Was looking at LDAPFederationProvider today and thinking about how it would be ported to new model. * I think it may be possible to re-use most of the code. The code currently assumes that the UserModel is imported into keycloak local storage. What I think we can do is have an in-memory implementation of UserModel. If import is disabled, we create an instance of this pojo. This becomes a delegate, and we execute the import logic for mappers. Proxy would also be called and just proxy the pojo instance. * we get rid of the "always read from LDAP" option. For the new model, users will be cached. If the cache is hit, then the provider is never hit. Since we now have cache policies per UserStorageProvider, I don't think its an issue to remove this feature. Devil is in the details, but I don't think this will be that bad. Its just a matter of converting things to use the ComponentModel