Improved handling of edge case where an LDAP user shares a username with a non-LDAP user (#2980)

2025-02-25 18:55:24 -06:00 · 2016-05-12 12:06:26 -04:00
parent 04dfa2a9eb
commit 6631f28d92
1 changed files with 5 additions and 2 deletions
--- a/api/user.go
+++ b/api/user.go
@@ -494,8 +494,11 @@ func getUserForLogin(loginId string, onlyLdap bool) (*model.User, *model.AppErro
 		*utils.Cfg.EmailSettings.EnableSignInWithUsername && !onlyLdap,
 		*utils.Cfg.EmailSettings.EnableSignInWithEmail && !onlyLdap,
 		ldapAvailable,
-	); result.Err != nil {
-
+	); result.Err != nil && result.Err.Id == "store.sql_user.get_for_login.multiple_users" {
+		// don't fall back to LDAP in this case since we already know there's an LDAP user, but that it shouldn't work
+		result.Err.StatusCode = http.StatusBadRequest
+		return nil, result.Err
+	} else if result.Err != nil {
 		if !ldapAvailable {
 			// failed to find user and no LDAP server to fall back on
 			result.Err.StatusCode = http.StatusBadRequest