From bf7ebde7c32f1c79463756b2dfeb16798f855e83 Mon Sep 17 00:00:00 2001
From: Quanah Gibson-Mount <quanah@openldap.org>
Date: Mon, 3 Jan 2011 23:22:12 +0000
Subject: [PATCH] ITS#6699

---
 CHANGES                         | 1 +
 servers/slapd/back-ldap/chain.c | 6 +++++-
 2 files changed, 6 insertions(+), 1 deletion(-)

diff --git a/CHANGES b/CHANGES
index c8c45100f3..aa3b752be7 100644
--- a/CHANGES
+++ b/CHANGES
@@ -30,6 +30,7 @@ OpenLDAP 2.4.24 Engineering
 	Fixed slapd-bdb error propogation to overlays (ITS#6633)
 	Fixed slapd-ldap debug output of timeout (ITS#6721)
 	Fixed slapd-ldap DNSSRV referral chaining (ITS#6565)
+	Fixed slapd-ldap chaining with onelevel scope (ITS#6699)
 	Fixed slapd-ldap with SASL/EXTERNAL (ITS#6642)
 	Fixed slapd-ndb to honor rootpw setting (ITS#6661)
 	Fixed slapd-meta anon retry with failed auth method (ITS#6643)
diff --git a/servers/slapd/back-ldap/chain.c b/servers/slapd/back-ldap/chain.c
index a6c33e4d2f..9c23dbf9b1 100644
--- a/servers/slapd/back-ldap/chain.c
+++ b/servers/slapd/back-ldap/chain.c
@@ -708,7 +708,11 @@ ldap_chain_search(
 
 		} else {
 			/* RFC 4511: if scope is absent, use original */
-			tmp_oq_search.rs_scope = op->ors_scope;
+			/* Section 4.5.3: if scope is onelevel, use base */
+			if ( op->ors_scope == LDAP_SCOPE_ONELEVEL )
+				tmp_oq_search.rs_scope = LDAP_SCOPE_BASE;
+			else
+				tmp_oq_search.rs_scope = op->ors_scope;
 		}
 
 		rc = LDAP_SUCCESS;
-- 
2.39.5