diff --git a/federation/ldap/src/main/java/org/keycloak/storage/ldap/LDAPStorageProvider.java b/federation/ldap/src/main/java/org/keycloak/storage/ldap/LDAPStorageProvider.java index 2b525cbd2d..d1ae1f839b 100755 --- a/federation/ldap/src/main/java/org/keycloak/storage/ldap/LDAPStorageProvider.java +++ b/federation/ldap/src/main/java/org/keycloak/storage/ldap/LDAPStorageProvider.java @@ -488,9 +488,20 @@ public class LDAPStorageProvider implements UserStorageProvider, UserCredentialModel cred = (UserCredentialModel)input; String password = cred.getValue(); LDAPObject ldapUser = loadAndValidateUser(realm, user); - ldapIdentityStore.updatePassword(ldapUser, password); - if (updater != null) updater.passwordUpdated(user, ldapUser, input); - return true; + + try { + ldapIdentityStore.updatePassword(ldapUser, password); + if (updater != null) updater.passwordUpdated(user, ldapUser, input); + return true; + } catch (ModelException me) { + if (updater != null) { + updater.passwordUpdateFailed(user, ldapUser, input, me); + return false; + } else { + throw me; + } + } + } else { return false; } diff --git a/federation/ldap/src/main/java/org/keycloak/storage/ldap/mappers/PasswordUpdated.java b/federation/ldap/src/main/java/org/keycloak/storage/ldap/mappers/PasswordUpdated.java index c4d7b5eef8..a2f255adf3 100644 --- a/federation/ldap/src/main/java/org/keycloak/storage/ldap/mappers/PasswordUpdated.java +++ b/federation/ldap/src/main/java/org/keycloak/storage/ldap/mappers/PasswordUpdated.java @@ -17,6 +17,7 @@ package org.keycloak.storage.ldap.mappers; import org.keycloak.credential.CredentialInput; +import org.keycloak.models.ModelException; import org.keycloak.models.UserModel; import org.keycloak.storage.ldap.idm.model.LDAPObject; @@ -25,5 +26,8 @@ import org.keycloak.storage.ldap.idm.model.LDAPObject; * @version $Revision: 1 $ */ public interface PasswordUpdated { + void passwordUpdated(UserModel user, LDAPObject ldapUser, CredentialInput input); + + void passwordUpdateFailed(UserModel user, LDAPObject ldapUser, CredentialInput input, ModelException exception) throws ModelException; } diff --git a/federation/ldap/src/main/java/org/keycloak/storage/ldap/mappers/msad/MSADUserAccountControlStorageMapper.java b/federation/ldap/src/main/java/org/keycloak/storage/ldap/mappers/msad/MSADUserAccountControlStorageMapper.java index 2a82c04ee9..1614fefb47 100644 --- a/federation/ldap/src/main/java/org/keycloak/storage/ldap/mappers/msad/MSADUserAccountControlStorageMapper.java +++ b/federation/ldap/src/main/java/org/keycloak/storage/ldap/mappers/msad/MSADUserAccountControlStorageMapper.java @@ -89,6 +89,11 @@ public class MSADUserAccountControlStorageMapper extends AbstractLDAPStorageMapp updateUserAccountControl(ldapUser, control); } + @Override + public void passwordUpdateFailed(UserModel user, LDAPObject ldapUser, CredentialInput input, ModelException exception) { + throw processFailedPasswordUpdateException(exception); + } + @Override public UserModel proxy(LDAPObject ldapUser, UserModel delegate) { return new MSADUserModelDelegate(delegate, ldapUser); diff --git a/federation/ldap/src/main/java/org/keycloak/storage/ldap/mappers/msadlds/MSADLDSUserAccountControlStorageMapper.java b/federation/ldap/src/main/java/org/keycloak/storage/ldap/mappers/msadlds/MSADLDSUserAccountControlStorageMapper.java index be07781321..301ad3a646 100644 --- a/federation/ldap/src/main/java/org/keycloak/storage/ldap/mappers/msadlds/MSADLDSUserAccountControlStorageMapper.java +++ b/federation/ldap/src/main/java/org/keycloak/storage/ldap/mappers/msadlds/MSADLDSUserAccountControlStorageMapper.java @@ -88,6 +88,11 @@ public class MSADLDSUserAccountControlStorageMapper extends AbstractLDAPStorageM ldapProvider.getLdapIdentityStore().update(ldapUser); } + @Override + public void passwordUpdateFailed(UserModel user, LDAPObject ldapUser, CredentialInput input, ModelException exception) { + throw processFailedPasswordUpdateException(exception); + } + @Override public UserModel proxy(LDAPObject ldapUser, UserModel delegate) { return new MSADUserModelDelegate(delegate, ldapUser);