From 60b0e82aa64199bbed7a81a71b7cb1cd0ffd819e Mon Sep 17 00:00:00 2001
From: Simon Rettberg
Date: Wed, 18 Jan 2017 13:37:03 +0100
Subject: [sysconfig] More ad/ldap setup fixes

---
 modules-available/sysconfig/inc/ldap.inc.php | 14 ++++++++++++++
 1 file changed, 14 insertions(+)

(limited to 'modules-available/sysconfig/inc/ldap.inc.php')

diff --git a/modules-available/sysconfig/inc/ldap.inc.php b/modules-available/sysconfig/inc/ldap.inc.php
index ed471f31..23b24885 100644
--- a/modules-available/sysconfig/inc/ldap.inc.php
+++ b/modules-available/sysconfig/inc/ldap.inc.php
@@ -8,4 +8,18 @@ class Ldap
 		return trim(preg_replace('/[,;]\s*/', ',', $dn));
 	}
 
+	public static function getSelfSearchBase($binddn, $searchbase)
+	{
+		// To find ourselves we try to figure out the proper search base, since the given one
+		// might be just for users, not for functional or utility accounts
+		if (preg_match('/,(OU=.*DC=.*)$/i', Ldap::normalizeDn($binddn), $out)) {
+			// Get OU from binddn; works if not given short form of DOMAIN\user or user@domain.fqdn.com
+			$searchbase = $out[1];
+		} elseif (preg_match('/,(DC=.*)$/i', Ldap::normalizeDn($searchbase), $out)) {
+			// Otherwise, shorten search base enough to only consider the DC=..,DC=.. part at the end
+			$searchbase = $out[1];
+		}
+		return $searchbase;
+	}
+
 }
-- 
cgit v1.2.3-55-g7522