ltb-project · davidcoutadeur · Jul 24, 2024 · Jul 10, 2024
diff --git a/composer.json b/composer.json
@@ -1,6 +1,6 @@
 {
     "require": {
-        "ltb-project/ltb-common": "v0.2.1",
+        "ltb-project/ltb-common": "dev-main",
         "bjeavons/zxcvbn-php": "^1.0",
         "twbs/bootstrap": "v5.3.3",
         "defuse/php-encryption": "2.4.0",

diff --git a/conf/config.inc.php b/conf/config.inc.php
@@ -44,6 +44,7 @@
 $ldap_login_attribute = "uid";
 $ldap_fullname_attribute = "cn";
 $ldap_filter = "(&(objectClass=person)($ldap_login_attribute={login}))";
+$ldap_scope = "sub"; # possible values: sub, one, base
 $ldap_use_exop_passwd = false;
 $ldap_use_ppolicy_control = false;
 $ldap_network_timeout = 10;

diff --git a/docs/config_ldap.rst b/docs/config_ldap.rst
@@ -143,6 +143,15 @@ The filter can be set in ``$ldap_filter``:
 
 .. tip:: The string ``{login}`` is replaced by submitted login.
 
+The scope can be set in ``$ldap_scope``:
+
+.. code-block:: php
+
+   $ldap_scope = "sub";
+
+.. tip:: sub is the default value. Possible values are sub, one, or base
+
+
 Extensions
 ----------
 

diff --git a/htdocs/change.php b/htdocs/change.php
@@ -76,7 +76,7 @@
 
         # Search for user
         $ldap_filter = str_replace("{login}", $login, $ldap_filter);
-        $search = ldap_search($ldap, $ldap_base, $ldap_filter);
+        $search = $ldapInstance->search_with_scope($ldap_scope, $ldap_base, $ldap_filter);
 
         $errno = ldap_errno($ldap);
         if ( $errno ) {

diff --git a/htdocs/changecustompwdfield.php b/htdocs/changecustompwdfield.php
@@ -146,7 +146,7 @@ function set_default_value(&$variable, $defaultValue)
 
         # Search for user
         $ldap_filter = str_replace("{login}", $login, $ldap_filter);
-        $search = ldap_search($ldap, $ldap_base, $ldap_filter);
+        $search = $ldapInstance->search_with_scope($ldap_scope, $ldap_base, $ldap_filter);
 
         $errno = ldap_errno($ldap);
         if ( $errno ) {

diff --git a/htdocs/changesshkey.php b/htdocs/changesshkey.php
@@ -70,7 +70,7 @@
 
         # Search for user
         $ldap_filter = str_replace("{login}", $login, $ldap_filter);
-        $search = ldap_search($ldap, $ldap_base, $ldap_filter);
+        $search = $ldapInstance->search_with_scope($ldap_scope, $ldap_base, $ldap_filter);
 
         $errno = ldap_errno($ldap);
         if ( $errno ) {

diff --git a/htdocs/resetbyquestions.php b/htdocs/resetbyquestions.php
@@ -111,7 +111,7 @@
 
             # Search for user
             $ldap_filter = str_replace("{login}", $login, $ldap_filter);
-            $search = ldap_search($ldap, $ldap_base, $ldap_filter);
+            $search = $ldapInstance->search_with_scope($ldap_scope, $ldap_base, $ldap_filter);
 
             $errno = ldap_errno($ldap);
             if ( $errno ) {

diff --git a/htdocs/resetbytoken.php b/htdocs/resetbytoken.php
@@ -106,7 +106,7 @@
 
             # Search for user
             $ldap_filter = str_replace("{login}", $login, $ldap_filter);
-            $search = ldap_search($ldap, $ldap_base, $ldap_filter);
+            $search = $ldapInstance->search_with_scope($ldap_scope, $ldap_base, $ldap_filter);
 
             $errno = ldap_errno($ldap);
             if ( $errno ) {

diff --git a/htdocs/sendsms.php b/htdocs/sendsms.php
@@ -353,7 +353,7 @@ function get_user_infos($ldapInstance, $ldap_base, $ldap_filter,
 
         # Search for user
         $ldap_filter = str_replace("{login}", $login, $ldap_filter);
-        $search = ldap_search($ldap, $ldap_base, $ldap_filter, $search_attributes);
+        $search = $ldapInstance->search_with_scope($ldap_scope, $ldap_base, $ldap_filter, $search_attributes);
 
