fschulze
commented
2 years ago I don't fully understand the circumstances in which this can happen, but I think it would be better to return an explicit error for this case which says that the attribute is empty. A test would also be nice.
This change addresses the case where an empty value is returned by the LDAP server.
This is an issue specifically when you are attempting to obtain the 'dn' for a user, however an empty 'dn' attribute is being returned by the LDAP server.
Arguably this could be handled in other ways and I'm happy to rewrite if preferred, I'm just not sure there's ever a reason we would want to return from the search function with an empty attribute.