I'm trying to update email of federated user via admin console for testing purposes, but it turns out it is not that simple to do that. Email field of the user is just disabled in UI and nothing enables it.
I tried lots of stuff here and there:
Edit username property of the realmWho can edit? and Who can view? permissions in Realm settings > User profile > Edit attribute tabBut no luck with any of those configurations.
Can anyone please point me on what I am missing?
It turns out (at least in keycloak 25) that to make it possible to create new users and update existing ones you need to switch your LDAP user federation Edit mode to UNSYNCED.
More info can be found in keycloak github