From 93fd22417bf62e00ff3a00e7b5c0c47331b23e19 Mon Sep 17 00:00:00 2001 From: meskio Date: Wed, 17 Feb 2021 12:12:56 +0100 Subject: [PATCH] Don't login deleted users --- ldap/user.go | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/ldap/user.go b/ldap/user.go index 944d4de..6b1608e 100644 --- a/ldap/user.go +++ b/ldap/user.go @@ -33,6 +33,10 @@ type User struct { // ValidateUser in the ldap func (l Ldap) ValidateUser(user string, pass string) (User, error) { + if err := l.deletedUser(user); err != nil { + return User{}, err + } + conn, err := l.login(user, pass) if err != nil { return User{}, err @@ -52,6 +56,15 @@ func (l Ldap) ValidateUser(user string, pass string) (User, error) { return newUser(entry), nil } +func (l Ldap) deletedUser(user string) error { + u, err := l.GetUser(user) + if err == nil && u.Locked == Deleted { + err = fmt.Errorf("Deleted user %s", user) + } + return err + +} + // IsUserPassUptodate will be true if the password for that user in ldap is using the latest crypto func (l Ldap) IsUserPassUptodate(user string) bool { conn, err := l.connect()