[GH-ISSUE #227] lldap_readonly group is able to reset password #78

New issue

Closed

opened 2026-02-27 08:15:06 +03:00 by kerem · 1 comment

kerem commented

2026-02-27 08:15:06 +03:00

Owner

Originally created by @adepssimius on GitHub (Jul 8, 2022).
Original GitHub issue: https://github.com/lldap/lldap/issues/227

The group name is confusing since the readonly group should not be able to write anything.

Desired functionality is to follow the principle of least privilege so that applications may update passwords without a user account that is able to manage users and groups.

Additionally, the ability to have a true read only group would be useful for applications that do not have the functionality to change the password.

Originally created by @adepssimius on GitHub (Jul 8, 2022). Original GitHub issue: https://github.com/lldap/lldap/issues/227 The group name is confusing since the readonly group should not be able to write anything. Desired functionality is to follow the principle of least privilege so that applications may update passwords without a user account that is able to manage users and groups. Additionally, the ability to have a true read only group would be useful for applications that do not have the functionality to change the password.

kerem closed this issue

2026-02-27 08:15:07 +03:00

kerem commented

2026-02-27 08:15:07 +03:00

Author

Owner

@adepssimius commented on GitHub (Jul 8, 2022):

Proposed solution.

@adepssimius commented on GitHub (Jul 8, 2022): Proposed solution. ![image](https://user-images.githubusercontent.com/5257052/178022269-bc60d597-467e-420a-bc2c-82f5be340304.png)

kerem referenced this issue

2026-02-27 08:17:53 +03:00

[PR #78] [MERGED] (Doc) Keycloak requires a full DN, not just the username #530