LDAP Import: KERBEROS_PRINCIPAL not updated when UserPrincipal changes and KERBEROS_PRINCIPAL was null on creation #41520
Description
Before reporting an issue
- I have read and understood the above terms for submitting issues, and I understand that my issue may be closed without action if I do not follow them.
Area
ldap
Describe the bug
KERBEROS_PRINCIPAL not update if it was empty on creation (mapper missing etc.)
Version
26.3.2
Regression
- The issue is a regression
Expected behavior
After configuring the mapper, and running full sync, KERBEROS_PRINCIPAL shout be updated.
Actual behavior
KERBEROS_PRINCIPAL is not update if it was null on first user import.
How to Reproduce?
- create user federation with ldap
- full sync users
- configure kerberos on federation and add kerberos-principal-attribute-mapper
- full sync users
Anything else?
I think this is coused by this check:
https://github.com/keycloak/keycloak/blob/26.3.2/federation/ldap/src/main/java/org/keycloak/storage/ldap/mappers/KerberosPrincipalAttributeMapper.java#L42C47-L42C69
I don't know why to check this before updating.