]> source.dussan.org Git - nextcloud-server.git/commitdiff
Support LDAP dns longer than 255 characters
authorCôme Chilliet <come.chilliet@nextcloud.com>
Tue, 2 Nov 2021 15:22:37 +0000 (16:22 +0100)
committerCôme Chilliet <come.chilliet@nextcloud.com>
Mon, 13 Dec 2021 08:38:43 +0000 (09:38 +0100)
Adds an ldap_full_dn column to store the dn, and only store a sha256
 hash in the ldap_dn which is shorter and can be indexed without
 trouble.
Migration still needs to be implemented.

Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
apps/user_ldap/lib/Mapping/AbstractMapping.php
apps/user_ldap/lib/Migration/Version1010Date20200630192842.php

index 85fc91590fb2b0d47c4185a97870b5d67ad00406..8d1236e73485a81ead75e1159df1290e1c291f3b 100644 (file)
@@ -67,6 +67,7 @@ abstract class AbstractMapping {
         */
        public function isColNameValid($col) {
                switch ($col) {
+                       case 'ldap_full_dn':
                        case 'ldap_dn':
                        case 'owncloud_name':
                        case 'directory_uuid':
@@ -134,7 +135,7 @@ abstract class AbstractMapping {
         */
        public function getDNByName($name) {
                $dn = array_search($name, $this->cache);
-               if ($dn === false && ($dn = $this->getXbyY('ldap_dn', 'owncloud_name', $name)) !== false) {
+               if ($dn === false && ($dn = $this->getXbyY('ldap_full_dn', 'owncloud_name', $name)) !== false) {
                        $this->cache[$dn] = $name;
                }
                return $dn;
@@ -151,11 +152,11 @@ abstract class AbstractMapping {
                $oldDn = $this->getDnByUUID($uuid);
                $statement = $this->dbc->prepare('
                        UPDATE `' . $this->getTableName() . '`
-                       SET `ldap_dn` = ?
+                       SET `ldap_dn` = ?, `ldap_full_dn` = ?
                        WHERE `directory_uuid` = ?
                ');
 
-               $r = $this->modify($statement, [$fdn, $uuid]);
+               $r = $this->modify($statement, [$this->getDNHash($fdn), $fdn, $uuid]);
 
                if ($r && is_string($oldDn) && isset($this->cache[$oldDn])) {
                        $this->cache[$fdn] = $this->cache[$oldDn];
@@ -183,7 +184,14 @@ abstract class AbstractMapping {
 
                unset($this->cache[$fdn]);
 
-               return $this->modify($statement, [$uuid, $fdn]);
+               return $this->modify($statement, [$uuid, $this->getDNHash($fdn)]);
+       }
+
+       /**
+        * Get the hash to store in database column ldap_dn for a given dn
+        */
+       protected function getDNHash(string $fdn): string {
+               return (string)hash('sha256', $fdn, false);
        }
 
        /**
@@ -194,28 +202,35 @@ abstract class AbstractMapping {
         */
        public function getNameByDN($fdn) {
                if (!isset($this->cache[$fdn])) {
-                       $this->cache[$fdn] = $this->getXbyY('owncloud_name', 'ldap_dn', $fdn);
+                       $this->cache[$fdn] = $this->getXbyY('owncloud_name', 'ldap_dn', $this->getDNHash($fdn));
                }
                return $this->cache[$fdn];
        }
 
-       protected function prepareListOfIdsQuery(array $dnList): IQueryBuilder {
+       /**
+        * @param array<string> $hashList
+        */
+       protected function prepareListOfIdsQuery(array $hashList): IQueryBuilder {
                $qb = $this->dbc->getQueryBuilder();
-               $qb->select('owncloud_name', 'ldap_dn')
+               $qb->select('owncloud_name', 'ldap_dn', 'ldap_full_dn')
                        ->from($this->getTableName(false))
-                       ->where($qb->expr()->in('ldap_dn', $qb->createNamedParameter($dnList, QueryBuilder::PARAM_STR_ARRAY)));
+                       ->where($qb->expr()->in('ldap_dn', $qb->createNamedParameter($hashList, QueryBuilder::PARAM_STR_ARRAY)));
                return $qb;
        }
 
        protected function collectResultsFromListOfIdsQuery(IQueryBuilder $qb, array &$results): void {
                $stmt = $qb->execute();
                while ($entry = $stmt->fetch(\Doctrine\DBAL\FetchMode::ASSOCIATIVE)) {
-                       $results[$entry['ldap_dn']] = $entry['owncloud_name'];
-                       $this->cache[$entry['ldap_dn']] = $entry['owncloud_name'];
+                       $results[$entry['ldap_full_dn']] = $entry['owncloud_name'];
+                       $this->cache[$entry['ldap_full_dn']] = $entry['owncloud_name'];
                }
                $stmt->closeCursor();
        }
 
