[keycloak-user] E-mail as username with LDAP federation

Hello, I have a realm with this configuration: - User registration allowed, E-mail as username enabled - LDAP user federation with Kerberos enabled, sAMAccountName attribute mapped to username, mail attribute mapped to user's e-mail The problem is that when user updates his profile through account form, username is rewritten and the value of e-mail address is set to the username attribute. User is then invalidated and deleted, because the usernames in Keycloak and LDAP do not match. Is my realm configuration supposed to work correctly? Or I must have mail attribute from LDAP mapped to both username and e-mail in Keycloak to keep it consistent? Thanks Martin