KEYCLOAK-12437 Revert KEYCLOAK-11802 (#6700)
This reverts commit e018ca3e29
from:
Simplifying logic for determining disabled status (#6416)
Co-authored-by: brunomedeiros-visagio <55057005+brunomedeiros-visagio@users.noreply.github.com>
This commit is contained in:
parent
993ba3179c
commit
5c910d6f13
1 changed files with 8 additions and 1 deletions
|
@ -216,7 +216,14 @@ public class MSADUserAccountControlStorageMapper extends AbstractLDAPStorageMapp
|
|||
@Override
|
||||
public boolean isEnabled() {
|
||||
boolean kcEnabled = super.isEnabled();
|
||||
|
||||
if (getPwdLastSet() > 0) {
|
||||
// Merge KC and MSAD
|
||||
return kcEnabled && !getUserAccountControl(ldapUser).has(UserAccountControl.ACCOUNTDISABLE);
|
||||
} else {
|
||||
// If new MSAD user is created and pwdLastSet is still 0, MSAD account is in disabled state. So read just from Keycloak DB. User is not able to login via MSAD anyway
|
||||
return kcEnabled;
|
||||
}
|
||||
}
|
||||
|
||||
@Override
|
||||
|
|
Loading…
Reference in a new issue