Keycloak 15.0.2 Changed-User-Sync Problem


  • Containerized Keycloak 15.0.2 , ran for two years , with Ldap-Federation (Edit Mode: Unsynched) uses Infinispan, two Replicas.
  • Installed Keycloak 15.0.2 locally, same Ldap-Federation-Config, Imported all Users.

Checked for disabled Users in the Active-Directory. Found 6.
Checked if they are really disabled in both Keycloaks UIs → Positive. Lets go:

  1. Enabled the six Users.
  2. Waited a little bit
  3. Triggered the Changed-User-Sync
  4. Message on Top: 6 Updated Users
  5. Locally Keycloak got every User enabled → Looks good.
  6. Containerized Keycloak got 1 in 6 right → Why?

This is the question. And we don’t have clue right now, why it behaves, how it behaves, except of vague ideas like cache etc.