Multiple user referentials working with IPA.

[lgpl/argeo-commons.git] / org.argeo.util / src / org / argeo / util / directory / ldap / LdapDao.java

diff --git a/org.argeo.util/src/org/argeo/util/directory/ldap/LdapDao.java b/org.argeo.util/src/org/argeo/util/directory/ldap/LdapDao.java
index 0f6e324ad258411a5da7f314e30283e8e1c31ffa..9157f23a4d8ad3033d91bd79bc6db2f24daddf4f 100644 (file)
--- a/org.argeo.util/src/org/argeo/util/directory/ldap/LdapDao.java
+++ b/org.argeo.util/src/org/argeo/util/directory/ldap/LdapDao.java
@@ -213,10 +213,11 @@ public class LdapDao extends AbstractLdapDirectoryDao {
        public Iterable<HierarchyUnit> doGetDirectHierarchyUnits(LdapName searchBase, boolean functionalOnly) {
                List<HierarchyUnit> res = new ArrayList<>();
                try {
+                       String structuralFilter = functionalOnly ? ""
+                                       : "(" + getDirectory().getUserBaseRdn() + ")(" + getDirectory().getGroupBaseRdn() + ")("
+                                                       + getDirectory().getSystemRoleBaseRdn() + ")";
                        String searchFilter = "(|(" + objectClass + "=" + LdapObjs.organizationalUnit.name() + ")(" + objectClass
-                                       + "=" + LdapObjs.organization.name() + "))";
-//                     String searchFilter = "(|(" + objectClass + "=" + LdapObjs.organizationalUnit.name() + ")(" + objectClass
-//                                     + "=" + LdapObjs.organization.name() + ")(cn=accounts)(cn=users)(cn=groups))";
+                                       + "=" + LdapObjs.organization.name() + ")" + structuralFilter + ")";
 
                        SearchControls searchControls = new SearchControls();
                        searchControls.setSearchScope(SearchControls.ONELEVEL_SCOPE);