Implement (inefficiently) search scopes

author: Alex Auvolat <alex@adnab.me> 2020-02-09 18:36:13 +0100
committer: Alex Auvolat <alex@adnab.me> 2020-02-09 18:36:27 +0100
commit: 0402f7806a1e216f150d004d16823cbc73880fc4 (patch)
tree: fe8f4f7191ebeab5c12315628fc27a7b50816bcc /read.go
parent: d02bd17b160ea7e4d7f17208b15b40171677bbed (diff)
download: bottin-0402f7806a1e216f150d004d16823cbc73880fc4.tar.gz
bottin-0402f7806a1e216f150d004d16823cbc73880fc4.zip
1 files changed, 12 insertions, 0 deletions
diff --git a/read.go b/read.go
index ef06109..ab80d1c 100644
--- a/read.go
+++ b/read.go
@@ -97,6 +97,8 @@ func (server *Server) handleSearchInternal(state *State, w ldap.ResponseWriter,
 		return ldap.LDAPResultInsufficientAccessRights, fmt.Errorf("Please specify a base object on which you have read rights")
 	}
 
+	baseObjectLevel := len(strings.Split(baseObject, ","))
+
 	basePath, err := dnToConsul(baseObject)
 	if err != nil {
 		return ldap.LDAPResultInvalidDNSyntax, err
@@ -116,6 +118,16 @@ func (server *Server) handleSearchInternal(state *State, w ldap.ResponseWriter,
 	server.logger.Tracef("%#v", entries)
 
 	for dn, entry := range entries {
+		if r.Scope() == message.SearchRequestScopeBaseObject {
+			if dn != baseObject {
+				continue
+			}
+		} else if r.Scope() == message.SearchRequestSingleLevel {
+			objectLevel := len(strings.Split(dn, ","))
+			if objectLevel != baseObjectLevel + 1 {
+				continue
+			}
+		}
 		// Filter out if we don't match requested filter
 		matched, err := applyFilter(entry, r.Filter())
 		if err != nil {
author	Alex Auvolat <alex@adnab.me>	2020-02-09 18:36:13 +0100
committer	Alex Auvolat <alex@adnab.me>	2020-02-09 18:36:27 +0100
commit	0402f7806a1e216f150d004d16823cbc73880fc4 (patch)
tree	fe8f4f7191ebeab5c12315628fc27a7b50816bcc /read.go
parent	d02bd17b160ea7e4d7f17208b15b40171677bbed (diff)
download	bottin-0402f7806a1e216f150d004d16823cbc73880fc4.tar.gz bottin-0402f7806a1e216f150d004d16823cbc73880fc4.zip