Fixed ldap adv. perms continues apliying when autocreate remote is unselected by cheking it on user login

Former-commit-id: ca6a8a1217ec41d7edadf971e935d506ad9e0cff
2019-02-27 17:23:59 +01:00 · 2019-02-27 17:23:59 +01:00 · f6b6073a16
parent 65b89f6688
commit f6b6073a16
1 changed files with 32 additions and 29 deletions
--- a/pandora_console/include/auth/mysql.php
+++ b/pandora_console/include/auth/mysql.php
@ -282,39 +282,42 @@ function process_user_login_remote($login, $pass, $api=false)
                }
            }
        } else if ($config['auth'] === 'ldap') {
-            if ($config['ldap_save_password']) {
+            // Check if autocreate  remote users is active.
-                $update_credentials = change_local_user_pass_ldap($login, $pass);
+            if ($config['autocreate_remote_users'] == 1) {
                if ($config['ldap_save_password']) {
                    $update_credentials = change_local_user_pass_ldap($login, $pass);
-                if ($update_credentials) {
+                    if ($update_credentials) {
                    $config['auth_error'] = __('Your permissions have changed. Please, login again.');
                    return false;
                }
            } else {
                delete_user_pass_ldap($login);
            }
            $permissions = fill_permissions_ldap($sr);
            if (empty($permissions)) {
                $config['auth_error'] = __('User not found in database or incorrect password');
                return false;
            } else {
                // check permissions
                $result = check_permission_ad(
                    $login,
                    $pass,
                    false,
                    $permissions,
                    defined('METACONSOLE')
                );
                if ($return === 'error_permissions') {
                    $config['auth_error'] = __('Problems with configuration permissions. Please contact with Administrator');
                    return false;
                } else {
                    if ($return === 'permissions_changed') {
                        $config['auth_error'] = __('Your permissions have changed. Please, login again.');
                        return false;
                    }
                } else {
                    delete_user_pass_ldap($login);
                }
                $permissions = fill_permissions_ldap($sr);
                if (empty($permissions)) {
                    $config['auth_error'] = __('User not found in database or incorrect password');
                    return false;
                } else {
                    // check permissions
                    $result = check_permission_ad(
                        $login,
                        $pass,
                        false,
                        $permissions,
                        defined('METACONSOLE')
                    );
                    if ($return === 'error_permissions') {
                        $config['auth_error'] = __('Problems with configuration permissions. Please contact with Administrator');
                        return false;
                    } else {
                        if ($return === 'permissions_changed') {
                            $config['auth_error'] = __('Your permissions have changed. Please, login again.');
                            return false;
                        }
                    }
                }
            }
        }