From 0302d89dbf5e3b9e0d051dd559194ac972cf207a Mon Sep 17 00:00:00 2001
From: Anders Lund <anders.lund@uninett.no>
Date: Mon, 19 Jan 2009 07:48:55 +0000
Subject: [PATCH] Handle multiple search bases.

git-svn-id: https://simplesamlphp.googlecode.com/svn/trunk@1157 44740490-163a-0410-bde0-09ae8108e29a
---
 lib/SimpleSAML/Auth/LDAP.php | 37 ++++++++++++++++++++++++++++--------
 1 file changed, 29 insertions(+), 8 deletions(-)

diff --git a/lib/SimpleSAML/Auth/LDAP.php b/lib/SimpleSAML/Auth/LDAP.php
index dc7c3b7b3..fcb9b9c25 100644
--- a/lib/SimpleSAML/Auth/LDAP.php
+++ b/lib/SimpleSAML/Auth/LDAP.php
@@ -56,19 +56,40 @@ class SimpleSAML_Auth_LDAP {
 		$search = $this->generateSearchFilter($searchattr, $searchvalue);
 		
 		SimpleSAML_Logger::debug('Library - LDAP: Search for DN base:' . $searchbase . ' search: ' . $search);
-		
-		$search_result = @ldap_search($this->ldap, $searchbase, $search, array() );
 
-		if ($search_result === false) {
-			throw new Exception('Failed performing a LDAP search: ' . ldap_error($this->ldap) . ' search:' . $search);
+		// Go through all searchbases if multiple
+		if (is_array($searchbase)) {
+			$num_results = 0;
+			foreach ($searchbase AS $base) {
+				$search_result = @ldap_search($this->ldap, $base, $search, array() );
+
+				if ($search_result === false) {
+					throw new Exception('Failed performing a LDAP search: ' . ldap_error($this->ldap) . ' search:' . $search);
+				}
+
+				if (!(@ldap_count_entries($this->ldap, $search_result) == 0)) {
+					$num_results++;
+					$result = $search_result;
+				}
+			}
+			if ($num_results > 1)
+				throw new Exception('Found hits in multiple bases for LDAP search: ' . ldap_error($this->ldap) . ' search:' . $search);
+			$search_result = $result;
+			$searchbase = join (" && ", $searchbase);
+		} else {
+			$search_result = @ldap_search($this->ldap, $searchbase, $search, array() );
+
+			if ($search_result === false) {
+				throw new Exception('Failed performing a LDAP search: ' . ldap_error($this->ldap) . ' search:' . $search);
+			}
 		}
 
 		// Check number of entries. ePPN should be unique!
-		if (@ldap_count_entries($this->ldap, $search_result) > 1 ) 
-			throw new Exception("Found multiple entries in LDAP search: " . $search . ' base: ' . $searchbase);
-		
+		if (@ldap_count_entries($this->ldap, $search_result) > 1 )
+			throw new Exception("Found multiple entries in LDAP search: " . $search . ' base(s): ' . $searchbase);
+	
 		if (@ldap_count_entries($this->ldap, $search_result) == 0) 
-			throw new Exception('LDAP search returned zero entries: ' . $search . ' base: ' . $searchbase);
+			throw new Exception('LDAP search returned zero entries: ' . $search . ' base(s): ' . $searchbase);
 		
 		// Authenticate user and fetch attributes
 		$entry = ldap_first_entry($this->ldap, $search_result);
-- 
GitLab