diff options
-rw-r--r-- | bottin.hcl.example | 2 | ||||
-rw-r--r-- | read.go | 12 |
2 files changed, 13 insertions, 1 deletions
diff --git a/bottin.hcl.example b/bottin.hcl.example index 65953cf..8fb12eb 100644 --- a/bottin.hcl.example +++ b/bottin.hcl.example @@ -12,7 +12,7 @@ job "directory" { task "server" { driver = "docker" config { - image = "lxpz/bottin_amd64:7" + image = "lxpz/bottin_amd64:8" readonly_rootfs = true port_map { ldap_port = 389 @@ -97,6 +97,8 @@ func (server *Server) handleSearchInternal(state *State, w ldap.ResponseWriter, return ldap.LDAPResultInsufficientAccessRights, fmt.Errorf("Please specify a base object on which you have read rights") } + baseObjectLevel := len(strings.Split(baseObject, ",")) + basePath, err := dnToConsul(baseObject) if err != nil { return ldap.LDAPResultInvalidDNSyntax, err @@ -116,6 +118,16 @@ func (server *Server) handleSearchInternal(state *State, w ldap.ResponseWriter, server.logger.Tracef("%#v", entries) for dn, entry := range entries { + if r.Scope() == message.SearchRequestScopeBaseObject { + if dn != baseObject { + continue + } + } else if r.Scope() == message.SearchRequestSingleLevel { + objectLevel := len(strings.Split(dn, ",")) + if objectLevel != baseObjectLevel + 1 { + continue + } + } // Filter out if we don't match requested filter matched, err := applyFilter(entry, r.Filter()) if err != nil { |