Multidomain authorization and SSO via keycloak with kerberos

Hey everyone.
How to configure keycloak if there are the same user logins in different LDAP servers with Kerberos integration ?
We configured user federation: selected ldap provider, configured parameters, set the value of Username LDAP attribute with sAMAccountName, configured Kerberos integration. We got users with short logins (sAMAccountNames). If we connect to another LDAP server that has the same short logins, we get “user exists” error.
We can solve the import problem if we use userPrincipalName attribute in LDAP settings, but in this case end-to-end authorization with kerberos does not work correctly: users enter their sAMAccountNames, keycloak can’t match them with userPrincipalNames and send users to login window.
How can we solve the problem?
It is not allowed to change LDAP server settings.

Hello, I have the same issue. Thanks for the pointer to the userPrincipalName.
I would like to see a solution using sAMAccountName too though.

Currently not even the priority of the LDAPs seems to matter. When there are conflicting (identical) usernames, the user can not log in at all and keycloak will log a failed login attempt.