From f6b6073a16d85207e7d4f26780e2dad5d65610d0 Mon Sep 17 00:00:00 2001
From: Luis Calvo <luis.calvo@artica.es>
Date: Wed, 27 Feb 2019 17:23:59 +0100
Subject: [PATCH] Fixed ldap adv. perms continues apliying when autocreate
 remote is unselected by cheking it on user login

Former-commit-id: ca6a8a1217ec41d7edadf971e935d506ad9e0cff
---
 pandora_console/include/auth/mysql.php | 61 ++++++++++++++------------
 1 file changed, 32 insertions(+), 29 deletions(-)

diff --git a/pandora_console/include/auth/mysql.php b/pandora_console/include/auth/mysql.php
index aab0b4c9e4..c4b8fc9840 100644
--- a/pandora_console/include/auth/mysql.php
+++ b/pandora_console/include/auth/mysql.php
@@ -282,39 +282,42 @@ function process_user_login_remote($login, $pass, $api=false)
                 }
             }
         } else if ($config['auth'] === 'ldap') {
-            if ($config['ldap_save_password']) {
-                $update_credentials = change_local_user_pass_ldap($login, $pass);
+            // Check if autocreate  remote users is active.
+            if ($config['autocreate_remote_users'] == 1) {
+                if ($config['ldap_save_password']) {
+                    $update_credentials = change_local_user_pass_ldap($login, $pass);
 
-                if ($update_credentials) {
-                    $config['auth_error'] = __('Your permissions have changed. Please, login again.');
-                    return false;
-                }
-            } else {
-                delete_user_pass_ldap($login);
-            }
-
-            $permissions = fill_permissions_ldap($sr);
-            if (empty($permissions)) {
-                $config['auth_error'] = __('User not found in database or incorrect password');
-                return false;
-            } else {
-                // check permissions
-                $result = check_permission_ad(
-                    $login,
-                    $pass,
-                    false,
-                    $permissions,
-                    defined('METACONSOLE')
-                );
-
-                if ($return === 'error_permissions') {
-                    $config['auth_error'] = __('Problems with configuration permissions. Please contact with Administrator');
-                    return false;
-                } else {
-                    if ($return === 'permissions_changed') {
+                    if ($update_credentials) {
                         $config['auth_error'] = __('Your permissions have changed. Please, login again.');
                         return false;
                     }
+                } else {
+                    delete_user_pass_ldap($login);
+                }
+
+                $permissions = fill_permissions_ldap($sr);
+                if (empty($permissions)) {
+                    $config['auth_error'] = __('User not found in database or incorrect password');
+                    return false;
+                } else {
+                    // check permissions
+                    $result = check_permission_ad(
+                        $login,
+                        $pass,
+                        false,
+                        $permissions,
+                        defined('METACONSOLE')
+                    );
+
+                    if ($return === 'error_permissions') {
+                        $config['auth_error'] = __('Problems with configuration permissions. Please contact with Administrator');
+                        return false;
+                    } else {
+                        if ($return === 'permissions_changed') {
+                            $config['auth_error'] = __('Your permissions have changed. Please, login again.');
+                            return false;
+                        }
+                    }
                 }
             }
         }