Re-implement LDAP_BASE_DN to limit what is shown in the tree, and what PLA uses internally to search the server. Fixes #342

app/Classes/LDAP/Server.php

@@ -69,7 +69,7 @@ final class Server
 	public static function baseDNs(bool $objects=TRUE): Collection
 	{
 		try {
-			$rootdse = self::rootDSE();
+			$namingcontexts = collect(config('pla.base_dns') ?: self::rootDSE()?->namingcontexts);
 
 		/**
 		 * LDAP Error Codes:
@@ -175,13 +175,13 @@ final class Server
 		}
 
 		if (! $objects)
-			return collect($rootdse->namingcontexts ?: []);
+			return $namingcontexts;
 
-		return Cache::remember('basedns'.Session::id(),config('ldap.cache.time'),function() use ($rootdse) {
+		return Cache::remember('basedns'.Session::id(),config('ldap.cache.time'),function() use ($namingcontexts) {
 			$result = collect();
 
 			// @note: Incase our rootDSE didnt return a namingcontext, we'll have no base DNs
-			foreach (($rootdse->namingcontexts ?: []) as $dn)
+			foreach ($namingcontexts as $dn)
 				$result->push(self::get($dn)->read()->find($dn));
 
 			return $result->filter()->sort(fn($item)=>$item->sort_key);
@@ -298,6 +298,7 @@ final class Server
 	 *
 	 * @param string $key
 	 * @return int|bool
+	 * @throws InvalidUsage
 	 */
 	public function get_attr_id(string $key): int|bool
 	{

config/pla.php

@@ -43,6 +43,17 @@ return [
 
 	'allow_guest' => env('LDAP_ALLOW_GUEST',FALSE),
 
+	/*
+	 |--------------------------------------------------------------------------
+	 | Base DNs
+	 |--------------------------------------------------------------------------
+	 |
+	 | Normally PLA will get the base DNs from the rootDSE's namingcontexts
+	 | entry. Instead of using that, you can define your own base DNs to use.
+	 |
+	 */
+	'base_dns' => ($x=env('LDAP_BASE_DN', NULL)) ? explode(',',$x) : NULL,
+
 	/*
 	 |--------------------------------------------------------------------------
 	 | Custom Date Format