--- /home/jdbates/Desktop/ldap_integration/ldapauth.module	2007-03-28 19:44:17.000000000 -0700
+++ ldapauth.module	2007-07-11 18:22:56.000000000 -0700
@@ -569,24 +569,43 @@
 function ldapauth_auth($name, $pass, $server) {
   global $ldap;
 
-  $ok = false;
-  $login_name = $server ? "$name@$server" : $name;
+  // Don't allow empty passwords because they cause problems on some setups
+  // http://drupal.org/node/87831
+  if (empty($pass)) {
+    return false;
+  }
 
+  $login_name = $server ? $name . '@' . $server : $name;
   if (function_exists('ldapauth_transform_login_name')) {
     $login_name = call_user_func('ldapauth_transform_login_name', $login_name);
   }
-  
-  $dn = _ldapauth_login2dn($login_name);
-  // Not allowing empty passwords because they cause problems
-  // on some setups. See http://drupal.org/node/87831
-  if ($dn && $pass) {
-    $ok = $ldap->connect($dn, $pass);
-  }
 
-  if ($ok && function_exists('ldapauth_user_filter')) {
-    $ok = $ok && call_user_func('ldapauth_user_filter', $ldap->retrieveAttributes($dn));
+  // Cycle through LDAP configurations.  First one to succeed wins.
+  $result = db_query("SELECT name FROM {ldapauth} WHERE status = '%d' ORDER BY sid", 1);
+  while ($row = db_fetch_object($result)) {
+    // Initialize LDAP
+    _ldapauth_init($row->name);
+
+    // Get distinguished name
+    $dn = _ldapauth_login2dn($login_name);
+    if (empty($dn)) {
+      continue;
+    }
+
+    // Try to authenticate
+    if (!$ldap->connect($dn, $pass)) {
+      continue;
+    }
+
+    if (function_exists('ldapauth_user_filter')
+        && !call_user_func('ldapauth_user_filter', $ldap->retrieveAttributes($dn))) {
+      continue;
+    }
+
+    return true;
   }
-  return $ok;
+
+  return false;
 }
 
 function ldapauth_exit() {
@@ -877,7 +896,7 @@
       }
       else {
         // no such local user - check ldap       
-        if (_ldapauth_check_ldap($name, $pass)) {
+        if (ldapauth_auth($name, $pass, null)) {
           // login successful - user exists in LDAP - if not registered in LDAP, register; set cookie
           $user = _ldapauth_save_user($name, $pass);
         }
@@ -885,7 +904,7 @@
     }
     else {
       // direct ldap authentication - check with ldap
-      if (_ldapauth_check_ldap($name, $pass)) {
+      if (ldapauth_auth($name, $pass, null)) {
         // login successful - user exists in LDAP - if not registered in LDAP, register; set cookie
         $user = _ldapauth_save_user($name, $pass);
       }
@@ -893,41 +912,6 @@
   }
   return $user;
 }
-  
-function _ldapauth_check_ldap($name, $pass) {  
-  global $ldap;
-  
-  $login_ok = false; 
-  
-  $result = db_query("SELECT name FROM {ldapauth} WHERE status = '%d' ORDER BY sid", 1);
-  while ($row = db_fetch_object($result)) {
-    // cycle thru the authentication schemes - first successful one wins
-    // instantiate ldap
-    _ldapauth_init($row->name);
-    $config_name = $ldap->getOption('name');
-    // Strip name and server from ID:
-    if ($server = strrchr($name, '@')) {
-      $login_name = substr($name, 0, strlen($name) - strlen($server));
-      $server = substr($server, 1);
-    }
-    else {
-      $login_name = $name;
-      $server = '';
-    }
-
-    // This is in case somebody tries to log in as "jdoe@"
-    if (preg_match('/@$/', $name)) {
-      $login_name = $name;
-    }
-
-    if (ldapauth_auth($name, $pass, $server)) {
-      $login_ok = true;
-      break; // break out of the auth check cycle
-    }
-  }
-  
-  return $login_ok;
-}
 
 function _ldapauth_save_user($login_string, $pass) {
   global $user, $ldap;