KEYCLOAK-11802 Simplifying logic for determining disabled status (#6416)
* KEYCLOAK-11802 Simplifying logic for determining disabled status
This commit is contained in:
parent
d7a0597b1d
commit
e018ca3e29
1 changed files with 1 additions and 8 deletions
|
@ -218,14 +218,7 @@ public class MSADUserAccountControlStorageMapper extends AbstractLDAPStorageMapp
|
||||||
@Override
|
@Override
|
||||||
public boolean isEnabled() {
|
public boolean isEnabled() {
|
||||||
boolean kcEnabled = super.isEnabled();
|
boolean kcEnabled = super.isEnabled();
|
||||||
|
return kcEnabled && !getUserAccountControl(ldapUser).has(UserAccountControl.ACCOUNTDISABLE);
|
||||||
if (getPwdLastSet() > 0) {
|
|
||||||
// Merge KC and MSAD
|
|
||||||
return kcEnabled && !getUserAccountControl(ldapUser).has(UserAccountControl.ACCOUNTDISABLE);
|
|
||||||
} else {
|
|
||||||
// If new MSAD user is created and pwdLastSet is still 0, MSAD account is in disabled state. So read just from Keycloak DB. User is not able to login via MSAD anyway
|
|
||||||
return kcEnabled;
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
|
|
Loading…
Reference in a new issue