From 1c68c3edff0507ee78cd1f633e45ae8c3fb9638d Mon Sep 17 00:00:00 2001
From: Alexander Bokovoy <abokovoy@redhat.com>
Date: Tue, 19 Feb 2013 13:54:43 +0200
Subject: ipasam: use base scope when fetching domain information about own
 domain

Since we use associatedDomain attribute to store information about UPN suffixes
and our own domain, searching subtree is going to return more than one entry.
Limit search for own domain by base scope as we only need to fetch our own
domain information here, not UPN suffixes.

Required for https://fedorahosted.org/freeipa/ticket/2945
---
 daemons/ipa-sam/ipa_sam.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/daemons/ipa-sam/ipa_sam.c b/daemons/ipa-sam/ipa_sam.c
index adf48222..0d4a27cf 100644
--- a/daemons/ipa-sam/ipa_sam.c
+++ b/daemons/ipa-sam/ipa_sam.c
@@ -3479,7 +3479,7 @@ static NTSTATUS ipasam_get_domain_name(struct ldapsam_privates *ldap_state,
 
 	ret = smbldap_search(smbldap_state,
 			     ldap_state->ipasam_privates->base_dn,
-			     LDAP_SCOPE_SUBTREE,
+			     LDAP_SCOPE_BASE,
 			     "objectclass=domainRelatedObject", attr_list, 0,
 			     &result);
 	if (ret != LDAP_SUCCESS) {
-- 
cgit