From c11c5e61c9d456678018d056d52c3624fb325a09 Mon Sep 17 00:00:00 2001
From: Jason Volk <jason@zemos.net>
Date: Thu, 24 Apr 2025 13:01:02 +0000
Subject: [PATCH] bypass emergency-password feature when ldap enabled

Signed-off-by: Jason Volk <jason@zemos.net>
---
 src/service/emergency/mod.rs | 22 ++++++++++++++++++----
 1 file changed, 18 insertions(+), 4 deletions(-)

diff --git a/src/service/emergency/mod.rs b/src/service/emergency/mod.rs
index e47067ea..ef5ccc09 100644
--- a/src/service/emergency/mod.rs
+++ b/src/service/emergency/mod.rs
@@ -7,7 +7,7 @@ use ruma::{
 	},
 	push::Ruleset,
 };
-use tuwunel_core::{Result, error, warn};
+use tuwunel_core::{Result, debug_warn, error, warn};
 
 use crate::{Dep, account_data, config, globals, users};
 
@@ -37,16 +37,30 @@ impl crate::Service for Service {
 	}
 
 	async fn worker(self: Arc<Self>) -> Result {
+		if self
+			.services
+			.config
+			.emergency_password
+			.as_ref()
+			.is_none_or(String::is_empty)
+		{
+			return Ok(());
+		}
+
 		if self.services.globals.is_read_only() {
+			debug_warn!("emergency password feature ignored in read_only mode.");
+			return Ok(());
+		}
+
+		if self.services.config.ldap.enable {
+			warn!("emergency password feature not available with LDAP enabled.");
 			return Ok(());
 		}
 
 		self.set_emergency_access()
 			.await
 			.inspect_err(|e| {
-				error!(
-					"Could not set the configured emergency password for the server user: {e}"
-				);
+				error!("Failed to set the emergency password for the server user: {e}");
 			})
 	}