From 6631f28d92d68e4e39848038f7f263f8588aa2ac Mon Sep 17 00:00:00 2001
From: Harrison Healey <harrisonmhealey@gmail.com>
Date: Thu, 12 May 2016 12:06:26 -0400
Subject: Improved handling of edge case where an LDAP user shares a username
 with a non-LDAP user (#2980)

---
 api/user.go | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/api/user.go b/api/user.go
index 4b9c3a3c8..9e93ae779 100644
--- a/api/user.go
+++ b/api/user.go
@@ -494,8 +494,11 @@ func getUserForLogin(loginId string, onlyLdap bool) (*model.User, *model.AppErro
 		*utils.Cfg.EmailSettings.EnableSignInWithUsername && !onlyLdap,
 		*utils.Cfg.EmailSettings.EnableSignInWithEmail && !onlyLdap,
 		ldapAvailable,
-	); result.Err != nil {
-
+	); result.Err != nil && result.Err.Id == "store.sql_user.get_for_login.multiple_users" {
+		// don't fall back to LDAP in this case since we already know there's an LDAP user, but that it shouldn't work
+		result.Err.StatusCode = http.StatusBadRequest
+		return nil, result.Err
+	} else if result.Err != nil {
 		if !ldapAvailable {
 			// failed to find user and no LDAP server to fall back on
 			result.Err.StatusCode = http.StatusBadRequest
-- 
cgit v1.2.3-1-g7c22