SERIOUS- new LDAP user can see all passwords

[jaialrai]

Steps to reproduce

1. set up LDAP to an AD Domain
2. login as a new user to create account
3. login immediately as the new user
4. On first login ALL passwords are visible despite the new user having no roles.
5. log off
6. log on again - No folders are visible apart from the personal one.

Expected behaviour

Tell us what should happen
No passwords except personal folder should be seen

Actual behaviour

Tell us what happens instead
ALL passwords and Folders are visible and readable.
Also a number of numerical folders are visible at the top of the list (are these everyones personal folders?)

Server configuration

Operating system:
Linux Debian Jesse
Web server:
Apache 2
Database:
MySQL
PHP version:

Teampass version:
2.1.27.10
Teampass configuration file:

Updated from an older Teampass or fresh install:
PLEASE attach to this message the file /includes/config/tp.config.php.
updated from 2.1.26

Client configuration

Browser:
Chrome
Operating system:
Win 10

Logs

Web server error log

Insert your webserver log here

Log from the web-browser developer console (CTRL + SHIFT + i)

Insert the log here and especially the answer of the query that failed.

[jaialrai]

#1153 is the same issue recurring in the current version - looks like it might not have been fixed, i see very similar screenshots

[nilsteampassnet]

Duplicate of #2035