From 9ce0d22c99472534838c1afe7c6dffdd0aa659a8 Mon Sep 17 00:00:00 2001
From: Simon Beck <simon.beck@vshn.ch>
Date: Wed, 9 Feb 2022 10:36:04 +0100
Subject: [PATCH] Fix wrong handling of multi value attributes

While ldapsearch doesn't seem to mind, apps like keycloak seem to have
issues with adding multiple attributes with different values. While
the resulting ldif in ldapsearch is indistinguishable there seems to
be a slight different on the protocol level.

If adding multiple attributes with the same name and different values,
keycloak will only see the last entry. But adding a single attribute
a slice of values is seems to handle it correctly.
---
 read.go | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/read.go b/read.go
index 06e54b2..ef6df63 100644
--- a/read.go
+++ b/read.go
@@ -213,10 +213,11 @@ func (server *Server) handleSearchInternal(state *State, w ldap.ResponseWriter,
 				continue
 			}
 			// Send result
+			resultVals := []message.AttributeValue{}
 			for _, v := range val {
-				e.AddAttribute(message.AttributeDescription(attr),
-					message.AttributeValue(v))
+				resultVals = append(resultVals, message.AttributeValue(v))
 			}
+			e.AddAttribute(message.AttributeDescription(attr), resultVals...)
 		}
 		w.Write(e)
 	}