--- loncom/interface/loncreateuser.pm	2015/09/04 18:07:07	1.406
+++ loncom/interface/loncreateuser.pm	2016/09/18 18:10:54	1.406.2.3
@@ -1,7 +1,7 @@
 # The LearningOnline Network with CAPA
 # Create a user
 #
-# $Id: loncreateuser.pm,v 1.406 2015/09/04 18:07:07 raeburn Exp $
+# $Id: loncreateuser.pm,v 1.406.2.3 2016/09/18 18:10:54 raeburn Exp $
 #
 # Copyright Michigan State University Board of Trustees
 #
@@ -813,7 +813,7 @@ sub entry_form {
     }
     my $cancreate =
         &Apache::lonuserutils::can_create_user($dom,$context,$usertype);
-    my $userpicker = 
+    my ($userpicker,$cansearch) = 
        &Apache::loncommon::user_picker($dom,$srch,$forcenewuser,
                                        'document.crtuser',$cancreate,$usertype);
     my $srchbutton = &mt('Search');
@@ -822,7 +822,9 @@ sub entry_form {
     } elsif ($cancreate && $responsemsg ne '' && $inexact) {
         $srchbutton = &mt('Search or Add New User');
     }
-    my $output = <<"ENDBLOCK";
+    my $output;
+    if ($cansearch) {
+        $output = <<"ENDBLOCK";
 <form action="/adm/createuser" method="post" name="crtuser">
 <input type="hidden" name="action" value="$env{'form.action'}" />
 <input type="hidden" name="phase" value="get_user_info" />
@@ -830,6 +832,9 @@ $userpicker
 <input name="userrole" type="button" value="$srchbutton" onclick="javascript:validateEntry(document.crtuser)" />
 </form>
 ENDBLOCK
+    } else {
+        $output = '<p>'.$userpicker.'</p>';
+    }
     if ($env{'form.phase'} eq '') {
         my $defdom=$env{'request.role.domain'};
         my $domform = &Apache::loncommon::select_dom_form($defdom,'srchdomain');
@@ -2244,8 +2249,8 @@ sub personal_data_display {
                    '<input type="text" name="uname" size="25" value="" autocomplete="off" />';
         $rowcount ++;
         $output .= &Apache::lonhtmlcommon::row_closure(1);
-        my $upassone = '<input type="password" name="upass'.$now.'" size="10" autocomplete="off" />';
-        my $upasstwo = '<input type="password" name="upasscheck'.$now.'" size="10" autocomplete="off" />';
+        my $upassone = '<input type="password" name="upass'.$now.'" size="20" autocomplete="off" />';
+        my $upasstwo = '<input type="password" name="upasscheck'.$now.'" size="20" autocomplete="off" />';
         $output .= &Apache::lonhtmlcommon::row_title(&mt('Password').'<b>*</b>',
                                                     'LC_pick_box_title',
                                                     'LC_oddrow_value')."\n".
@@ -2351,7 +2356,7 @@ sub personal_data_display {
     }
     if (($context eq 'selfcreate') && ($newuser eq 'email')) {
         if ($captchaform) {
-            $output .= &Apache::lonhtmlcommon::row_title($lt{'valid'},
+            $output .= &Apache::lonhtmlcommon::row_title($lt{'valid'}.'*',
                                                          'LC_pick_box_title')."\n".
                        $captchaform."\n".'<br /><br />'.
                        &Apache::lonhtmlcommon::row_closure(1); 
@@ -6826,10 +6831,26 @@ sub user_search_result {
         $response = '<span class="LC_warning">'.$response.'</span>';
     }
     if ($srch->{'srchin'} eq 'instd') {
-        my $instd_chk = &directorysrch_check($srch);
+        my $instd_chk = &instdirectorysrch_check($srch);
         if ($instd_chk ne 'ok') {
-            $response = '<span class="LC_warning">'.$instd_chk.'</span>'.
-                        '<br />'.&mt('You may want to search in the LON-CAPA domain instead of the institutional directory.').'<br /><br />';
+            my $domd_chk = &domdirectorysrch_check($srch);
+            $response = '<span class="LC_warning">'.$instd_chk.'</span><br />';
+            if ($domd_chk eq 'ok') {
+                $response = &mt('You may want to search in the LON-CAPA domain instead of the institutional directory.');
+            }
+            $response .= '<br /><br />';
+        }
+    } else {
+        unless (($context eq 'requestcrs') && ($srch->{'srchtype'} eq 'exact')) {
+            my $domd_chk = &domdirectorysrch_check($srch);
+            if ($domd_chk ne 'ok') {
+                my $instd_chk = &instdirectorysrch_check($srch);
+                $response = '<span class="LC_warning">'.$domd_chk.'</span><br />';
+                if ($instd_chk eq 'ok') {
+                    $response = &mt('You may want to search in the institutional directory instead of the LON-CAPA domain.');
+                }
+                $response .= '<br /><br />';
+            }
         }
     }
     if ($response ne '') {
@@ -7004,7 +7025,26 @@ sub user_search_result {
     return ($currstate,$response,$forcenewuser,\%srch_results);
 }
 
-sub directorysrch_check {
+sub domdirectorysrch_check {
+    my ($srch) = @_;
+    my $response;
+    my %dom_inst_srch = &Apache::lonnet::get_dom('configuration',
+                                             ['directorysrch'],$srch->{'srchdomain'});
+    my $showdom = &display_domain_info($srch->{'srchdomain'});
+    if (ref($dom_inst_srch{'directorysrch'}) eq 'HASH') {
+        if ($dom_inst_srch{'directorysrch'}{'lcavailable'} eq '0') {
+            return &mt('LON-CAPA directory search is not available in domain: [_1]',$showdom);
+        }
+        if ($dom_inst_srch{'directorysrch'}{'lclocalonly'}) {
+            if ($env{'request.role.domain'} ne $srch->{'srchdomain'}) {
+                return &mt('LON-CAPA directory search in domain: [_1] is only allowed for users with a current role in the domain.',$showdom);
+            }
+        }
+    }
+    return 'ok';
+}
+
+sub instdirectorysrch_check {
     my ($srch) = @_;
     my $can_search = 0;
     my $response;