Refactored code to avoid performance problem
Moved the dynamic group processing to the top and removed condition in memberOf processing. Also, changed variable name $value to $memberUrl
This commit is contained in:
parent
0d797637f3
commit
39aac2c66b
|
@ -453,6 +453,39 @@ class GROUP_LDAP extends BackendUtility implements \OCP\GroupInterface {
|
||||||
|
|
||||||
$dynamicGroupMemberURL = strtolower($this->access->connection->ldapDynamicGroupMemberURL);
|
$dynamicGroupMemberURL = strtolower($this->access->connection->ldapDynamicGroupMemberURL);
|
||||||
|
|
||||||
|
if (!empty($dynamicGroupMemberURL)) {
|
||||||
|
// look through dynamic groups to add them to the result array if needed
|
||||||
|
$groupsToMatch = $this->access->fetchListOfGroups(
|
||||||
|
$this->access->connection->ldapGroupFilter,array('dn',$dynamicGroupMemberURL));
|
||||||
|
foreach($groupsToMatch as $memberUrl) {
|
||||||
|
if (!array_key_exists($dynamicGroupMemberURL, $memberUrl)) {
|
||||||
|
continue;
|
||||||
|
}
|
||||||
|
$pos = strpos($memberUrl[$dynamicGroupMemberURL][0], '(');
|
||||||
|
if ($pos !== false) {
|
||||||
|
$memberUrlFilter = substr($memberUrl[$dynamicGroupMemberURL][0],$pos);
|
||||||
|
// apply filter via ldap search to see if this user is in this
|
||||||
|
// dynamic group
|
||||||
|
$userMatch = $this->access->readAttribute(
|
||||||
|
$uid,
|
||||||
|
$this->access->connection->ldapUserDisplayName,
|
||||||
|
$memberUrlFilter
|
||||||
|
);
|
||||||
|
if ($userMatch !== false) {
|
||||||
|
// match found so this user is in this group
|
||||||
|
$pos = strpos($memberUrl['dn'][0], ',');
|
||||||
|
if ($pos !== false) {
|
||||||
|
$membershipGroup = substr($memberUrl['dn'][0],3,$pos-3);
|
||||||
|
$groups[] = $membershipGroup;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
} else {
|
||||||
|
\OCP\Util::writeLog('user_ldap', 'No search filter found on member url '.
|
||||||
|
'of group ' . $dnGroup, \OCP\Util::DEBUG);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
// if possible, read out membership via memberOf. It's far faster than
|
// if possible, read out membership via memberOf. It's far faster than
|
||||||
// performing a search, which still is a fallback later.
|
// performing a search, which still is a fallback later.
|
||||||
if(intval($this->access->connection->hasMemberOfFilterSupport) === 1
|
if(intval($this->access->connection->hasMemberOfFilterSupport) === 1
|
||||||
|
@ -470,15 +503,11 @@ class GROUP_LDAP extends BackendUtility implements \OCP\GroupInterface {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
if (empty($dynamicGroupMemberURL)) {
|
if($primaryGroup !== false) {
|
||||||
// if dynamic group membership is not enabled then we can return
|
$groups[] = $primaryGroup;
|
||||||
// straight away
|
|
||||||
if($primaryGroup !== false) {
|
|
||||||
$groups[] = $primaryGroup;
|
|
||||||
}
|
|
||||||
$this->access->connection->writeToCache($cacheKey, $groups);
|
|
||||||
return $groups;
|
|
||||||
}
|
}
|
||||||
|
$this->access->connection->writeToCache($cacheKey, $groups);
|
||||||
|
return $groups;
|
||||||
}
|
}
|
||||||
|
|
||||||
//uniqueMember takes DN, memberuid the uid, so we need to distinguish
|
//uniqueMember takes DN, memberuid the uid, so we need to distinguish
|
||||||
|
@ -510,39 +539,6 @@ class GROUP_LDAP extends BackendUtility implements \OCP\GroupInterface {
|
||||||
$groups[] = $primaryGroup;
|
$groups[] = $primaryGroup;
|
||||||
}
|
}
|
||||||
|
|
||||||
if (!empty($dynamicGroupMemberURL)) {
|
|
||||||
// look through dynamic groups to add them to the result array if needed
|
|
||||||
$groupsToMatch = $this->access->fetchListOfGroups(
|
|
||||||
$this->access->connection->ldapGroupFilter,array('dn',$dynamicGroupMemberURL));
|
|
||||||
foreach($groupsToMatch as $value) {
|
|
||||||
if (!array_key_exists($dynamicGroupMemberURL, $value)) {
|
|
||||||
continue;
|
|
||||||
}
|
|
||||||
$pos = strpos($value[$dynamicGroupMemberURL][0], '(');
|
|
||||||
if ($pos !== false) {
|
|
||||||
$memberUrlFilter = substr($value[$dynamicGroupMemberURL][0],$pos);
|
|
||||||
// apply filter via ldap search to see if this user is in this
|
|
||||||
// dynamic group
|
|
||||||
$userMatch = $this->access->readAttribute(
|
|
||||||
$uid,
|
|
||||||
$this->access->connection->ldapUserDisplayName,
|
|
||||||
$memberUrlFilter
|
|
||||||
);
|
|
||||||
if ($userMatch !== false) {
|
|
||||||
// match found so this user is in this group
|
|
||||||
$pos = strpos($value['dn'][0], ',');
|
|
||||||
if ($pos !== false) {
|
|
||||||
$membershipGroup = substr($value['dn'][0],3,$pos-3);
|
|
||||||
$groups[] = $membershipGroup;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
} else {
|
|
||||||
\OCP\Util::writeLog('user_ldap', 'No search filter found on member url '.
|
|
||||||
'of group ' . $dnGroup, \OCP\Util::DEBUG);
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
$groups = array_unique($groups, SORT_LOCALE_STRING);
|
$groups = array_unique($groups, SORT_LOCALE_STRING);
|
||||||
$this->access->connection->writeToCache($cacheKey, $groups);
|
$this->access->connection->writeToCache($cacheKey, $groups);
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue