From 6c5f8e187989bd7dd30192dbce159055cbd154b6 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Ivan=20Ne=C4=8Das?= <inecas@redhat.com>
Date: Wed, 30 Aug 2017 11:14:56 +0200
Subject: [PATCH] Fixes #18887 - defensive group search in posix_member_service

The posix_member_service was not counting on issues with missing
group base_dn, leading to "undefined method `each' for nil:NilClass"
error during LDAP login and group search
---
 lib/ldap_fluff/posix_member_service.rb | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/lib/ldap_fluff/posix_member_service.rb b/lib/ldap_fluff/posix_member_service.rb
index e699b52..8ad8f35 100644
--- a/lib/ldap_fluff/posix_member_service.rb
+++ b/lib/ldap_fluff/posix_member_service.rb
@@ -17,9 +17,11 @@ def find_user(uid, base_dn = @base)
   # return an ldap user with groups attached
   # note : this method is not particularly fast for large ldap systems
   def find_user_groups(uid)
-    groups = []
-    @ldap.search(:filter => Net::LDAP::Filter.eq('memberuid', uid), :base => @group_base).each do |entry|
-      groups << entry[:cn][0]
+    group_search = @ldap.search(:filter => Net::LDAP::Filter.eq('memberuid', uid), :base => @group_base)
+    if group_search
+      group_search.each do |entry|
+        groups << entry[:cn][0]
+      end
     end
     groups
   end