From 88346d3d1b2ffba9408dd1b2d1febedb21260312 Mon Sep 17 00:00:00 2001 From: mposolda Date: Thu, 31 Aug 2023 19:18:23 +0200 Subject: [PATCH] Clarification on the tooltip of option 'Validate Password Policy' of LDAP provider closes #22868 --- js/apps/admin-ui/public/locales/en/user-federation-help.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/js/apps/admin-ui/public/locales/en/user-federation-help.json b/js/apps/admin-ui/public/locales/en/user-federation-help.json index 6d392e1a8b..23139d860d 100644 --- a/js/apps/admin-ui/public/locales/en/user-federation-help.json +++ b/js/apps/admin-ui/public/locales/en/user-federation-help.json @@ -43,7 +43,7 @@ "maxLifespanHelp": "Max lifespan of cache entry in milliseconds", "ldapAdvancedSettingsDescription": "This section contains all the other options for more fine-grained configuration of the LDAP storage provider.", "enableLdapv3PasswordHelp": "Use the LDAPv3 Password Modify Extended Operation (RFC-3062). The password modify extended operation usually requires that LDAP user already has password in the LDAP server. So when this is used with 'Sync Registrations', it can be good to add also 'Hardcoded LDAP attribute mapper' with randomly generated initial password.", - "validatePasswordPolicyHelp": "Determines if Keycloak should validate the password with the realm password policy before updating it", + "validatePasswordPolicyHelp": "Determines if Keycloak should validate the password with the realm password policy before updating it. For the case when user's password is saved in LDAP, some Keycloak password policies will not work (Not Recently Used, Expire Password, Hashing Iterations, Hashing Algorithm) due the fact that Keycloak does not have direct control over the password storage. It is needed to enable password policies at the LDAP server layer if you want to leverage those password policies.", "trustEmailHelp": "If enabled, email provided by this provider is not verified even if verification is enabled for the realm.", "IDK-periodicChangedUsersSyncHelp": "Should newly created users be created within LDAP store? Priority affects which provider is chosen to sync the new user.", "kerberosWizardDescription": "Text needed here.",