Merge pull request #2598 from coreos-inc/ldap-lc-fix

Move LDAP controls init into the inner loop

data/users/externalldap.py

@@ -296,13 +296,13 @@ class LDAPUsers(FederatedUsers):
   def _iterate_members(self, group_dn, page_size, disable_pagination):
     has_pagination = not(self._force_no_pagination or disable_pagination)
     with self._ldap.get_connection() as conn:
-      lc = ldap.controls.libldap.SimplePagedResultsControl(criticality=True, size=page_size,
-                                                           cookie='')
-
       search_flt = filter_format('(memberOf=%s,%s)', (group_dn, self._base_dn))
       attributes = [self._uid_attr, self._email_attr]
 
       for user_search_dn in self._user_dns:
+        lc = ldap.controls.libldap.SimplePagedResultsControl(criticality=True, size=page_size,
+                                                             cookie='')
+
         # Conduct the initial search for users that are a member of the group.
         logger.debug('Conducting LDAP search of DN: %s and filter %s', user_search_dn, search_flt)
         try: