[keycloak-dev] Support for password-only sync in user federation

Hello Keycloak Developers, at the end of the recent DevNation Live session [1] A Deep Dive into Keycloak a user asked whether it would be possible to only sync password changes back with a federated user store like LDAP or Kerberos. This would be very useful in integration scenarios where the user directory admins want to keep control over user profiles. I looked at the code and it seems that one needed to add a new UserStorageProvider.EditMode like PASSWORD_ONLY and update the updateCredential [2] Methods accordingly to allow credential updates. Would this be sufficient or am I missing something? Cheers, Thomas [1] https://www.youtube.com/watch?list=PLuWlr4oKSRUZj3ax5zG_t9KE6uwTb_0rU&... [2] org.keycloak.storage.ldap.LDAPStorageProvider#updateCredential (and similar methods for other providers)