prevent global admins to log in remotely
This commit is contained in:
alejandro.campos@artica.es
parent
b70ca89af2
commit
40aec564af
|
|
@ -218,6 +218,11 @@ function process_user_login_remote($login, $pass, $api=false)
|
||||||
switch ($config['auth']) {
|
switch ($config['auth']) {
|
||||||
// LDAP
|
// LDAP
|
||||||
case 'ldap':
|
case 'ldap':
|
||||||
|
// Use local authentication if user is global admin.
|
||||||
|
if (is_user_admin($login) === true) {
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
|
||||||
$sr = ldap_process_user_login($login, $pass);
|
$sr = ldap_process_user_login($login, $pass);
|
||||||
|
|
||||||
if (!$sr) {
|
if (!$sr) {
|
||||||
|
|
@ -227,6 +232,11 @@ function process_user_login_remote($login, $pass, $api=false)
|
||||||
|
|
||||||
// Active Directory
|
// Active Directory
|
||||||
case 'ad':
|
case 'ad':
|
||||||
|
// Use local authentication if user is global admin.
|
||||||
|
if (is_user_admin($login) === true) {
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
|
||||||
if (enterprise_hook('ad_process_user_login', [$login, $pass]) === false) {
|
if (enterprise_hook('ad_process_user_login', [$login, $pass]) === false) {
|
||||||
$config['auth_error'] = 'User not found in database or incorrect password';
|
$config['auth_error'] = 'User not found in database or incorrect password';
|
||||||
return false;
|
return false;
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue