Index: chrome/browser/chromeos/login/existing_user_controller.cc |
diff --git a/chrome/browser/chromeos/login/existing_user_controller.cc b/chrome/browser/chromeos/login/existing_user_controller.cc |
index 40e3b8386c317a89d954657e3b7776fa520f8e10..e667b765d141cd077af0e39a11022603b795f663 100644 |
--- a/chrome/browser/chromeos/login/existing_user_controller.cc |
+++ b/chrome/browser/chromeos/login/existing_user_controller.cc |
@@ -445,6 +445,15 @@ void ExistingUserController::PerformLogin( |
login_performer_.reset(nullptr); |
login_performer_.reset(new ChromeLoginPerformer(this)); |
} |
+ policy::BrowserPolicyConnectorChromeOS* connector = |
+ g_browser_process->platform_part()->browser_policy_connector_chromeos(); |
+ if (connector->IsActiveDirectoryManaged() && |
+ user_context.GetAuthFlow() != UserContext::AUTH_FLOW_ACTIVE_DIRECTORY) { |
+ PerformLoginFinishedActions(false /* don't start auto login timer */); |
+ ShowError(IDS_LOGIN_ERROR_ACTIVE_DIRECTORY_ONLY, |
+ "Active Directory accounts only allowed on the device"); |
+ return; |
+ } |
if (gaia::ExtractDomainName(user_context.GetAccountId().GetUserEmail()) == |
user_manager::kSupervisedUserDomain) { |