From 93fd22417bf62e00ff3a00e7b5c0c47331b23e19 Mon Sep 17 00:00:00 2001
From: meskio <meskio@sindominio.net>
Date: Wed, 17 Feb 2021 12:12:56 +0100
Subject: [PATCH] Don't login deleted users

---
 ldap/user.go | 13 +++++++++++++
 1 file changed, 13 insertions(+)

diff --git a/ldap/user.go b/ldap/user.go
index 944d4de..6b1608e 100644
--- a/ldap/user.go
+++ b/ldap/user.go
@@ -33,6 +33,10 @@ type User struct {
 
 // ValidateUser in the ldap
 func (l Ldap) ValidateUser(user string, pass string) (User, error) {
+	if err := l.deletedUser(user); err != nil {
+		return User{}, err
+	}
+
 	conn, err := l.login(user, pass)
 	if err != nil {
 		return User{}, err
@@ -52,6 +56,15 @@ func (l Ldap) ValidateUser(user string, pass string) (User, error) {
 	return newUser(entry), nil
 }
 
+func (l Ldap) deletedUser(user string) error {
+	u, err := l.GetUser(user)
+	if err == nil && u.Locked == Deleted {
+		err = fmt.Errorf("Deleted user %s", user)
+	}
+	return err
+
+}
+
 // IsUserPassUptodate will be true if the password for that user in ldap is using the latest crypto
 func (l Ldap) IsUserPassUptodate(user string) bool {
 	conn, err := l.connect()