2 files changed, 15 insertions, 4 deletions

diff --git a/ipaserver/plugins/b_ldap.py b/ipaserver/plugins/b_ldap.py
index f12e6155d..1d5cc40d4 100644
--- a/ipaserver/plugins/b_ldap.py
+++ b/ipaserver/plugins/b_ldap.py
@@ -199,6 +199,12 @@ class ldap(CrudBackend):
 
         return (exact_match_filter, partial_match_filter)
 
+    def _get_scope(self, scope_str):
+        scope_dict = {'one'     : _ldap.SCOPE_ONELEVEL,
+                      'subtree' : _ldap.SCOPE_SUBTREE,
+                      'base'    : _ldap.SCOPE_BASE }
+        return scope_dict.get(scope_str, _ldap.SCOPE_BASE)
+
     def modify_password(self, dn, **kw):
         return servercore.modify_password(dn, kw.get('oldpass'), kw.get('newpass'))
 
@@ -286,6 +292,7 @@ class ldap(CrudBackend):
         sfilter = kw.get('filter')
         attributes = kw.get('attributes')
         base = kw.get('base')
+        scope = kw.get('scope')
         if attributes:
             del kw['attributes']
         else:
@@ -296,6 +303,8 @@ class ldap(CrudBackend):
             del kw['base']
         if sfilter:
             del kw['filter']
+        if scope:
+            del kw['scope']
         (exact_match_filter, partial_match_filter) = self._generate_search_filters(**kw)
         if objectclass:
             exact_match_filter = "(&(objectClass=%s)%s)" % (objectclass, exact_match_filter)
@@ -304,19 +313,21 @@ class ldap(CrudBackend):
             exact_match_filter = "(%s%s)" % (sfilter, exact_match_filter)
             partial_match_filter = "(%s%s)" % (sfilter, partial_match_filter)
 
+        search_scope = self._get_scope(scope)
+
         if not base:
             base = self.api.env.container_accounts
 
         search_base = "%s, %s" % (base, self.api.env.basedn)
         try:
             exact_results = servercore.search(search_base,
-                    exact_match_filter, attributes)
+                    exact_match_filter, attributes, scope=search_scope)
         except errors2.NotFound:
             exact_results = [0]
 
         try:
             partial_results = servercore.search(search_base,
-                    partial_match_filter, attributes)
+                    partial_match_filter, attributes, scope=search_scope)
         except errors2.NotFound:
             partial_results = [0]
 
diff --git a/ipaserver/servercore.py b/ipaserver/servercore.py
index 6c5dccc1b..bf3b457f0 100644
--- a/ipaserver/servercore.py
+++ b/ipaserver/servercore.py
@@ -263,11 +263,11 @@ def delete_entry(dn):
     return context.ldap.conn.deleteEntry(dn)
 
 # FIXME, get time and search limit from cn=ipaconfig
-def search(base, filter, attributes, timelimit=1, sizelimit=3000):
+def search(base, filter, attributes, timelimit=1, sizelimit=3000, scope=ldap.SCOPE_SUBTREE):
     """Perform an LDAP query"""
     try:
         timelimit = float(timelimit)
-        results = context.ldap.conn.getListAsync(base, ldap.SCOPE_SUBTREE,
+        results = context.ldap.conn.getListAsync(base, scope,
             filter, attributes, 0, None, None, timelimit, sizelimit)
     except ldap.NO_SUCH_OBJECT:
         raise errors2.NotFound()