From 912c87eedaa3ea909d5721d8066fa4455529aa1b Mon Sep 17 00:00:00 2001 From: Arthur Schiwon Date: Mon, 23 Apr 2012 13:04:58 +0200 Subject: [PATCH] LDAP: optimize LDAP requests for users and groups. Settings are still to do, though. --- apps/user_ldap/group_ldap.php | 27 +++++++++++------------- apps/user_ldap/lib_ldap.php | 39 +++++++++++++++++++++++++++++++---- 2 files changed, 47 insertions(+), 19 deletions(-) diff --git a/apps/user_ldap/group_ldap.php b/apps/user_ldap/group_ldap.php index b1619e0653..fe0789cdeb 100644 --- a/apps/user_ldap/group_ldap.php +++ b/apps/user_ldap/group_ldap.php @@ -47,14 +47,12 @@ class OC_GROUP_LDAP extends OC_Group_Backend { LDAP_GROUP_MEMBER_ASSOC_ATTR.'='.$uid, $this->ldapGroupDisplayName.'='.$gid )); - $groups = OC_LDAP::search($filter, $this->ldapGroupDisplayName); + $groups = $this->retrieveList($filter, $this->ldapGroupDisplayName); - if(count($groups) == 1) { + if(count($groups) > 0) { return true; - } else if(count($groups) < 1) { - return false; } else { - throw new Exception('Too many groups of the same name!? – this exception should never been thrown :)'); + return false; } } @@ -85,7 +83,7 @@ class OC_GROUP_LDAP extends OC_Group_Backend { $this->ldapGroupDisplayName.'='.$gid )); - return $this->retrieveList($filter, $this->ldapGroupMemberAttr); + return $this->retrieveList($filter, $this->ldapGroupMemberAttr, false); } /** @@ -95,13 +93,7 @@ class OC_GROUP_LDAP extends OC_Group_Backend { * Returns a list with all groups */ public function getGroups() { - $groups = OC_LDAP::search($this->ldapGroupFilter, $this->ldapGroupDisplayName); - - if(count($groups) == 0 ) - return array(); - else { - return array_unique($groups, SORT_LOCALE_STRING); - } + return $this->retrieveList($this->ldapGroupFilter, $this->ldapGroupDisplayName); } /** @@ -113,8 +105,13 @@ class OC_GROUP_LDAP extends OC_Group_Backend { return in_array($gid, $this->getGroups()); } - private function retrieveList($filter, $attr) { - $list = OC_LDAP::search($filter, $attr); + private function retrieveList($filter, $attr, $searchForGroups = true) { + if($searchForGroups) { + $list = OC_LDAP::searchGroups($filter, $attr); + } else { + $list = OC_LDAP::searchUsers($filter, $attr); + } + if(is_array($list)) { return array_unique($list, SORT_LOCALE_STRING); diff --git a/apps/user_ldap/lib_ldap.php b/apps/user_ldap/lib_ldap.php index 1016b955dc..752ac4f228 100644 --- a/apps/user_ldap/lib_ldap.php +++ b/apps/user_ldap/lib_ldap.php @@ -38,6 +38,8 @@ class OC_LDAP { static protected $ldapHost; static protected $ldapPort; static protected $ldapBase; + static protected $ldapBaseUsers; + static protected $ldapBaseGroups; static protected $ldapAgentName; static protected $ldapAgentPassword; static protected $ldapTLS; @@ -65,15 +67,40 @@ class OC_LDAP { } /** - * @brief executes an LDAP search + * @brief executes an LDAP search, optimized for Users * @param $filter the LDAP filter for the search * @param $attr optional, when a certain attribute shall be filtered out * @returns array with the search result * * Executes an LDAP search */ - static public function search($filter, $attr = null) { - $sr = ldap_search(self::getConnectionResource(), self::$ldapBase, $filter, array($attr)); + static public function searchUsers($filter, $attr = null) { + return self::search($filter, self::$ldapBaseUsers, $attr); + } + + /** + * @brief executes an LDAP search, optimized for Groups + * @param $filter the LDAP filter for the search + * @param $attr optional, when a certain attribute shall be filtered out + * @returns array with the search result + * + * Executes an LDAP search + */ + static public function searchGroups($filter, $attr = null) { + return self::search($filter, self::$ldapBaseGroups, $attr); + } + + /** + * @brief executes an LDAP search + * @param $filter the LDAP filter for the search + * @param $base the LDAP subtree that shall be searched + * @param $attr optional, when a certain attribute shall be filtered out + * @returns array with the search result + * + * Executes an LDAP search + */ + static private function search($filter, $base, $attr = null) { + $sr = ldap_search(self::getConnectionResource(), $base, $filter, array($attr)); $findings = ldap_get_entries(self::getConnectionResource(), $sr ); if(!is_null($attr)) { @@ -150,7 +177,9 @@ class OC_LDAP { self::$ldapPort = OC_Appconfig::getValue('user_ldap', 'ldap_port', OC_USER_BACKEND_LDAP_DEFAULT_PORT); self::$ldapAgentName = OC_Appconfig::getValue('user_ldap', 'ldap_dn',''); self::$ldapAgentPassword = OC_Appconfig::getValue('user_ldap', 'ldap_password',''); - self::$ldapBase = OC_Appconfig::getValue('user_ldap', 'ldap_base',''); + self::$ldapBase = OC_Appconfig::getValue('user_ldap', 'ldap_base', ''); + self::$ldapBaseUsers = OC_Appconfig::getValue('user_ldap', 'ldap_base_users',self::$ldapBase); + self::$ldapBaseGroups = OC_Appconfig::getValue('user_ldap', 'ldap_base_groups', self::$ldapBase); self::$ldapTLS = OC_Appconfig::getValue('user_ldap', 'ldap_tls',0); self::$ldapNoCase = OC_Appconfig::getValue('user_ldap', 'ldap_nocase', 0); self::$ldapUserDisplayName = OC_Appconfig::getValue('user_ldap', 'ldap_display_name', OC_USER_BACKEND_LDAP_DEFAULT_DISPLAY_NAME); @@ -163,6 +192,8 @@ class OC_LDAP { || ( empty(self::$ldapAgentName) && empty(self::$ldapAgentPassword)) ) && !empty(self::$ldapBase) + && !empty(self::$ldapBaseUsers) + && !empty(self::$ldapBaseGroups) && !empty(self::$ldapUserDisplayName) ) {