From c5014a7f2c4a263818269216d16d6f21b008cd17 Mon Sep 17 00:00:00 2001
From: zeripath <art27@cantab.net>
Date: Mon, 20 Jan 2020 03:47:39 +0000
Subject: Add option to prevent LDAP from deactivating everything on empty
 search (#9879)

* Add option to prevent LDAP from deactivating everything on empty search

* Update options/locale/locale_en-US.ini

Co-Authored-By: guillep2k <18600385+guillep2k@users.noreply.github.com>

Co-authored-by: guillep2k <18600385+guillep2k@users.noreply.github.com>
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
---
 cmd/admin_auth_ldap.go | 7 +++++++
 1 file changed, 7 insertions(+)

(limited to 'cmd/admin_auth_ldap.go')

diff --git a/cmd/admin_auth_ldap.go b/cmd/admin_auth_ldap.go
index cce3aa894f..e869686cbd 100644
--- a/cmd/admin_auth_ldap.go
+++ b/cmd/admin_auth_ldap.go
@@ -61,6 +61,10 @@ var (
 			Name:  "admin-filter",
 			Usage: "An LDAP filter specifying if a user should be given administrator privileges.",
 		},
+		cli.BoolFlag{
+			Name:  "allow-deactivate-all",
+			Usage: "Allow empty search results to deactivate all users.",
+		},
 		cli.StringFlag{
 			Name:  "username-attribute",
 			Usage: "The attribute of the user’s LDAP record containing the user name.",
@@ -231,6 +235,9 @@ func parseLdapConfig(c *cli.Context, config *models.LDAPConfig) error {
 	if c.IsSet("admin-filter") {
 		config.Source.AdminFilter = c.String("admin-filter")
 	}
+	if c.IsSet("allow-deactivate-all") {
+		config.Source.AllowDeactivateAll = c.Bool("allow-deactivate-all")
+	}
 	return nil
 }
 
-- 
cgit v1.2.3