That is not true, a user imported from LDAP is not marked as a local user:
sonar=# select id,login,external_identity_provider,user_local from users;
id | login | external_identity_provider | user_local
----+--------------+----------------------------+------------
2 | pwagland | sonarqube | f
1 | admin | sonarqube | t
As you can see, admin has 'user_local' 't', I have it as 'f'. If that value is 't' then it will always use the local password stored in SonarQube, meaning that you cannot use the password from AD anymore. If I try to create this user with the web-api, then that flag is always 't', and cannot be changed, short of connecting directly to the database. Additionally, I also have to provide a password, which I don't want, since it shouldn't be used anyway.
Cheers,
Paul