2 files changed, 16 insertions, 1 deletions

diff --git a/modules-available/sysconfig/inc/configmodulebaseldap.inc.php b/modules-available/sysconfig/inc/configmodulebaseldap.inc.php
index 760593e1..8e42478e 100644
--- a/modules-available/sysconfig/inc/configmodulebaseldap.inc.php
+++ b/modules-available/sysconfig/inc/configmodulebaseldap.inc.php
@@ -7,7 +7,8 @@ abstract class ConfigModuleBaseLdap extends ConfigModule
 
 	private static $REQUIRED_FIELDS = array('server', 'searchbase');
 	private static $OPTIONAL_FIELDS = array('binddn', 'bindpw', 'home', 'ssl', 'fingerprint', 'certificate', 'homeattr',
-		'shareRemapMode', 'shareRemapCreate', 'shareDocuments', 'shareDownloads', 'shareDesktop', 'shareMedia', 'shareOther', 'shareHomeDrive');
+		'shareRemapMode', 'shareRemapCreate', 'shareDocuments', 'shareDownloads', 'shareDesktop', 'shareMedia',
+		'shareOther', 'shareHomeDrive', 'shareDomain', 'credentialPassthrough');
 
 	protected function generateInternal($tgz, $parent)
 	{
diff --git a/modules-available/sysconfig/inc/ldap.inc.php b/modules-available/sysconfig/inc/ldap.inc.php
index ed471f31..23b24885 100644
--- a/modules-available/sysconfig/inc/ldap.inc.php
+++ b/modules-available/sysconfig/inc/ldap.inc.php
@@ -8,4 +8,18 @@ class Ldap
 		return trim(preg_replace('/[,;]\s*/', ',', $dn));
 	}
 
+	public static function getSelfSearchBase($binddn, $searchbase)
+	{
+		// To find ourselves we try to figure out the proper search base, since the given one
+		// might be just for users, not for functional or utility accounts
+		if (preg_match('/,(OU=.*DC=.*)$/i', Ldap::normalizeDn($binddn), $out)) {
+			// Get OU from binddn; works if not given short form of DOMAIN\user or user@domain.fqdn.com
+			$searchbase = $out[1];
+		} elseif (preg_match('/,(DC=.*)$/i', Ldap::normalizeDn($searchbase), $out)) {
+			// Otherwise, shorten search base enough to only consider the DC=..,DC=.. part at the end
+			$searchbase = $out[1];
+		}
+		return $searchbase;
+	}
+
 }