From 78eb0444ae54c6e890245dfeca3f7331fa983cdc Mon Sep 17 00:00:00 2001
From: Ryan Petrello <rpetrell@redhat.com>
Date: Fri, 27 Jul 2018 22:37:40 -0400
Subject: [PATCH] fix a bug that causes orphaned auth_user rows when LDAP is
 misconfigured

see: https://github.com/ansible/tower/issues/2465
---
 awx/sso/backends.py | 11 ++++++++++-
 1 file changed, 10 insertions(+), 1 deletion(-)

diff --git a/awx/sso/backends.py b/awx/sso/backends.py
index 1385f81db2..93d7329d5f 100644
--- a/awx/sso/backends.py
+++ b/awx/sso/backends.py
@@ -13,11 +13,13 @@ from django.dispatch import receiver
 from django.contrib.auth.models import User
 from django.conf import settings as django_settings
 from django.core.signals import setting_changed
+from django.utils.translation import ugettext_lazy as _
 
 # django-auth-ldap
 from django_auth_ldap.backend import LDAPSettings as BaseLDAPSettings
 from django_auth_ldap.backend import LDAPBackend as BaseLDAPBackend
 from django_auth_ldap.backend import populate_user
+from django.core.exceptions import ImproperlyConfigured
 
 # radiusauth
 from radiusauth.backends import RADIUSBackend as BaseRADIUSBackend
@@ -107,7 +109,14 @@ class LDAPBackend(BaseLDAPBackend):
         except User.DoesNotExist:
             pass
         try:
-            return super(LDAPBackend, self).authenticate(username, password)
+            user = super(LDAPBackend, self).authenticate(username, password)
+            try:
+                user.ldap_user._get_groups().get_group_dns()
+            except ImproperlyConfigured:
+                logger.exception(_("Encountered an error populating user {} from LDAP").format(user.username))
+                user.delete()
+                raise
+            return user
         except Exception:
             logger.exception("Encountered an error authenticating to LDAP")
             return None