+       /**
+        * @param array<string> $fdns
+        * @return array<string,string>
+        */
        public function getListOfIdsByDn(array $fdns): array {
                $totalDBParamLimit = 65000;
                $sliceSize = 1000;
@@ -223,6 +238,7 @@ abstract class AbstractMapping {
                $results = [];
 
                $slice = 1;
+               $fdns = array_map([$this, 'getDNHash'], $fdns);
                $fdnsSlice = count($fdns) > $sliceSize ? array_slice($fdns, 0, $sliceSize) : $fdns;
                $qb = $this->prepareListOfIdsQuery($fdnsSlice);
 
@@ -294,7 +310,7 @@ abstract class AbstractMapping {
        }
 
        public function getDnByUUID($uuid) {
-               return $this->getXbyY('ldap_dn', 'directory_uuid', $uuid);
+               return $this->getXbyY('ldap_full_dn', 'directory_uuid', $uuid);
        }
 
        /**
@@ -305,7 +321,7 @@ abstract class AbstractMapping {
         * @throws \Exception
         */
        public function getUUIDByDN($dn) {
-               return $this->getXbyY('directory_uuid', 'ldap_dn', $dn);
+               return $this->getXbyY('directory_uuid', 'ldap_dn', $this->getDNHash($dn));
        }
 
        /**
@@ -318,7 +334,7 @@ abstract class AbstractMapping {
        public function getList($offset = null, $limit = null) {
                $query = $this->dbc->prepare('
                        SELECT
-                               `ldap_dn` AS `dn`,
+                               `ldap_full_dn` AS `dn`,
                                `owncloud_name` AS `name`,
                                `directory_uuid` AS `uuid`
                        FROM `' . $this->getTableName() . '`',
@@ -339,19 +355,9 @@ abstract class AbstractMapping {
         * @return bool
         */
        public function map($fdn, $name, $uuid) {
-               if (mb_strlen($fdn) > 255) {
-                       \OC::$server->getLogger()->error(
-                               'Cannot map, because the DN exceeds 255 characters: {dn}',
-                               [
-                                       'app' => 'user_ldap',
-                                       'dn' => $fdn,
-                               ]
-                       );
-                       return false;
-               }
-
                $row = [
-                       'ldap_dn' => $fdn,
+                       'ldap_dn' => $this->getDNHash($fdn),
+                       'ldap_full_dn' => $fdn,
                        'owncloud_name' => $name,
                        'directory_uuid' => $uuid
                ];
index e2c78ed59f89e64131b69cf62ee2876a344edf98..9f0faf752a3320a079fcdeb5dc0f0b32b3b52654 100644 (file)
@@ -47,7 +47,12 @@ class Version1010Date20200630192842 extends SimpleMigrationStep {
                        $table = $schema->createTable('ldap_user_mapping');
                        $table->addColumn('ldap_dn', Types::STRING, [
                                'notnull' => true,
-                               'length' => 255,
+                               'length' => 64,
+                               'default' => '',
+                       ]);
+                       $table->addColumn('ldap_full_dn', Types::STRING, [
+                               'notnull' => true,
+                               'length' => 4096,
                                'default' => '',
                        ]);
                        $table->addColumn('owncloud_name', Types::STRING, [
@@ -68,7 +73,12 @@ class Version1010Date20200630192842 extends SimpleMigrationStep {
                        $table = $schema->createTable('ldap_group_mapping');
                        $table->addColumn('ldap_dn', Types::STRING, [
                                'notnull' => true,
-                               'length' => 255,
+                               'length' => 64,
+                               'default' => '',
+                       ]);
+                       $table->addColumn('ldap_full_dn', Types::STRING, [
+                               'notnull' => true,
+                               'length' => 4096,
                                'default' => '',
                        ]);
                        $table->addColumn('owncloud_name', Types::STRING, [