Merge branch 'main' into feature_ad_guid_search

Author: marle3003

providers/directory/search.go

@@ -45,6 +45,25 @@ func updateBaseDnForGuidIfNeeded(msg *ldap.SearchRequest, e *Entry) {
 	msg.BaseDN = e.Dn
 }
 
+var matchingRules = map[string]string{
+	"1.3.6.1.4.1.1466.115.121.1.38": "objectIdentifierMatch",
+	"1.3.6.1.4.1.1466.115.121.1.15": "caseIgnoreMatch",
+	"1.3.6.1.4.1.1466.115.121.1.26": "caseExactMatch",
+	"1.3.6.1.4.1.1466.115.121.1.7":  "booleanMatch",
+	"1.3.6.1.4.1.1466.115.121.1.27": "integerMatch",
+	"1.3.6.1.4.1.1466.115.121.1.12": "distinguishedNameMatch",
+	"1.3.6.1.4.1.1466.115.121.1.24": "generalizedTimeMatch",
+	"1.3.6.1.4.1.1466.115.121.1.5":  "octetStringMatch",
+}
+
+func inferMatchingRule(syntaxOID string) string {
+	if v, ok := matchingRules[syntaxOID]; ok {
+		return v
+	}
+	return "caseExactMatch"
+}
+
+
 func (d *Directory) serveSearch(rw ldap.ResponseWriter, r *ldap.Request) {
 	msg := r.Message.(*ldap.SearchRequest)
 	m, doMonitor := monitor.LdapFromContext(r.Context)
@@ -107,6 +126,10 @@ func (d *Directory) serveSearch(rw ldap.ResponseWriter, r *ldap.Request) {
 				if dn := strings.Join(parts[1:], ","); dn != msg.BaseDN {
 					continue
 				}
+			case ldap.ScopeWholeSubtree:
+				if !strings.HasSuffix(strings.ToLower(e.Dn), strings.ToLower(msg.BaseDN)) {
+					continue
+				}
 			}
 			if d.skip(&e, msg.BaseDN) {
 				continue
@@ -370,6 +393,9 @@ func (p *parser) equal(name, value string) (predicate, error) {
 	if p.s != nil {
 		t, ok := p.s.AttributeTypes[name]
 		if ok {
+			if t.Equality == "" {
+				t.Equality = inferMatchingRule(t.Syntax)
+			}
 			switch t.Equality {
 			case "caseIgnoreMatch", "2.5.13.2":
 				f = func(s string) bool {