MDL-41304: Hide and handle LDAP error when user not in context being checked
authorTim Lock <tim.lock@netspot.com.au>
Tue, 20 Aug 2013 01:04:16 +0000 (10:34 +0930)
committerTim Lock <tim.lock@netspot.com.au>
Tue, 20 Aug 2013 01:04:16 +0000 (10:34 +0930)
lib/ldaplib.php

index 2312451..54bb661 100644 (file)
@@ -247,9 +247,11 @@ function ldap_find_userdn($ldapconnection, $username, $contexts, $objectclass, $
         }
 
         if ($search_sub) {
-            $ldap_result = ldap_search($ldapconnection, $context,
-                                       '(&'.$objectclass.'('.$search_attrib.'='.ldap_filter_addslashes($username).'))',
-                                       array($search_attrib));
+            if (!$ldap_result = @ldap_search($ldapconnection, $context,
+                                           '(&'.$objectclass.'('.$search_attrib.'='.ldap_filter_addslashes($username).'))',
+                                           array($search_attrib))) {
+                break; // Not found in this context.
+            }
         } else {
             $ldap_result = ldap_list($ldapconnection, $context,
                                      '(&'.$objectclass.'('.$search_attrib.'='.ldap_filter_addslashes($username).'))',