From 1efcdabc318d8b8f326d671b12a03994571855d1 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Dani=C3=ABl=20Franke?= <df@ponc.tech>
Date: Tue, 28 Feb 2023 10:52:29 +0100
Subject: [PATCH] Make settings exclusive.

---
 pkg/utils/ldap/identity.go | 24 +++++++++++-------------
 1 file changed, 11 insertions(+), 13 deletions(-)

diff --git a/pkg/utils/ldap/identity.go b/pkg/utils/ldap/identity.go
index 641b775c80..262dfc99f7 100644
--- a/pkg/utils/ldap/identity.go
+++ b/pkg/utils/ldap/identity.go
@@ -155,20 +155,18 @@ func (i *Identity) Setup() error {
 		return fmt.Errorf("error configuring group substring filter type: %w", err)
 	}
 
-	dm := i.User.DisableMechanism
-	if dm == "" || dm == "none" || dm == "attribute" || dm == "group" {
-		if dm == "attribute" || dm == "group" {
-			if i.User.EnabledProperty == "" {
-				return fmt.Errorf("error configuring disable mechanism, enabled property not set")
-			}
+	switch i.User.DisableMechanism {
+	case "group":
+		if i.Group.LocalDisabledDN == "" {
+			return fmt.Errorf("error configuring disable mechanism, disabled group DN not set")
 		}
-		if dm == "group" {
-			if i.Group.LocalDisabledDN == "" {
-				return fmt.Errorf("error configuring disable mechanism, disabled group DN not set")
-			}
+	case "attribute":
+		if i.User.EnabledProperty == "" {
+			return fmt.Errorf("error configuring disable mechanism, enabled property not set")
 		}
-	} else {
-		return fmt.Errorf("invalid disable mechanism setting: %s", dm)
+	case "", "none":
+	default:
+		return fmt.Errorf("invalid disable mechanism setting: %s", i.User.DisableMechanism)
 	}
 
 	return nil
@@ -527,7 +525,7 @@ func (i *Identity) getUserAttributeFilter(attribute, value string) (string, erro
 }
 
 func (i *Identity) disabledFilter() string {
-	if i.User.DisableMechanism == "attribute" || i.User.DisableMechanism == "group" {
+	if i.User.DisableMechanism == "attribute" {
 		return fmt.Sprintf("(!(%s=FALSE)))", i.User.EnabledProperty)
 	}
 	return ""