From b67113e848b5831a4b224400d1218c57da978f66 Mon Sep 17 00:00:00 2001
From: Joseph Schorr <josephschorr@users.noreply.github.com>
Date: Mon, 1 May 2017 16:04:33 -0400
Subject: [PATCH] Move LDAP controls init into the inner loop

We cannot use it across different DNs, so we need to move it down
---
 data/users/externalldap.py | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/data/users/externalldap.py b/data/users/externalldap.py
index d792b6eb4..9ed346ae4 100644
--- a/data/users/externalldap.py
+++ b/data/users/externalldap.py
@@ -296,13 +296,13 @@ class LDAPUsers(FederatedUsers):
   def _iterate_members(self, group_dn, page_size, disable_pagination):
     has_pagination = not(self._force_no_pagination or disable_pagination)
     with self._ldap.get_connection() as conn:
-      lc = ldap.controls.libldap.SimplePagedResultsControl(criticality=True, size=page_size,
-                                                           cookie='')
-
       search_flt = filter_format('(memberOf=%s,%s)', (group_dn, self._base_dn))
       attributes = [self._uid_attr, self._email_attr]
 
       for user_search_dn in self._user_dns:
+        lc = ldap.controls.libldap.SimplePagedResultsControl(criticality=True, size=page_size,
+                                                             cookie='')
+
         # Conduct the initial search for users that are a member of the group.
         logger.debug('Conducting LDAP search of DN: %s and filter %s', user_search_dn, search_flt)
         try: