From f9b7c1e0b9970a203630ae8fc85ba49e33937a97 Mon Sep 17 00:00:00 2001
From: Jason Volk <jason@zemos.net>
Date: Tue, 13 May 2025 22:07:18 +0000
Subject: [PATCH] Create ldap user only after successful login attempt.

Signed-off-by: Jason Volk <jason@zemos.net>
---
 src/api/client/session.rs | 13 +++++++------
 1 file changed, 7 insertions(+), 6 deletions(-)

diff --git a/src/api/client/session.rs b/src/api/client/session.rs
index 96d632e7..f06af22a 100644
--- a/src/api/client/session.rs
+++ b/src/api/client/session.rs
@@ -110,6 +110,12 @@ async fn ldap_login(
 		},
 	};
 
+	let user_id = services
+		.users
+		.auth_ldap(&user_dn, password)
+		.await
+		.map(|()| lowercased_user_id.to_owned())?;
+
 	// LDAP users are automatically created on first login attempt. This is a very
 	// common feature that can be seen on many services using a LDAP provider for
 	// their users (synapse, Nextcloud, Jellyfin, ...).
@@ -124,12 +130,7 @@ async fn ldap_login(
 			.await?;
 	}
 
-	debug!("{user_dn:?} {password:?}");
-	services
-		.users
-		.auth_ldap(&user_dn, password)
-		.await
-		.map(|()| lowercased_user_id.to_owned())
+	Ok(user_id)
 }
 
 /// # `POST /_matrix/client/v3/login`