I have configured Active Directory User Federation with Keycloak 11.0.3 (also tried 19.0.3). Users that are disabled in Active Directory with “User must change password at next login will appear as enabled” checked will be imported as enabled. Is there a workaround to make all to import Active directory Users with this setting as disabled, or a way to prevent importing any disabled Active Directory Users?
`{
"id": "be4128b4-1c4c-4290-943c-c955cebd3152",
"name": "Active Directory Config",
"providerId": "ldap",
"providerType": "org.keycloak.storage.UserStorageProvider",
"parentId": "xxxx",
"config": {
"pagination": [
"true"
],
"fullSyncPeriod": [
"-1"
],
"startTls": [
"false"
],
"connectionPooling": [
"true"
],
"usersDn": [
"xxxx"
],
"cachePolicy": [
"NO_CACHE"
],
"useKerberosForPasswordAuthentication": [
"false"
],
"importEnabled": [
"true"
],
"enabled": [
"false"
],
"changedSyncPeriod": [
"-1"
],
"bindDn": [
"xxxx"
],
"usernameLDAPAttribute": [
"mail"
],
"bindCredential": [
"**********"
],
"vendor": [
"ad"
],
"uuidLDAPAttribute": [
"objectGUID"
],
"allowKerberosAuthentication": [
"false"
],
"connectionUrl": [
"xxxx"
],
"syncRegistrations": [
"false"
],
"authType": [
"simple"
],
"debug": [
"false"
],
"searchScope": [
"1"
],
"useTruststoreSpi": [
"ldapsOnly"
],
"trustEmail": [
"false"
],
"priority": [
"0"
],
"userObjectClasses": [
"person, organizationalPerson, user"
],
"rdnLDAPAttribute": [
"cn"
],
"editMode": [
"UNSYNCED"
],
"validatePasswordPolicy": [
"false"
],
"batchSizeForSync": [
"1000"
]
}
}`