🐛 Only return Directory Server Entry object if explicitly requested (#10)

camh- · web-flow · commit cb436b4eb2a6 · 2025-11-18T22:51:04.000+11:00
Ensure we return the Directory Server Entry (DSE) when the requested DN is the empty DN and the scope is for a base object (not a tree). The Directory Server Entry (DSE) is the root of the DB and contains server/service oriented information, not user data. This should only be returned when explicitly requested by requesting the empty DN and requesting just a base object (not a tree). Previously we could get the DSE based on a search for a DN that is a parent of the root data entry and we'd return that. Pull-request: #10
diff --git a/server.go b/server.go
@@ -104,7 +104,7 @@ func (s *Server) handleSearch(w *gldap.ResponseWriter, r *gldap.Request) {
 		return
 	}
 	base := s.db.DIT.Find(baseDN)
-	if base == nil || (base.Entry.DN.IsEmpty() && req.Scope != gldap.BaseObject) {
+	if base == nil || (baseDN.IsEmpty() && req.Scope != gldap.BaseObject) {
 		slog.Error("basedn not found", "method", "search", "basedn", baseDN.String())
 		resp.SetResultCode(gldap.ResultNoSuchObject)
 		return

Original file line number	Diff line number	Diff line change
`@@ -104,7 +104,7 @@ func (s Server) handleSearch(w gldap.ResponseWriter, r *gldap.Request) {`
`104`	`104`	`return`
`105`	`105`	`}`
`106`	`106`	`base := s.db.DIT.Find(baseDN)`
`107`		`- if base == nil \|\| (base.Entry.DN.IsEmpty() && req.Scope != gldap.BaseObject) {`
	`107`	`+ if base == nil \|\| (baseDN.IsEmpty() && req.Scope != gldap.BaseObject) {`
`108`	`108`	`slog.Error("basedn not found", "method", "search", "basedn", baseDN.String())`
`109`	`109`	`resp.SetResultCode(gldap.ResultNoSuchObject)`
`110`	`110`	`return`