Prevent LDAP user from imposing existing Tower user.

2026-01-11 10:00:01 -03:30 · 2017-05-18 16:39:58 -04:00 · 2017-05-18 16:39:58 -04:00 · 4f9875f895
commit 4f9875f895
parent 7c2e5df659
1 changed files with 6 additions and 0 deletions
--- a/awx/sso/backends.py
+++ b/awx/sso/backends.py
@ -90,6 +90,12 @@ class LDAPBackend(BaseLDAPBackend):
        if not feature_enabled('ldap'):
            logger.error("Unable to authenticate, license does not support LDAP authentication")
            return None
+        try:
+            user = User.objects.get(username=username)
+            if user and (not user.profile or not user.profile.ldap_dn):
+                return None
+        except User.DoesNotExist:
+            pass
        try:
            return super(LDAPBackend, self).authenticate(username, password)
        except Exception: