Syncing the enabled attribute to LDAP Backend

Hello all! I am currently using Keycloak as my main authentication service for all of my services on my domain, using the LDAP Backend to sync users from Keycloak to LDAP so services that don’t have access to SAML or OpenID / wouldn’t make sense to add (services like IMAP and SMTP logins) can still use the federated logins. I’d like to sync the attribute set by the User enabled switch to the LDAP backend, but currently the LDAP backend will always overwrite the value set in the Keycloak DB. It’s the same issue as seen here. Is there anyway to have the Keycloak DB take precedence over the LDAP Backend?

It would make my workflow much easier than editing the LDAP users directly whenever I need to disable them without deleting them entirely.

Yes, You can do this using user federation in import users in Unsync mode which imoprt users once and will not update the user back in LDAP. But there is one drawback of this mode is that if you want to update users back in LDAP then you have to agian import users from keycloak DB to LDAP.