KEYCLOAK-11802 Simplifying logic for determining disabled status (#6416)

* KEYCLOAK-11802 Simplifying logic for determining disabled status
This commit is contained in:
lounsbrough 2019-10-24 14:43:16 -05:00 committed by Marek Posolda
parent d7a0597b1d
commit e018ca3e29

View file

@ -218,14 +218,7 @@ public class MSADUserAccountControlStorageMapper extends AbstractLDAPStorageMapp
@Override @Override
public boolean isEnabled() { public boolean isEnabled() {
boolean kcEnabled = super.isEnabled(); boolean kcEnabled = super.isEnabled();
return kcEnabled && !getUserAccountControl(ldapUser).has(UserAccountControl.ACCOUNTDISABLE);
if (getPwdLastSet() > 0) {
// Merge KC and MSAD
return kcEnabled && !getUserAccountControl(ldapUser).has(UserAccountControl.ACCOUNTDISABLE);
} else {
// If new MSAD user is created and pwdLastSet is still 0, MSAD account is in disabled state. So read just from Keycloak DB. User is not able to login via MSAD anyway
return kcEnabled;
}
} }
@Override @Override