diff --git a/winsup/cygwin/ChangeLog b/winsup/cygwin/ChangeLog
index fd076b20e..26f7fd0c2 100644
--- a/winsup/cygwin/ChangeLog
+++ b/winsup/cygwin/ChangeLog
@@ -1,3 +1,19 @@
+2015-02-18  Corinna Vinschen  <corinna@vinschen.de>
+
+	* ldap.cc (struct cyg_ldap_search): Add scope member.
+	(cyg_ldap::search_s): Add parameter scope.  Use as LDAP search scope
+	instead of fixed LDAP_SCOPE_SUBTREE scope.
+	(ldap_search_thr): Call cyg_ldap::search_s with scope from argument.
+	(cyg_ldap::search): Add parameter scope and fill in to cyg_ldap_search.
+	(cyg_ldap::fetch_ad_account): Call search with LDAP_SCOPE_SUBTREE scope.
+	(cyg_ldap::fetch_posix_offset_for_domain): Call search with
+	LDAP_SCOPE_ONELEVEL scope.
+	(cyg_ldap::fetch_unix_sid_from_ad): Call search with LDAP_SCOPE_SUBTREE
+	scope.
+	(cyg_ldap::fetch_unix_name_from_rfc2307): Ditto.
+	* ldap.h (cyg_ldap::search): Align prototype to above change.
+	(cyg_ldap::search_s): Ditto.
+
 2015-02-18  Corinna Vinschen  <corinna@vinschen.de>
 
 	* ldap.cc: Macro-ize filter expressions.  Use throughout to compute
diff --git a/winsup/cygwin/ldap.cc b/winsup/cygwin/ldap.cc
index bf4792347..890ab38df 100644
--- a/winsup/cygwin/ldap.cc
+++ b/winsup/cygwin/ldap.cc
@@ -232,18 +232,19 @@ cyg_ldap::connect (PCWSTR domain)
 struct cyg_ldap_search {
   cyg_ldap *that;
   PWCHAR base;
+  ULONG scope;
   PWCHAR filter;
   PWCHAR *attrs;
   ULONG ret;
 };
 
 ULONG
-cyg_ldap::search_s (PWCHAR base, PWCHAR filter, PWCHAR *attrs)
+cyg_ldap::search_s (PWCHAR base, ULONG scope, PWCHAR filter, PWCHAR *attrs)
 {
   ULONG ret;
   
-  if ((ret = ldap_search_sW (lh, base, LDAP_SCOPE_SUBTREE, filter,
-			     attrs, 0, &msg)) != LDAP_SUCCESS)
+  if ((ret = ldap_search_sW (lh, base, scope, filter, attrs, 0, &msg))
+      != LDAP_SUCCESS)
     debug_printf ("ldap_search_sW(%W,%W) error 0x%02x", base, filter, ret);
   return ret;
 }
@@ -252,14 +253,14 @@ static DWORD WINAPI
 ldap_search_thr (LPVOID param)
 {
   cyg_ldap_search *cl = (cyg_ldap_search *) param;
-  cl->ret = cl->that->search_s (cl->base, cl->filter, cl->attrs);
+  cl->ret = cl->that->search_s (cl->base, cl->scope, cl->filter, cl->attrs);
   return 0;
 }
 
 inline int
-cyg_ldap::search (PWCHAR base, PWCHAR filter, PWCHAR *attrs)
+cyg_ldap::search (PWCHAR base, ULONG scope, PWCHAR filter, PWCHAR *attrs)
 {
-  cyg_ldap_search cl = { this, base, filter, attrs, NO_ERROR };
+  cyg_ldap_search cl = { this, base, scope, filter, attrs, NO_ERROR };
   cygthread *thr = new cygthread (ldap_search_thr, &cl, "ldap_search");
   return wait (thr) ?: map_ldaperr_to_errno (cl.ret);
 }
@@ -452,7 +453,7 @@ cyg_ldap::fetch_ad_account (PSID sid, bool group, PCWSTR domain)
   if (!user_attr)
     cygheap->pg.init_ldap_user_attr ();
   attr = group ? group_attr : user_attr;
-  if (search (base, filter, attr) != 0)
+  if (search (base, LDAP_SCOPE_SUBTREE, filter, attr) != 0)
       return false;
   if (!(entry = ldap_first_entry (lh, msg)))
     {
@@ -566,7 +567,7 @@ cyg_ldap::fetch_posix_offset_for_domain (PCWSTR domain)
   __small_swprintf (filter, wcschr (domain, L'.') ? PSX_OFFSET_FILTER
 						  : PSX_OFFSET_FILTER_FLAT,
 		    domain);
-  if (search (base, filter, attr = tdom_attr) != 0)
+  if (search (base, LDAP_SCOPE_ONELEVEL, filter, attr = tdom_attr) != 0)
     return UINT32_MAX;
   if (!(entry = ldap_first_entry (lh, msg)))
     {
@@ -621,7 +622,7 @@ cyg_ldap::fetch_unix_sid_from_ad (uint32_t id, cygsid &sid, bool group)
       msg = entry = NULL;
     }
   __small_swprintf (filter, group ? UXID_FILTER_GRP : UXID_FILTER_USR, id);
-  if (search (def_context, filter, sid_attr) != 0)
+  if (search (def_context, LDAP_SCOPE_SUBTREE, filter, sid_attr) != 0)
     return false;
   if ((entry = ldap_first_entry (lh, msg))
       && (bval = ldap_get_values_lenW (lh, entry, sid_attr[0])))
@@ -656,7 +657,7 @@ cyg_ldap::fetch_unix_name_from_rfc2307 (uint32_t id, bool group)
     }
   attr = group ? rfc2307_gid_attr : rfc2307_uid_attr;
   __small_swprintf (filter, group ? PSXID_FILTER_GRP : PSXID_FILTER_USR, id);
-  if (search (def_context, filter, attr) != 0)
+  if (search (def_context, LDAP_SCOPE_SUBTREE, filter, attr) != 0)
     return NULL;
   if (!(entry = ldap_first_entry (lh, msg)))
     {
diff --git a/winsup/cygwin/ldap.h b/winsup/cygwin/ldap.h
index fb4bebf7d..9209d854b 100644
--- a/winsup/cygwin/ldap.h
+++ b/winsup/cygwin/ldap.h
@@ -37,7 +37,7 @@ class cyg_ldap {
   inline int map_ldaperr_to_errno (ULONG lerr);
   inline int wait (cygthread *thr);
   inline int connect (PCWSTR domain);
-  inline int search (PWCHAR base, PWCHAR filter, PWCHAR *attrs);
+  inline int search (PWCHAR base, ULONG scope, PWCHAR filter, PWCHAR *attrs);
   inline int next_page ();
   bool fetch_unix_sid_from_ad (uint32_t id, cygsid &sid, bool group);
   PWCHAR fetch_unix_name_from_rfc2307 (uint32_t id, bool group);
@@ -53,7 +53,7 @@ public:
 
   ULONG connect_ssl (PCWSTR domain);
   ULONG connect_non_ssl (PCWSTR domain);
-  ULONG search_s (PWCHAR base, PWCHAR filter, PWCHAR *attrs);
+  ULONG search_s (PWCHAR base, ULONG scope, PWCHAR filter, PWCHAR *attrs);
   ULONG next_page_s ();
 
   bool is_open () const { return !!lh; }