From 6b718780c6c46a24ab4940ecf351ab976ba87031 Mon Sep 17 00:00:00 2001
From: Tim Lock <tim.lock@netspot.com.au>
Date: Tue, 20 Aug 2013 10:34:16 +0930
Subject: [PATCH] MDL-41304: Hide and handle LDAP error when user not in
 context being checked

---
 lib/ldaplib.php | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/lib/ldaplib.php b/lib/ldaplib.php
index 2312451d9e2..54bb66121c8 100644
--- a/lib/ldaplib.php
+++ b/lib/ldaplib.php
@@ -247,9 +247,11 @@ function ldap_find_userdn($ldapconnection, $username, $contexts, $objectclass, $
         }
 
         if ($search_sub) {
-            $ldap_result = ldap_search($ldapconnection, $context,
-                                       '(&'.$objectclass.'('.$search_attrib.'='.ldap_filter_addslashes($username).'))',
-                                       array($search_attrib));
+            if (!$ldap_result = @ldap_search($ldapconnection, $context,
+                                           '(&'.$objectclass.'('.$search_attrib.'='.ldap_filter_addslashes($username).'))',
+                                           array($search_attrib))) {
+                break; // Not found in this context.
+            }
         } else {
             $ldap_result = ldap_list($ldapconnection, $context,
                                      '(&'.$objectclass.'('.$search_attrib.'='.ldap_filter_addslashes($username).'))',
-- 
2.11.4.GIT