From b08887848a523df55b7d4926de59a697d5b16ad7 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Cosme=20Dom=C3=ADnguez=20D=C3=ADaz?= <cosme.ddiaz@gmail.com>
Date: Fri, 21 Jun 2019 22:00:16 +0200
Subject: [PATCH] Restrict available LDAP servers.

You can view any available LDAP if you have access
to the root entity.

Otherwise, only the LDAP configured as the default
for the current entity is displayed.
---
 inc/question.class.php | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/inc/question.class.php b/inc/question.class.php
index 03510eb434..ac9630e815 100644
--- a/inc/question.class.php
+++ b/inc/question.class.php
@@ -836,10 +836,17 @@ public function showForm($ID, $options = []) {
       if ($ldap_values === null) {
          $ldap_values = [];
       }
+      $current_entity = $_SESSION['glpiactive_entity'];
+      if ($current_entity == 0) {
+        $auth_ldap_condition = '';
+      } else {
+        $auth_ldap_condition = "glpi_authldaps.id in (select a.id from glpi_entities as e ,glpi_authldaps as a where a.id=e.authldaps_id and e.id=${current_entity})";
+      }
       Dropdown::show('AuthLDAP', [
          'name'      => 'ldap_auth',
+         'condition' => $auth_ldap_condition,
          'rand'      => $rand,
-         'value'     => (isset($ldap_values['ldap_auth'])) ? $ldap_values['ldap_auth'] : '',
+         'value'     => '',
          'on_change' => 'change_LDAP(this)',
       ]);
       echo '</div>';