From c538ac3081119e8bbd2aa375505ce79047a4d3f4 Mon Sep 17 00:00:00 2001
From: Arthur Schiwon <blizzz@owncloud.com>
Date: Wed, 14 Aug 2013 16:03:18 +0200
Subject: [PATCH] LDAP: only connect to LDAP once on login

---
 apps/user_ldap/lib/connection.php | 14 +++++++++++++-
 apps/user_ldap/user_ldap.php      | 10 +++++-----
 2 files changed, 18 insertions(+), 6 deletions(-)

diff --git a/apps/user_ldap/lib/connection.php b/apps/user_ldap/lib/connection.php
index 36c8e648b1..0372112f0e 100644
--- a/apps/user_ldap/lib/connection.php
+++ b/apps/user_ldap/lib/connection.php
@@ -29,6 +29,9 @@ class Connection {
 	private $configID;
 	private $configured = false;
 
+	//whether connection should be kept on __destruct
+	private $dontDestruct = false;
+
 	//cache handler
 	protected $cache;
 
@@ -83,11 +86,20 @@ class Connection {
 	}
 
 	public function __destruct() {
-		if(is_resource($this->ldapConnectionRes)) {
+		if(!$this->dontDestruct && is_resource($this->ldapConnectionRes)) {
 			@ldap_unbind($this->ldapConnectionRes);
 		};
 	}
 
+	/**
+	 * @brief defines behaviour when the instance is cloned
+	 */
+	public function __clone() {
+		//a cloned instance inherits the connection resource. It may use it,
+		//but it may not disconnect it
+		$this->dontDestruct = true;
+	}
+
 	public function __get($name) {
 		if(!$this->configured) {
 			$this->readConfiguration();
diff --git a/apps/user_ldap/user_ldap.php b/apps/user_ldap/user_ldap.php
index 41e2926605..850ca0df99 100644
--- a/apps/user_ldap/user_ldap.php
+++ b/apps/user_ldap/user_ldap.php
@@ -77,11 +77,6 @@ class USER_LDAP extends lib\Access implements \OCP\UserInterface {
 		}
 		$dn = $ldap_users[0];
 
-		//are the credentials OK?
-		if(!$this->areCredentialsValid($dn, $password)) {
-			return false;
-		}
-
 		//do we have a username for him/her?
 		$ocname = $this->dn2username($dn);
 
@@ -90,6 +85,11 @@ class USER_LDAP extends lib\Access implements \OCP\UserInterface {
 			$this->updateQuota($dn);
 			$this->updateEmail($dn);
 
+			//are the credentials OK?
+			if(!$this->areCredentialsValid($dn, $password)) {
+				return false;
+			}
+
 			//give back the display name
 			return $ocname;
 		}