From 70d03883ecc7f25d1e149261e944e053bf41bf9b Mon Sep 17 00:00:00 2001
From: David Coutadeur <david.coutadeur@worteks.com>
Date: Fri, 19 Jul 2024 18:38:48 +0200
Subject: [PATCH] make all search functions to use a scope (#144)

---
 conf/config.inc.php         | 1 +
 docs/ldap-parameters.rst    | 8 ++++++++
 htdocs/search.php           | 2 +-
 htdocs/searchexpired.php    | 2 +-
 htdocs/searchidle.php       | 2 +-
 htdocs/searchlocked.php     | 2 +-
 htdocs/searchwillexpire.php | 2 +-
 7 files changed, 14 insertions(+), 5 deletions(-)

diff --git a/conf/config.inc.php b/conf/config.inc.php
index 3d5d2594..24715f92 100644
--- a/conf/config.inc.php
+++ b/conf/config.inc.php
@@ -30,6 +30,7 @@
 $ldap_bindpw = "secret";
 $ldap_base = "dc=example,dc=com";
 $ldap_user_base = "ou=users,".$ldap_base;
+$ldap_scope = "sub"; # possible values: sub, one, base
 $ldap_user_filter = "(objectClass=inetOrgPerson)";
 $ldap_ppolicy_filter = "(objectClass=pwdPolicy)";
 $ldap_ppolicy_name_attribute = "cn";
diff --git a/docs/ldap-parameters.rst b/docs/ldap-parameters.rst
index 5627d816..a6c126b0 100644
--- a/docs/ldap-parameters.rst
+++ b/docs/ldap-parameters.rst
@@ -66,6 +66,14 @@ The filter can be set in ``$ldap_user_filter``:
 
     $ldap_user_filter = "(objectClass=inetOrgPerson)";
 
+You can set the scope for each search in ``$ldap_scope``:
+
+.. code-block:: php
+
+   $ldap_scope = "sub";
+
+.. tip:: sub is the default value. Possible values are sub, one, or base
+
 Size limit
 ----------
 
diff --git a/htdocs/search.php b/htdocs/search.php
index 8a0cc4f1..13bbe067 100644
--- a/htdocs/search.php
+++ b/htdocs/search.php
@@ -29,7 +29,7 @@
     # Search attributes
     $attributes = array();
 
-    [$ldap,$result,$nb_entries,$entries,$size_limit_reached]=$ldapInstance->search($ldap_filter, $attributes, $attributes_map, $search_result_title, $search_result_sortby, $search_result_items);
+    [$ldap,$result,$nb_entries,$entries,$size_limit_reached]=$ldapInstance->search($ldap_filter, $attributes, $attributes_map, $search_result_title, $search_result_sortby, $search_result_items, $ldap_scope);
 
     if ( ! empty($entries) )
     {
diff --git a/htdocs/searchexpired.php b/htdocs/searchexpired.php
index 1d2cf5d6..cc96393c 100644
--- a/htdocs/searchexpired.php
+++ b/htdocs/searchexpired.php
@@ -17,7 +17,7 @@
 # Search attributes
 $attributes = array('pwdChangedTime', 'pwdPolicySubentry');
 
-[$ldap,$result,$nb_entries,$entries,$size_limit_reached]=$ldapInstance->search($ldap_filter, $attributes, $attributes_map, $search_result_title, $search_result_sortby, $search_result_items);
+[$ldap,$result,$nb_entries,$entries,$size_limit_reached]=$ldapInstance->search($ldap_filter, $attributes, $attributes_map, $search_result_title, $search_result_sortby, $search_result_items, $ldap_scope);
 
 if ( ! empty($entries) )
 {
diff --git a/htdocs/searchidle.php b/htdocs/searchidle.php
index 4570e29a..9904eb23 100644
--- a/htdocs/searchidle.php
+++ b/htdocs/searchidle.php
@@ -20,7 +20,7 @@
 # Search attributes
 $attributes = array();
 
-[$ldap,$result,$nb_entries,$entries,$size_limit_reached]=$ldapInstance->search($ldap_filter, $attributes, $attributes_map, $search_result_title, $search_result_sortby, $search_result_items);
+[$ldap,$result,$nb_entries,$entries,$size_limit_reached]=$ldapInstance->search($ldap_filter, $attributes, $attributes_map, $search_result_title, $search_result_sortby, $search_result_items, $ldap_scope);
 
 if ( ! empty($entries) )
 {
diff --git a/htdocs/searchlocked.php b/htdocs/searchlocked.php
index d358532f..279b275c 100644
--- a/htdocs/searchlocked.php
+++ b/htdocs/searchlocked.php
@@ -15,7 +15,7 @@
 # Search attributes
 $attributes = array('pwdAccountLockedTime', 'pwdPolicySubentry');
 
-[$ldap,$result,$nb_entries,$entries,$size_limit_reached]=$ldapInstance->search($ldap_filter, $attributes, $attributes_map, $search_result_title, $search_result_sortby, $search_result_items);
+[$ldap,$result,$nb_entries,$entries,$size_limit_reached]=$ldapInstance->search($ldap_filter, $attributes, $attributes_map, $search_result_title, $search_result_sortby, $search_result_items, $ldap_scope);
 
 if ( ! empty($entries) )
 {
diff --git a/htdocs/searchwillexpire.php b/htdocs/searchwillexpire.php
index e25f5634..2c03b8b9 100644
--- a/htdocs/searchwillexpire.php
+++ b/htdocs/searchwillexpire.php
@@ -17,7 +17,7 @@
 # Search attributes
 $attributes = array('pwdChangedTime', 'pwdPolicySubentry');
 
-[$ldap,$result,$nb_entries,$entries,$size_limit_reached]=$ldapInstance->search($ldap_filter, $attributes, $attributes_map, $search_result_title, $search_result_sortby, $search_result_items);
+[$ldap,$result,$nb_entries,$entries,$size_limit_reached]=$ldapInstance->search($ldap_filter, $attributes, $attributes_map, $search_result_title, $search_result_sortby, $search_result_items, $ldap_scope);
 
 if ( ! empty($entries) )
 {