Allows login for deleted users in master/slave setup

[debfx]

When using a master/slave (ldap/serial) setup ajaxplorer allows users to login even after they have been deleted from LDAP.

The users gets a local (= serial) account when he logs in once.
checkPassword() in plugins/auth.multi/class.multiAuthDriver.php checks both drivers so when logging in though the master authentication fails he still can use the slave (= serial) authentication.

My suggestions would be to limit slave authentication in a master/slave setup to special accounts like the default "admin" user and users with the profile "shared" and "guest".
I have a patch for this if you think this is a sane solution.

I am using ajaxplorer 4.3.1.

[cdujeu]

Indeed, that would make sense IMO. Can you submit a pull request? Best would be to have a specific auth.multi parameter that would cover both cases

[debfx]

I've created a pull request with a solution that tracks if the user has been created by authenticating to the master auth plugin.
This should be a more clean solution as it avoids hardcoding profile or account names that are allowed.