072 The Realm Selection Dropdown Breaks After 50 Realms In Database admin/ui
  • #34207 logout with client_id and/or post_logout_redirect_uri results in bad request on logout confirmation page oidc
  • #34402 [Keycloak 26.0.2] Getting "Forbidden, permission needed: query-clients" as temp-admin admin/ui
  • #34675 Keys tab showing disabled and inactive keys as active admin/ui
  • #34995 MySQL database migration issue core
  • #35048 Filter events by user id and client not working admin/ui
  • #35052 `organizationEnabled` and `verifiableCredentialsEnabled` attributes are present as attributes in an export
  • #35273 Edit Help Mode descriptor for Roles in policy form admin/ui
  • #35290 Database migration fails after upgrading operator to v26.0.6 core
  • #35317 Token issuer is null in executeActionsEmail and sendVerifyEmail if no clientId is passed admin/api
  • #35324 Strange Random behavior - Intermittent missing organization claim in Keycloak JWT token organizations
  • #35410 SAML Adapter Galleon Pack for EAP8 cannot use new metadata options for layers adapter/saml
  • #35416 Mis-formatted definition list of hashing algorithms
  • #35421 Showing LDAP error message when failing to reset password ldap
  • #35475 Delete user confirm title is wrong admin/ui
  • #35481 Events: Wrong text for user id search admin/ui
  • #35488 [Jekins Keycloak CI] - RH-SSO EAP adapters remote saml tests ci
  • #35526 Initial keycloak bootstrap suggestion is not correct. dist/quarkus
  • #35544 Upgrading guide 26.0.6 is missing in the built document docs
  • #35634 Temporary password toggle in set password dialog is cut off in admin-console admin/ui
  • #35675 New install doesn't allow admin user creation dist/quarkus
  • #35822 Exact searches should be the default when querying user by attributes admin/api
  • #36394 CVE-2024-11736 Unrestricted admin use of system and environment variables
  • #36395 CVE-2024-11734 Denial of Service in Keycloak Server via Security Headers
Loading

26.0.7

03 Dec 07:16
@keycloak-bot keycloak-bot
26.0.7
812d849

Choose a tag to compare

View all tags
26.0.7

Upgrading

Before upgrading refer to the migration guide for a complete list of changes.

All resolved issues

Enhancements

  • #34882 Edits to Authorization Services guide
  • #34916 Addresse QE comments on Server Administration guide
  • #34931 Upgrade to ISPN 15.0.11.Final

Bugs

  • #10233 Locale Setting for Update Password Mail admin/api
  • #17233 the InfoPage after an ExecuteActionsEmail is not localized based on the user's locale authentication
  • #30631 Upgrade to 25 throws: Statement violates GTID consistency core
  • #32143 UserId too long to add Security Key WebauthN authentication/webauthn
  • #32648 RP-Initiated logout using `POST` method fails in cross-origin setup oidc
  • #32676 Flaky test: org.keycloak.testsuite.forms.BrowserButtonsTest#appInitiatedRegistrationWithBackButton ci
  • #33071 RESTART_AUTHENTICATION_ERROR in Iphone devices (using safari and chrome browser) oidc
  • #33195 Any one Client role mapping to user/group generating two events on admin events tab. core
  • #33810 Stabilise my-resources.spec test account/ui
  • #34233 Service accounts visible under user search in Admin console admin/api
  • #34391 Error on "check a11y" tests on Cypress admin/ui
  • #34560 Switching 'Email as Username' alters existing custom usernames to email addresses, causing LDAP sync issues core
  • #34572 Text in "Choose a policy type" is not wrapping admin/ui
  • #34590 Attributes missing in OrganizationRepresentation when using Admin REST API in Keycloak 26 admin/api
  • #34678 [Admin UI] [Create resource-based permission] Resource input is disabled admin/ui
  • #34858 Deprecated CLI options and new options are not stable in their sorting dist/quarkus
  • #34864 On logout from admin console, a serverinfo call with 401 response in the logs admin/ui
  • #34888 Authentication Link and IDP Fails with 400 Bad Request After Migrating to Version 26 and Delete Authentification authentication
  • #34899 Upgrade 24 to 25 fails because db jpa changes drop nonexisting indexes. core
  • #34930 Update Email doesn't update username when Email as Username and Attributes are enabled user-profile
  • #34944 Adding "sub" claim to lightweight access token causes HTTP 403 Forbidden Error in Keycloak 26.0.5 oidc
  • #34975 getAll() organization members only returns the first 10 members organizations
  • #34987 KC25 Migration guide for caching options needs clarification
  • #35006 Mis-formatted unordered list in the caching docs
  • #35015 Flaky test: org.keycloak.testsuite.model.session.AuthenticationSessionTest#testConcurrentAuthenticationSessionsRemoval ci
  • #35087 Flaky test: org.keycloak.testsuite.model.session.AuthenticationSessionTest#testConcurrentAuthenticationSessionsCreation ci
  • #35229 Fix typo in v24 changelog: "longer" -> "no longer" docs
  • #35232 reCAPTCHA v3 not working login/ui
  • #35276 Your login attempt timed out authentication
  • #35282 [Keycloak CI] - Test PoC failing on Keycloak 26.0 branch
  • #35288 Upgrade 26.0.5 -> 26.0.6 completely breaks admin events in the admin UI admin/ui
  • #35328 Error when creating a permission ticket when there are 2 or more Keycloak servers in a cluster authorization-services
Loading

26.0.6

22 Nov 05:40
@keycloak-bot keycloak-bot
26.0.6
5ded193

Choose a tag to compare

View all tags
26.0.6

Highlights

Admin events might include now additional details about the context when the event is fired

In this release, admin events might hold additional details about the context when the event is fired. When upgrading you should expect the database schema being updated to add a new column DETAILS_JSON to the ADMIN_EVENT_ENTITY table.

