theforeman · ekohl · Jul 3, 2025 · Jul 4, 2025
diff --git a/lib/ldap_fluff/ad_member_service.rb b/lib/ldap_fluff/ad_member_service.rb
@@ -15,7 +15,9 @@ def find_user_groups(uid)
     if _get_domain_func_level >= 6
       user_dn = user_data[:distinguishedname].first
       search = @ldap.search(:base => user_dn, :scope => Net::LDAP::SearchScope_BaseObject, :attributes => ['msds-memberOfTransitive'])
-      if !search.nil? && !search.first.nil?
+      if search.nil?
+        raise Net::LDAP::Error, @ldap.get_operation_result[:error_message].to_s
+      elsif !search.first.nil?
         return get_groups(search.first['msds-memberoftransitive'])
       end
     end

diff --git a/lib/ldap_fluff/freeipa_netgroup_member_service.rb b/lib/ldap_fluff/freeipa_netgroup_member_service.rb
@@ -3,10 +3,13 @@
 class LdapFluff::FreeIPA::NetgroupMemberService < LdapFluff::FreeIPA::MemberService
   def find_user_groups(uid)
     groups = []
-    @ldap.search(:filter => Net::LDAP::Filter.eq('objectClass', 'nisNetgroup'), :base => @group_base).each do |entry|
+    success = @ldap.search(:filter => Net::LDAP::Filter.eq('objectClass', 'nisNetgroup'), :base => @group_base, :return_result => false) do |entry|
       members = get_netgroup_users(entry[:nisnetgrouptriple])
       groups << entry[:cn][0] if members.include? uid
     end
+    unless success
+      raise Net::LDAP::Error, @ldap.get_operation_result[:error_message].to_s
+    end
     groups
   end
 end
diff --git a/lib/ldap_fluff/netiq_member_service.rb b/lib/ldap_fluff/netiq_member_service.rb
@@ -34,10 +34,15 @@ def find_user_groups(uid)
       # do nothing
     end
 
-    @ldap.search(
+    results = @ldap.search(
       :filter => filter,
       :base => @group_base,
       :attributes => ['cn']
-    ).map { |entry| entry[:cn][0] }
+    )
+    if results
+      results.map { |entry| entry[:cn][0] }
+    else
+      raise Net::LDAP::Error, @ldap.get_operation_result[:error_message].to_s
+    end
   end
 end
diff --git a/lib/ldap_fluff/posix_member_service.rb b/lib/ldap_fluff/posix_member_service.rb
@@ -18,10 +18,16 @@ def find_user(uid, base_dn = @base)
   # note : this method is not particularly fast for large ldap systems
   def find_user_groups(uid)
     user = find_user(uid).first
-    @ldap.search(
+    results = @ldap.search(
       :filter => user_group_filter(uid, user[:dn].first),
       :base => @group_base, :attributes => ["cn"]
-    ).map { |entry| entry[:cn][0] }
+    )
+
+    if results
+      results.map { |entry| entry[:cn][0] }
+    else
+      raise Net::LDAP::Error, @ldap.get_operation_result[:error_message].to_s
+    end
   end
 
   class UIDNotFoundException < LdapFluff::Error

diff --git a/lib/ldap_fluff/posix_netgroup_member_service.rb b/lib/ldap_fluff/posix_netgroup_member_service.rb
@@ -5,10 +5,13 @@ class LdapFluff::Posix::NetgroupMemberService < LdapFluff::Posix::MemberService
   # return list of group CNs for a user
   def find_user_groups(uid)
     groups = []
-    @ldap.search(:filter => Net::LDAP::Filter.eq('objectClass', 'nisNetgroup'), :base => @group_base).each do |entry|
+    success = @ldap.search(:filter => Net::LDAP::Filter.eq('objectClass', 'nisNetgroup'), :base => @group_base, :return_result => false) do |entry|
       members = get_netgroup_users(entry[:nisnetgrouptriple])
       groups << entry[:cn][0] if members.include? uid
     end
+    unless success
+      raise Net::LDAP::Error, @ldap.get_operation_result[:error_message].to_s
+    end
     groups
   end
 end