Only fail auth for non-LDAP users if password handling is enabled

66d244f0 · Nik | Klampfradler · Tom Teichler · 7d022176 · 66d244f0
Commit 66d244f0 authored 4 years ago by Nik | Klampfradler Committed by Tom Teichler 4 years ago
--- a/aleksis/core/util/ldap.py
+++ b/aleksis/core/util/ldap.py
@@ -20,13 +20,13 @@ class LDAPBackend(_LDAPBackend):
        Django database in order to not require it to have global admin permissions
        on the LDAP directory.
        """
-        user = ldap_user.authenticate(password)
-
-        if not user:
-            # Fail early and do not try other backends
-            raise PermissionDenied("LDAP failed to authenticate user")
+        user = super().authenticate_ldap_user(ldap_user, password)

        if self.settings.SET_USABLE_PASSWORD:
+            if not user:
+                # Fail early and do not try other backends
+                raise PermissionDenied("LDAP failed to authenticate user")
+
            # Set a usable password so users can change their LDAP password
            user.set_password(password)
            user.save()