Check if ldap_get_entries returns array FS#1742

darcs-hash:20091004114818-6e07b-0e6be8f61e4201692abdfcc4da93b031c29ac727.gz

1 files changed, 5 insertions, 4 deletions

diff --git a/inc/auth/ldap.class.php b/inc/auth/ldap.class.php
index bd1322344..d3037e869 100644
--- a/inc/auth/ldap.class.php
+++ b/inc/auth/ldap.class.php
@@ -180,7 +180,7 @@ class auth_ldap extends auth_basic {
             msg('LDAP user search: '.htmlspecialchars(ldap_error($this->con)),0,__LINE__,__FILE__);
 
         // Don't accept more or less than one response
-        if($result['count'] != 1){
+        if(!is_array($result) || $result['count'] != 1){
             return false; //user not found
         }
 
@@ -220,18 +220,19 @@ class auth_ldap extends auth_basic {
         if ($this->cnf['grouptree'] && $this->cnf['groupfilter']) {
             $base   = $this->_makeFilter($this->cnf['grouptree'], $user_result);
             $filter = $this->_makeFilter($this->cnf['groupfilter'], $user_result);
-
             $sr = @ldap_search($this->con, $base, $filter, array($this->cnf['groupkey']));
             if(!$sr){
                 msg("LDAP: Reading group memberships failed",-1);
-                if($this->cnf['debug'])
+                if($this->cnf['debug']){
                     msg('LDAP group search: '.htmlspecialchars(ldap_error($this->con)),0,__LINE__,__FILE__);
+                    msg('LDAP filter was: '.htmlspecialchars($filter),0,__LINE__,__FILE__);
+                }
                 return false;
             }
             $result = ldap_get_entries($this->con, $sr);
             ldap_free_result($sr);
 
-            foreach($result as $grp){
+            if(is_array($result)) foreach($result as $grp){
                 if(!empty($grp[$this->cnf['groupkey']][0])){
                     if($this->cnf['debug'])
                         msg('LDAP usergroup: '.htmlspecialchars($grp[$this->cnf['groupkey']][0]),0,__LINE__,__FILE__);