Bugfix: searchformultiple() would stop on first dn even when nothing found.

searchformultiple() will loop over all the configured base dn's to search in. However, it would break on the first search that does not return `false`. A search that yields 0 hits is not `false`, however (it is only false when an error occurred). So when using more than one base, users would not be found if they were part of the second or later base, which is contrary to the intention. This is now changed so the loop breaks when the result is not false, and the number of found results is > 0.

Bugfix: searchformultiple() would stop on first dn even when nothing found.
searchformultiple() will loop over all the configured base dn's to search in. However, it would break on the first search that does not return `false`. A search that yields 0 hits is not `false`, however (it is only false when an error occurred). So when using more than one base, users would not be found if they were part of the second or later base, which is contrary to the intention. This is now changed so the loop breaks when the result is not false, and the number of found results is > 0.
71bacd03 · Thijs Kinkhorst · 2863d93b · 71bacd03
Commit 71bacd03 authored 7 years ago by Thijs Kinkhorst
--- a/lib/SimpleSAML/Auth/LDAP.php
+++ b/lib/SimpleSAML/Auth/LDAP.php
@@ -356,7 +356,7 @@ class SimpleSAML_Auth_LDAP
        $result = false;
        foreach ($bases as $base) {
            $result = @ldap_search($this->ldap, $base, $filter, $attributes, 0, 0, $this->timeout);
-            if ($result !== false) {
+            if ($result !== false && @ldap_count_entries($this->ldap, $result) > 0) {
                break;
            }
        }