Updates to documentation of X.509 client certificate lookup via proxy

Potential vulnerable configurations have been identified in the X.509 client certificate lookup when using a reverse proxy. Additional configuration steps might be required depending on your current configuration. Make sure to review the updated reverse proxy guide if you have configured the client certificate lookup via a proxy header.

Upgrading

Before upgrading refer to the migration guide for a complete list of changes.

All resolved issues

Enhancements

  • #34315 Update the Keycloak CPU and Memory sizing guide to reflect the new ec2 workder nodes
  • #34386 Some dynamic imported functions are also statically imported making bundling them in-efficient
  • #34570 Make documentation more clear that keycloak javascript adapter and node.js adapter are OIDC docs
  • #34855 Add conditional text to Installation Locations
  • #34873 Update Leveraging JaKarta EE in Server Development guide
  • #34887 Apply QE edits to High Availability guide

Bugs

  • #609 Workflow failure - Jakarta - SAMLServiceProviderTest.testAccessAccountManagement
  • #11008 Incorrect get the members of a group imported from LDAP ldap
  • #17593 Incorrect ldap-group-mapper chosen to sync changes to ActiveDirectory when several mappers with varying group paths used ldap
  • #19652 Members are inhereted from LDAP group with the same name ldap
  • #23732 JavascriptAdapterTest errors when running with strict cookies on Firefox ci
  • #27856 Social login - Stack Overflow test fails ci
  • #31456 Enabling/Disabling user does not work with Microsoft AD LDAP via Admin API/UI ldap
  • #32786 Organization Domain not marked as a required field in the Admin UI admin/ui
  • #33531 Previously entered translations should persist in the translation dialog for the attribute groups admin/ui
  • #34013 Add More Info to Organization Events organizations
  • #34065 Users without `view-realm` can't see user lockout state in Admin UI admin/ui
  • #34201 OIDC IdP Unable to validate signatures using validatingPublicKey certificate admin/ui
  • #34335 NPE in Organization(s)Resource when using Quarkus Rest Client admin/api
  • #34401 Incorrect Content-Type Expectation for POST /admin/realms/{realm}/organizations/{id}/members in Keycloak API admin/api
  • #34465 Missing help icons in Webauthn Policy and Webauthn Passwordless Policy missing in admin ui admin/ui
  • #34519 Clicking on link to Keycloak documentation from Keycloak admin UI does nothing instead of opening documentation admin/ui
  • #34549 Quarkus dev mode does not work dist/quarkus
  • #34572 Text in "Choose a policy type" is not wrapping admin/ui
  • #34603 NPE in InfinispanOrganizationProvider if userCache is disabled infinispan
  • #34624 Securing apps guide breaks downstream docs
  • #34634 Missing downstream explicit name for anchors docs
  • #34644 KC_CACHE_EMBEDDED_MTLS_ENABLED is ignored infinispan
  • #34671 `ClientConnection.getRemoteAddr` can return a hostname when behind a reverse proxy core
  • #34687 New credential templates broken in KC26 login/ui
  • #34905 [Keycloak CI] Outdated surefire artifacts names - Quarkus IT and UT ci
  • #35213 CVE-2024-10451 Sensitive Data Exposure in Keycloak Build Process
  • #35214 CVE-2024-10270 Potential Denial of Service
  • #35215 CVE-2024-10492 Keycloak path trasversal
  • #35216 CVE-2024-9666 Keycloak proxy header handling Denial-of-Service (DoS) vulnerability
  • #35217 CVE-2024-10039 Bypassing mTLS validation
Loading

26.0.5

01 Nov 09:27
@keycloak-bot keycloak-bot
26.0.5
65c34f6

Choose a tag to compare

View all tags
26.0.5

Highlights

LDAP users are created as enabled by default when using Microsoft Active Directory

If you are using Microsoft AD and creating users through the administrative interfaces, the user will created as enabled by default.

In previous versions, it was only possible to update the user status after setting a (non-temporary) password to the user. This behavior was not consistent with other built-in user storages as well as not consistent with others LDAP vendors supported by the LDAP provider.

Upgrading

Before upgrading refer to the migration guide for a complete list of changes.

All resolved issues

Bugs

  • #31415 Selection list does not close after outside click admin/ui
  • #33607 Fix v2 login layout login/ui
  • #33618 No message for `policyGroupsHelp` admin/ui
  • #33640 Customizable footer (Keycloak 26) not displaying in keycloak.v2 login theme login/ui
  • #34301 Remove inaccurate statement about master realm imports docs
  • #34450 [26.0.2] Migration from 25.0.1 Identity Provider Errors identity-brokering
  • #34467 Do not rely on the `pwdLastSet` attribute when updating AD entries ldap
Loading