ldap: only search base of base_dn when checking connection

this should avoid most common size limitations. the search should also
complete quicker as fewer results need to be computed. note that this
way a configuration may be accepted, but the related sync job can
fail due to and exceeded size limit warning for some ldap servers
(such as 2.5.14+dfsg-0ubuntu0.22.04.2).

Signed-off-by: Stefan Sterz <s.sterz@proxmox.com>

proxmox-ldap/src/lib.rs

@@ -177,30 +177,22 @@ impl Connection {
                 .await?
                 .success()
                 .context("LDAP bind failed, bind_dn or password could be incorrect")?;
+        }
 
-            let (_, _) = ldap
-                .search(
-                    &self.config.base_dn,
-                    Scope::Subtree,
-                    "(objectClass=*)",
-                    vec!["*"],
-                )
-                .await?
-                .success()
-                .context("Could not search LDAP realm, base_dn could be incorrect")?;
+        // only search base to make sure the base_dn exists while avoiding most common size limits
+        let (_, _) = ldap
+            .search(
+                &self.config.base_dn,
+                Scope::Base,
+                "(objectClass=*)",
+                vec!["*"],
+            )
+            .await?
+            .success()
+            .context("Could not search LDAP realm, base_dn could be incorrect")?;
 
+        if self.config.bind_dn.is_some() {
             let _: Result<(), _> = ldap.unbind().await; // ignore errors, search succeeded already
-        } else {
-            let (_, _) = ldap
-                .search(
-                    &self.config.base_dn,
-                    Scope::Subtree,
-                    "(objectClass=*)",
-                    vec!["*"],
-                )
-                .await?
-                .success()
-                .context("Could not search LDAP realm, base_dn could be incorrect")?;
         }
 
         Ok(())