Log error when CESNET LDAP return more than one item in getAllowedAffiliations()

* Log error when CESNET LDAP return more than one item in getAllowedAffiliations() in IsCesnetEligible.php

Author: vyskocilpavel

CHANGELOG.md

@@ -2,6 +2,8 @@
 All notable changes to this project will be documented in this file.
 
 ## [Unreleased]
+#### Fixed
+- Log error when CESNET LDAP return more than one item in getAllowedAffiliations() in IsCesnetEligible.php
 
 ## [v2.3.0]
 #### Changed

lib/Auth/Process/IsCesnetEligible.php

@@ -193,16 +193,20 @@ private function getAllowedAffiliations($idpEntityId)
         $allowedAffiliations = [];
 
         try {
-            $affiliations = $this->cesnetLdapConnector->searchForEntity(
+            $organization = $this->cesnetLdapConnector->searchForEntity(
                 self::ORGANIZATION_LDAP_BASE,
                 '(entityIDofIdP=' . $idpEntityId . ')',
                 ['cesnetcustomeraffiliation']
-            )['cesnetcustomeraffiliation'];
+            );
 
-            if (empty($affiliations)) {
+            if (empty($organization)) {
                 Logger::debug('cesnet:IsCesnetEligible - Received empty response from LDAP, entityId '
                     . $idpEntityId . ' was probably not found.');
+            } elseif (count($organization) > 1) {
+                Logger::error('cesnet:IsCesnetEligible - Received more record from LDAP with entityId '
+                              . $idpEntityId . '.');
             } else {
+                $affiliations = $organization['cesnetcustomeraffiliation'];
                 foreach ($affiliations as $affiliation) {
                     array_push($allowedAffiliations, $affiliation);
                 }