Use base search for known DN lookup (#31)

* Use base search for known DN lookup

Performing a 'base' search using the DN as base is the standard way.

Using (distinguishedName=) as a filter is not universal – for example,
OpenLDAP uses entryDN instead.

And while OpenLDAP 2.6.x seems to *recognize* distinguishedName, it
gives a completely different result (applying the match to all
DN-containing attributes rather than to the entry's own DN) – so the
search gives 25 entries, none of which were the correct one.

* Use base search in AttributeAddUsersGroups as well

Author: grawity

lib/Auth/Process/AttributeAddUsersGroups.php

@@ -354,6 +354,7 @@ protected function search(array $memberOf, array $options): array
         // Init the groups variable
         $entries = [];
         $ldapUtils = new LdapUtils();
+        $options['scope'] = 'base';
 
         // Check each DN of the passed memberOf
         foreach ($memberOf as $dn) {
@@ -369,8 +370,8 @@ protected function search(array $memberOf, array $options): array
             // Query LDAP for the attribute values for the DN
             $entry = $ldapUtils->search(
                 $this->ldapObject,
-                $this->searchBase,
-                sprintf("(&(%s=%s)(distinguishedName=%s))", $map['type'], $this->type_map['group'], $dn),
+                [$dn],
+                sprintf("(%s=%s)", $map['type'], $this->type_map['group']),
                 $options,
                 true,
             );

lib/Auth/Source/Ldap.php

@@ -134,10 +134,12 @@ protected function login(string $username, string $password): array
         }
 
         $ldapUtils->bind($ldapObject, $dn, $password);
-        $filter = sprintf('(distinguishedName=%s)', $dn);
+
+        $options['scope'] = 'base';
+        $filter = '(objectClass=*)';
 
         /** @psalm-var \Symfony\Component\Ldap\Entry $entry */
-        $entry = $ldapUtils->search($ldapObject, $searchBase, $filter, $options, false);
+        $entry = $ldapUtils->search($ldapObject, [$dn], $filter, $options, false);
 
         $attributes = $this->ldapConfig->getOptionalValue('attributes', []);
         if ($attributes === null) {