ldb: don't return special DNs on non-base searches

[ira/wip.git] / lib / ldb / common / ldb_match.c

diff --git a/lib/ldb/common/ldb_match.c b/lib/ldb/common/ldb_match.c
index a42cf9449d338320b0fb9bcae35877c5f254c6c1..c23e80478af239dcb7129874261d3ec509e11246 100644 (file)
--- a/lib/ldb/common/ldb_match.c
+++ b/lib/ldb/common/ldb_match.c
@@ -463,6 +463,11 @@ static int ldb_match_message(struct ldb_context *ldb,
 
        *matched = false;
 
+       if (scope != LDB_SCOPE_BASE && ldb_dn_is_special(msg->dn)) {
+               /* don't match special records except on base searches */
+               return LDB_SUCCESS;
+       }
+
        switch (tree->operation) {
        case LDB_OP_AND:
                for (i=0;i<tree->u.list.num_elements;i++) {