Inhibit profile changes/override from OAuth always

[qsuscs]

Feature Description

We are trying to switch from direct LDAP/AD auth to OAuth/OIDC via Keycloak. The former allowed us to disable changing one’s profile information (which would get overridden from AD anyway), including password. I would like to have the same functionality here.

From a quick glance at the code, it does not seem too complicated and I might end up dropping a patch, but I’m not experienced with PHP.

[splitbrain]

couple of things:

• when using authAD, changing profile information changes it in AD thus your comment on it being overwritten by AD makes no sense
• oauth keeps a copy of user data in a local file for offline access
• IIRC the only info users can change is their display name and their oauth group memberships (managing which oauth providers to allow)
• the overwrite-groups option makes sure that groups are always updated from upstream

So I guess an option to prevent users from editing their real name could be introduced. We would also need to update it on reauthentication.