From 4f9875f8956cef23e5a0d30a30346e226fcec37d Mon Sep 17 00:00:00 2001
From: Aaron Tan <jangsutsr@gmail.com>
Date: Thu, 18 May 2017 16:39:58 -0400
Subject: [PATCH] Prevent LDAP user from imposing existing Tower user.

---
 awx/sso/backends.py | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/awx/sso/backends.py b/awx/sso/backends.py
index 56b710a6f1..201efba5a8 100644
--- a/awx/sso/backends.py
+++ b/awx/sso/backends.py
@@ -90,6 +90,12 @@ class LDAPBackend(BaseLDAPBackend):
         if not feature_enabled('ldap'):
             logger.error("Unable to authenticate, license does not support LDAP authentication")
             return None
+        try:
+            user = User.objects.get(username=username)
+            if user and (not user.profile or not user.profile.ldap_dn):
+                return None
+        except User.DoesNotExist:
+            pass
         try:
             return super(LDAPBackend, self).authenticate(username, password)
         except Exception: