From fabd5cd62f0693c5071ac60131dff2dfe825bff7 Mon Sep 17 00:00:00 2001
From: Nalin Dahyabhai <nalin@dahyabhai.net>
Date: Mon, 7 Oct 2013 15:24:29 -0400
Subject: [PATCH] Accept any alias, not just the last value

If the entry's krbPrincipalName attribute is multi-valued, accept any of
the values, not just the last one we happen to examine.

https://fedorahosted.org/freeipa/ticket/3966

Reviewed-By: Nathaniel McCallum <npmccallum@redhat.com>
---
 daemons/ipa-kdb/ipa_kdb_principals.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/daemons/ipa-kdb/ipa_kdb_principals.c b/daemons/ipa-kdb/ipa_kdb_principals.c
index d2be98886..5ae6818b6 100644
--- a/daemons/ipa-kdb/ipa_kdb_principals.c
+++ b/daemons/ipa-kdb/ipa_kdb_principals.c
@@ -776,6 +776,9 @@ static krb5_error_code ipadb_find_principal(krb5_context kcontext,
             } else {
                 found = (strcmp(vals[i]->bv_val, (*principal)) == 0);
             }
+            if (found) {
+                break;
+            }
         }
 
         ldap_value_free_len(vals);