From 60ce38ae951fc5800b4fba29f0a1717eb5a5f633 Mon Sep 17 00:00:00 2001
From: hno <>
Date: Tue, 17 Apr 2001 21:29:01 +0000
Subject: [PATCH] More strict search error filtering. Only ignore search errors
 when errors are expected.

---
 helpers/basic_auth/LDAP/squid_ldap_auth.c | 9 ++++-----
 1 file changed, 4 insertions(+), 5 deletions(-)

diff --git a/helpers/basic_auth/LDAP/squid_ldap_auth.c b/helpers/basic_auth/LDAP/squid_ldap_auth.c
index 7ccc5dcc3d..d35b95be03 100644
--- a/helpers/basic_auth/LDAP/squid_ldap_auth.c
+++ b/helpers/basic_auth/LDAP/squid_ldap_auth.c
@@ -224,12 +224,11 @@ checkLDAP(LDAP * ld, char *userid, char *password)
 	snprintf(filter, sizeof(filter), "%s%s", searchfilter, userid);
 	if (ldap_search_s(ld, basedn, searchscope, filter, searchattr, 1, &res) != LDAP_SUCCESS) {
 	    int rc = ldap_result2error(ld, res, 0);
-	    if (rc != LDAP_PARTIAL_RESULTS) {
-		/* LDAP_PARTIAL_RESULT ignored. What we are looking for
-		 * is most likely availale
-		 * This error is seen when querying a MS ActiveDirector
-		 * server due to referrals..
+	    if (noreferrals && rc == LDAP_PARTIAL_RESULTS) {
+		/* Everything is fine. This is expected when referrals
+		 * are disabled.
 		 */
+	    } else {
 		fprintf(stderr, "squid_ldap_auth: WARNING, LDAP search error '%s'\n", ldap_err2string(rc));
 	    }
 	}
-- 
2.47.2