Changing LDAP behavour so users disabled in LDAP server are disabled in Mattermost. (#3669)

api/user.go

@@ -1608,14 +1608,21 @@ func updateActive(c *Context, w http.ResponseWriter, r *http.Request) {
 		return
 	}
 
-	ruser := UpdateActive(c, user, active)
+	if user.IsLDAPUser() {
+		c.Err = model.NewLocAppError("updateActive", "api.user.update_active.no_deactivate_ldap.app_error", nil, "userId="+user_id)
+		c.Err.StatusCode = http.StatusBadRequest
+		return
+	}
 
-	if c.Err == nil {
+	if ruser, err := UpdateActive(user, active); err != nil {
+		c.Err = err
+	} else {
+		c.LogAuditWithUserId(ruser.Id, fmt.Sprintf("active=%v", active))
 		w.Write([]byte(ruser.ToJson()))
 	}
 }
 
-func UpdateActive(c *Context, user *model.User, active bool) *model.User {
+func UpdateActive(user *model.User, active bool) (*model.User, *model.AppError) {
 	if active {
 		user.DeleteAt = 0
 	} else {
@@ -1623,24 +1630,21 @@ func UpdateActive(c *Context, user *model.User, active bool) *model.User {
 	}
 
 	if result := <-Srv.Store.User().Update(user, true); result.Err != nil {
-		c.Err = result.Err
-		return nil
+		return nil, result.Err
 	} else {
-		c.LogAuditWithUserId(user.Id, fmt.Sprintf("active=%v", active))
-
 		if user.DeleteAt > 0 {
-			RevokeAllSession(c, user.Id)
+			RevokeAllSessionsNoContext(user.Id)
 		}
 
 		if extra := <-Srv.Store.Channel().ExtraUpdateByUser(user.Id, model.GetMillis()); extra.Err != nil {
-			c.Err = extra.Err
+			return nil, extra.Err
 		}
 
 		ruser := result.Data.([2]*model.User)[0]
 		options := utils.Cfg.GetSanitizeOptions()
 		options["passwordupdate"] = false
 		ruser.Sanitize(options)
-		return ruser
+		return ruser, nil
 	}
 }
 
@@ -1653,7 +1657,9 @@ func PermanentDeleteUser(c *Context, user *model.User) *model.AppError {
 		l4g.Warn(utils.T("api.user.permanent_delete_user.system_admin.warn"), user.Email)
 	}
 
-	UpdateActive(c, user, false)
+	if _, err := UpdateActive(user, false); err != nil {
+		return err
+	}
 
 	if result := <-Srv.Store.Session().PermanentDeleteSessionsByUser(user.Id); result.Err != nil {
 		return result.Err

i18n/en.json

@@ -1899,6 +1899,10 @@
     "id": "api.user.update_active.permissions.app_error",
     "translation": "You do not have the appropriate permissions"
   },
+  {
+    "id": "api.user.update_active.no_deactivate_ldap.app_error",
+    "translation": "You can not modify the activation status of LDAP accounts. Please modify through the LDAP server."
+  },
   {
     "id": "api.user.update_mfa.not_available.app_error",
     "translation": "MFA not configured or available on this server"

webapp/components/admin_console/user_item.jsx

@@ -260,6 +260,11 @@ export default class UserItem extends React.Component {
             showMakeNotActive = false;
         }
 
+        let disableActivationToggle = false;
+        if (user.auth_service === Constants.LDAP_SERVICE) {
+            disableActivationToggle = true;
+        }
+
         let makeSystemAdmin = null;
         if (showMakeSystemAdmin) {
             makeSystemAdmin = (
@@ -332,10 +337,18 @@ export default class UserItem extends React.Component {
             );
         }
 
+        let menuClass = '';
+        if (disableActivationToggle) {
+            menuClass = 'disabled';
+        }
+
         let makeActive = null;
         if (showMakeActive) {
             makeActive = (
-                <li role='presentation'>
+                <li
+                    role='presentation'
+                    className={menuClass}
+                >
                     <a
                         role='menuitem'
                         href='#'
@@ -353,7 +366,10 @@ export default class UserItem extends React.Component {
         let makeNotActive = null;
         if (showMakeNotActive) {
             makeNotActive = (
-                <li role='presentation'>
+                <li
+                    role='presentation'
+                    className={menuClass}
+                >
                     <a
                         role='menuitem'
                         href='#'