         $errno = ldap_errno($ldap);
         if ($errno) {

diff --git a/htdocs/sendtoken.php b/htdocs/sendtoken.php
@@ -77,7 +77,7 @@
 
         # Search for user
         $ldap_filter = str_replace("{login}", $login, $ldap_filter);
-        $search = ldap_search($ldap, $ldap_base, $ldap_filter);
+        $search = $ldapInstance->search_with_scope($ldap_scope, $ldap_base, $ldap_filter);
 
         $errno = ldap_errno($ldap);
         if ( $errno ) {

diff --git a/htdocs/setattributes.php b/htdocs/setattributes.php
@@ -68,7 +68,7 @@
 
     # Search for user
     $ldap_filter = str_replace("{login}", $login, $ldap_filter);
-    $search = ldap_search($ldap, $ldap_base, $ldap_filter);
+    $search = $ldapInstance->search_with_scope($ldap_scope, $ldap_base, $ldap_filter);
 
     $errno = ldap_errno($ldap);
     if ( $errno ) {

diff --git a/htdocs/setquestions.php b/htdocs/setquestions.php
@@ -91,7 +91,7 @@
 
         # Search for user
         $ldap_filter = str_replace("{login}", $login, $ldap_filter);
-        $search = ldap_search($ldap, $ldap_base, $ldap_filter);
+        $search = $ldapInstance->search_with_scope($ldap_scope, $ldap_base, $ldap_filter);
 
         $errno = ldap_errno($ldap);
         if ( $errno ) {
@@ -134,7 +134,7 @@
     }
 
     # Check objectClass presence and pull back previous answers.
-    $search = ldap_search($ldap, $userdn, "(objectClass=*)", array("objectClass", $answer_attribute) );
+    $search = $ldapInstance->search_with_scope($ldap_scope, $userdn, "(objectClass=*)", array("objectClass", $answer_attribute) );
 
     $errno = ldap_errno($ldap);
     if ( $errno ) {

diff --git a/rest/v1/adminchangepassword.php b/rest/v1/adminchangepassword.php
@@ -33,7 +33,7 @@
 
     # Search for user
     $ldap_filter = str_replace("{login}", $login, $ldap_filter);
-    $search = ldap_search($ldap, $ldap_base, $ldap_filter);
+    $search = $ldapInstance->search_with_scope($ldap_scope, $ldap_base, $ldap_filter);
 
     $errno = ldap_errno($ldap);
     if ( $errno ) {

diff --git a/rest/v1/changepassword.php b/rest/v1/changepassword.php
@@ -34,7 +34,7 @@
 if ( $ldap ) {
     # Search for user
     $ldap_filter = str_replace("{login}", $login, $ldap_filter);
-    $search = ldap_search($ldap, $ldap_base, $ldap_filter);
+    $search = $ldapInstance->search_with_scope($ldap_scope, $ldap_base, $ldap_filter);
 
     $errno = ldap_errno($ldap);
     if ( $errno ) {

diff --git a/rest/v1/checkpassword.php b/rest/v1/checkpassword.php
@@ -25,7 +25,7 @@
 
         # Search for user
         $ldap_filter = str_replace("{login}", $login, $ldap_filter);
-        $search = ldap_search($ldap, $ldap_base, $ldap_filter);
+        $search = $ldapInstance->search_with_scope($ldap_scope, $ldap_base, $ldap_filter);
 
         $errno = ldap_errno($ldap);
         if ( $errno ) {

diff --git a/scripts/encrypt_answers.php b/scripts/encrypt_answers.php
@@ -45,7 +45,7 @@
 
 # Search all users
 $ldap_filter = str_replace("{login}", "*", $ldap_filter);
-$search = ldap_search($ldap, $ldap_base, $ldap_filter);
+$search = $ldapInstance->search_with_scope($ldap_scope, $ldap_base, $ldap_filter);
 
 if (!$search) {
     $errno = ldap_errno($ldap);

diff --git a/scripts/multi_ldap_change.php b/scripts/multi_ldap_change.php
@@ -66,7 +66,7 @@
     } else {
         $s_ldap_base = $ldap_base;
     }
-    $search = ldap_search($ldap, $s_ldap_base, $s_ldap_filter);
+    $search = $ldapInstance->search_with_scope($ldap_scope, $s_ldap_base, $s_ldap_filter);
 
     $errno = ldap_errno($ldap);
     if ( $errno ) {