Click on your LDAP user storage provider (in my case asapids) :
On your LDAP user storage provider configuration page, make the following configuration changes :
- Edit Mode : WRITABLE
- Bind Type (or Authentication Type depending on the version installed) : simple
This shows the Bind DN and Bind Credential fields, that you want to fill with the credentials of a DN having the rights to modify the user/pass attributes of the related LDAP directory (the admin for example).
Finally enable Validate Password Policy in the Advanced Settings and click Save.
Now you can go to the Authentication menu and click on the Password Policy tab.
You can then add multiple Password policies (only the Regular Expression can be used multiple times).
NB : The Not Recently Used and Expire Password policies don't work with LDAP. Keycloak, can't retrieve the server information as of today. Indeed, it would be too heavy to maintain the code for every possible LDAP implementation. And also because the policies are applied at password renewal, not at login.
In order for a user to modify it's password OOTB, he has to visit