From 9b90ee893c14f6fdc14b10d2b4e5fc374828e0e3 Mon Sep 17 00:00:00 2001
From: Benjamin Dauvergne <bdauvergne@entrouvert.com>
Date: Mon, 23 May 2022 16:13:51 +0200
Subject: [PATCH] ldap: serverctrls can be empty on non comformant LDAP
 directories(#65604)

Example of such a non-conforming directory is the slapd-meta backend of
OpenLDAP, it accepts SimplePagedSearch control with criticality=True
set, but do not honor it apart from the response size which respects the
given page size.
---
 src/authentic2/backends/ldap_backend.py | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/src/authentic2/backends/ldap_backend.py b/src/authentic2/backends/ldap_backend.py
index 54a70efc..fc85b156 100644
--- a/src/authentic2/backends/ldap_backend.py
+++ b/src/authentic2/backends/ldap_backend.py
@@ -1619,8 +1619,10 @@ class LDAPBackend:
             first_pass = False
             msgid = conn.search_ext(*args, serverctrls=[pg_ctrl], **kwargs)
             dummy_result_type, data, msgid, serverctrls = conn.result3(msgid)
-            pg_ctrl.cookie = serverctrls[0].cookie
             yield from cls.normalize_ldap_results(data)
+            if not len(serverctrls):
+                break
+            pg_ctrl.cookie = serverctrls[0].cookie
 
     @classmethod
     def get_users_for_block(cls, block):
-- 
2.35.1