diff --git a/radicale/acl/LDAP.py b/radicale/acl/LDAP.py index fe5c8fc..7e7ed07 100644 --- a/radicale/acl/LDAP.py +++ b/radicale/acl/LDAP.py @@ -35,6 +35,12 @@ CONNEXION = ldap.initialize(config.get("acl", "ldap_url")) BINDDN = config.get("acl", "ldap_binddn") PASSWORD = config.get("acl", "ldap_password") +SCOPE = ldap.SCOPE_ONELEVEL +if config.get("acl", "ldap_scope").lower() == 'subtree': + SCOPE = ldap.SCOPE_SUBTREE +elif config.get("acl", "ldap_scope").lower() == 'base': + SCOPE = ldap.SCOPE_BASE + def has_right(owner, user, password): """Check if ``user``/``password`` couple is valid.""" @@ -50,7 +56,7 @@ def has_right(owner, user, password): log.LOGGER.debug( "LDAP bind for %s in base %s" % (distinguished_name, BASE)) - users = CONNEXION.search_s(BASE, ldap.SCOPE_ONELEVEL, distinguished_name) + users = CONNEXION.search_s(BASE, SCOPE, distinguished_name) if users: log.LOGGER.debug("User %s found" % user) try: diff --git a/radicale/config.py b/radicale/config.py index 87c0d81..51d939c 100644 --- a/radicale/config.py +++ b/radicale/config.py @@ -59,6 +59,7 @@ INITIAL_CONFIG = { "ldap_attribute": "uid", "ldap_binddn": "", "ldap_password": "", + "ldap_scope": "OneLevel", "pam_group_membership": "", "courier_socket": ""}, "storage": {