From 876139b2951fdffb70ad121ff4340be241ffdf72 Mon Sep 17 00:00:00 2001
From: Tim van Dijen <tvdijen@gmail.com>
Date: Sun, 7 Apr 2024 16:02:52 +0200
Subject: [PATCH] Fix reported issues

---
 composer.json                    |  3 ++-
 src/Auth/Source/X509userCert.php | 18 +++++++++++-------
 2 files changed, 13 insertions(+), 8 deletions(-)

diff --git a/composer.json b/composer.json
index 3d17042..08f23e9 100644
--- a/composer.json
+++ b/composer.json
@@ -47,7 +47,8 @@
         "simplesamlphp/composer-module-installer": "^1.3.2",
         "simplesamlphp/simplesamlphp": "^2.2",
         "simplesamlphp/simplesamlphp-module-ldap": "^2.2",
-        "symfony/http-foundation": "^6.4"
+        "symfony/http-foundation": "^6.4",
+        "symfony/security-bundle": "^6.4"
     },
     "require-dev": {
         "simplesamlphp/simplesamlphp-test-framework": "^1.6.0"
diff --git a/src/Auth/Source/X509userCert.php b/src/Auth/Source/X509userCert.php
index 2a4b4b4..431051e 100644
--- a/src/Auth/Source/X509userCert.php
+++ b/src/Auth/Source/X509userCert.php
@@ -271,7 +271,7 @@ public function authSuccesful(array &$state): void
      */
     public function findUserByAttribute(string $attr, string $value): ?Entry
     {
-        $searchBase = $this->ldapConfig->getString('search.base');
+        $searchBase = $this->ldapConfig->getArray('search.base');
 
         $searchUsername = $this->ldapConfig->getString('search.username');
         Assert::notWhitespaceOnly($searchUsername);
@@ -280,13 +280,17 @@ public function findUserByAttribute(string $attr, string $value): ?Entry
         Assert::nullOrnotWhitespaceOnly($searchPassword);
 
         $ldap = ConnectorFactory::fromAuthSource($this->backend);
-        $ldapUserProvider = new LdapUserProvider($ldap, $searchBase, $searchUsername, $searchPassword, [], $attr);
 
-        try {
-            return $ldapUserProvider->loadUserByIdentifier($value)->getEntry();
-        } catch (UserNotFoundException $e) {
-            // We haven't found the user
-            return null;
+        foreach ($searchBase as $base) {
+            $ldapUserProvider = new LdapUserProvider($ldap, $base, $searchUsername, $searchPassword, [], $attr);
+            try {
+                return $ldapUserProvider->loadUserByIdentifier($value)->getEntry();
+            } catch (UserNotFoundException $e) {
+                continue;
+            }
         }
+
+        // We haven't found the user
+        return null;
     }
 }