From 919eea73b6134e6bc0277b7a29d8dc687ff52bf7 Mon Sep 17 00:00:00 2001
From: Christopher Speller <crspeller@gmail.com>
Date: Sun, 5 Jun 2016 02:38:36 -0400
Subject: LDAP users should not be subject to password guess limits or email
 verification (#3245)

---
 api/authentication.go | 9 ++++++---
 1 file changed, 6 insertions(+), 3 deletions(-)

diff --git a/api/authentication.go b/api/authentication.go
index d30fc0a1f..42a395253 100644
--- a/api/authentication.go
+++ b/api/authentication.go
@@ -56,9 +56,12 @@ func checkLdapUserPasswordAndAllCriteria(ldapId *string, password string, mfaTok
 		user = ldapUser
 	}
 
-	if err := checkUserAdditionalAuthenticationCriteria(user, mfaToken); err != nil {
-		err.StatusCode = http.StatusUnauthorized
-		return user, err
+	if err := checkUserMfa(user, mfaToken); err != nil {
+		return nil, err
+	}
+
+	if err := checkUserNotDisabled(user); err != nil {
+		return nil, err
 	}
 
 	// user successfully authenticated
-- 
cgit v1.2.3-1-g7c22