Prevent LDAP user from imposing existing Tower user.

2026-02-26 15:36:04 -03:30 · 2017-05-18 16:39:58 -04:00
parent 7c2e5df659
commit 4f9875f895
1 changed files with 6 additions and 0 deletions
--- a/awx/sso/backends.py
+++ b/awx/sso/backends.py
@@ -90,6 +90,12 @@ class LDAPBackend(BaseLDAPBackend):
        if not feature_enabled('ldap'):
            logger.error("Unable to authenticate, license does not support LDAP authentication")
            return None
+        try:
+            user = User.objects.get(username=username)
+            if user and (not user.profile or not user.profile.ldap_dn):
+                return None
+        except User.DoesNotExist:
+            pass
        try:
            return super(LDAPBackend, self).authenticate(username, password)
        except Exception: