Hi, Just checking if I have got this right. Our scenario is that we have set up an LDAP user federation from Keycloak to Active Directory. We map the username in Keycloak to the userPrincipalName attribute in MSAD. As is common the full DN in MSAD starts with the username. E.g. CN=edgar(a)info.nl,OU=Users,OU=Customers,DC=hf,DC=info,DC=nl Now when I change the username from Keycloak I see that the userPrincipalName attribute is updated, however the DN remains the same. If I look in the Keycloak source code it seems indeed that a user DN is only set once on creation of the user (LDAPUtils#addUserToLDAP). We would like renaming of the user in Keycloak to result in a renaming of the DN in MSAD/LDAP as well. Shall I create a JIRA feature request for this? cheers Edgar _______________________________________________ keycloak-user mailing list keycloak-user(a)lists.jboss.org https://lists.jboss.org/mailman/listinfo/keycloak-user