From 874fb9b6d96de1427971ac050ec03a2d55f0e7aa Mon Sep 17 00:00:00 2001
From: Espen Volden <voldern@hoeggen.net>
Date: Sat, 17 Nov 2012 04:46:53 -0800
Subject: [PATCH] <LDAP: If available use DN from previously retrieved user>

Summary:
When searching for a user before logging in use the DN from the retrived user.
This allows you to use a less fine grained DN when searching for a user. For example dc=domain,dc=domain instead of ou=unit,dc=domain,dc=com.

Test Plan: Tested on local install with ldap.search-first disabled and enabled.

Reviewers: epriestley, yunake

Reviewed By: epriestley

CC: auduny, briancline, aran, Korvin, vsuba

Differential Revision: https://secure.phabricator.com/D3549
---
 .../auth/ldap/PhabricatorLDAPProvider.php          | 14 +++++++++-----
 1 file changed, 9 insertions(+), 5 deletions(-)

diff --git a/src/applications/auth/ldap/PhabricatorLDAPProvider.php b/src/applications/auth/ldap/PhabricatorLDAPProvider.php
index 97856adec3..00a45f869d 100644
--- a/src/applications/auth/ldap/PhabricatorLDAPProvider.php
+++ b/src/applications/auth/ldap/PhabricatorLDAPProvider.php
@@ -143,11 +143,15 @@ final class PhabricatorLDAPProvider {
     if ($activeDirectoryDomain) {
       $dn = $username.'@'.$activeDirectoryDomain;
     } else {
-      $dn = ldap_sprintf(
-        '%Q=%s,%Q',
-        $this->getSearchAttribute(),
-        $username,
-        $this->getBaseDN());
+      if (isset($user)) {
+        $dn = $user['dn'];
+      } else {
+        $dn = ldap_sprintf(
+          '%Q=%s,%Q',
+          $this->getSearchAttribute(),
+          $username,
+          $this->getBaseDN());
+      }
     }
 
     // NOTE: It is very important we suppress any messages that occur here,