From 3dce95b87b93b2e912554f6d4edc29822e34f2c8 Mon Sep 17 00:00:00 2001
From: Alexander Bokovoy <abokovoy@redhat.com>
Date: Feb 19 2013 16:50:58 +0000
Subject: ipasam: use base scope when fetching domain information about own domain


Since we use associatedDomain attribute to store information about UPN suffixes
and our own domain, searching subtree is going to return more than one entry.
Limit search for own domain by base scope as we only need to fetch our own
domain information here, not UPN suffixes.

Required for https://fedorahosted.org/freeipa/ticket/2945

---

diff --git a/daemons/ipa-sam/ipa_sam.c b/daemons/ipa-sam/ipa_sam.c
index adf4822..0d4a27c 100644
--- a/daemons/ipa-sam/ipa_sam.c
+++ b/daemons/ipa-sam/ipa_sam.c
@@ -3479,7 +3479,7 @@ static NTSTATUS ipasam_get_domain_name(struct ldapsam_privates *ldap_state,
 
 	ret = smbldap_search(smbldap_state,
 			     ldap_state->ipasam_privates->base_dn,
-			     LDAP_SCOPE_SUBTREE,
+			     LDAP_SCOPE_BASE,
 			     "objectclass=domainRelatedObject", attr_list, 0,
 			     &result);
 	if (ret != LDAP_SUCCESS) {