KEYCLOAK-12437 Revert KEYCLOAK-11802 (#6700)

This reverts commit e018ca3e29 from:
Simplifying logic for determining disabled status (#6416)

Co-authored-by: brunomedeiros-visagio <55057005+brunomedeiros-visagio@users.noreply.github.com>
This commit is contained in:
BrunoJCM 2020-01-28 21:59:03 +08:00 committed by Marek Posolda
parent 993ba3179c
commit 5c910d6f13

View file

@ -216,7 +216,14 @@ public class MSADUserAccountControlStorageMapper extends AbstractLDAPStorageMapp
@Override @Override
public boolean isEnabled() { public boolean isEnabled() {
boolean kcEnabled = super.isEnabled(); boolean kcEnabled = super.isEnabled();
return kcEnabled && !getUserAccountControl(ldapUser).has(UserAccountControl.ACCOUNTDISABLE);
if (getPwdLastSet() > 0) {
// Merge KC and MSAD
return kcEnabled && !getUserAccountControl(ldapUser).has(UserAccountControl.ACCOUNTDISABLE);
} else {
// If new MSAD user is created and pwdLastSet is still 0, MSAD account is in disabled state. So read just from Keycloak DB. User is not able to login via MSAD anyway
return kcEnabled;
}
} }
@Override @Override