diff options
| author | Côme Chilliet <come.chilliet@nextcloud.com> | 2021-11-02 16:22:37 +0100 |
|---|---|---|
| committer | Côme Chilliet <come.chilliet@nextcloud.com> | 2021-11-23 09:19:49 +0100 |
| commit | 662e3240b098b8cb1e5b618ed4e16c1aa52e11a4 (patch) | |
| tree | c6a8342d28afd0197674db49d9f44779d185af8f /apps/user_ldap/lib/Mapping/AbstractMapping.php | |
| parent | 129de6079e53e0ac9dbf9d7c25ec1670ae0ff572 (diff) | |
| download | nextcloud-server-662e3240b098b8cb1e5b618ed4e16c1aa52e11a4.tar.gz nextcloud-server-662e3240b098b8cb1e5b618ed4e16c1aa52e11a4.zip | |
Support LDAP dns longer than 255 characters
Adds an ldap_full_dn column to store the dn, and only store a sha256
hash in the ldap_dn which is shorter and can be indexed without
trouble.
Migration still needs to be implemented.
Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
Diffstat (limited to 'apps/user_ldap/lib/Mapping/AbstractMapping.php')
| -rw-r--r-- | apps/user_ldap/lib/Mapping/AbstractMapping.php | 56 |
1 files changed, 31 insertions, 25 deletions
diff --git a/apps/user_ldap/lib/Mapping/AbstractMapping.php b/apps/user_ldap/lib/Mapping/AbstractMapping.php index ae881f9dc17..6113d7a12d5 100644 --- a/apps/user_ldap/lib/Mapping/AbstractMapping.php +++ b/apps/user_ldap/lib/Mapping/AbstractMapping.php @@ -67,6 +67,7 @@ abstract class AbstractMapping { */ public function isColNameValid($col) { switch ($col) { + case 'ldap_full_dn': case 'ldap_dn': case 'owncloud_name': case 'directory_uuid': @@ -134,7 +135,7 @@ abstract class AbstractMapping { */ public function getDNByName($name) { $dn = array_search($name, $this->cache); - if ($dn === false && ($dn = $this->getXbyY('ldap_dn', 'owncloud_name', $name)) !== false) { + if ($dn === false && ($dn = $this->getXbyY('ldap_full_dn', 'owncloud_name', $name)) !== false) { $this->cache[$dn] = $name; } return $dn; @@ -151,11 +152,11 @@ abstract class AbstractMapping { $oldDn = $this->getDnByUUID($uuid); $statement = $this->dbc->prepare(' UPDATE `' . $this->getTableName() . '` - SET `ldap_dn` = ? + SET `ldap_dn` = ?, `ldap_full_dn` = ? WHERE `directory_uuid` = ? '); - $r = $this->modify($statement, [$fdn, $uuid]); + $r = $this->modify($statement, [$this->getDNHash($fdn), $fdn, $uuid]); if ($r && is_string($oldDn) && isset($this->cache[$oldDn])) { $this->cache[$fdn] = $this->cache[$oldDn]; @@ -183,7 +184,14 @@ abstract class AbstractMapping { unset($this->cache[$fdn]); - return $this->modify($statement, [$uuid, $fdn]); + return $this->modify($statement, [$uuid, $this->getDNHash($fdn)]); + } + + /** + * Get the hash to store in database column ldap_dn for a given dn + */ + protected function getDNHash(string $fdn): string { + return (string)hash('sha256', $fdn, false); } /** @@ -194,28 +202,35 @@ abstract class AbstractMapping { */ public function getNameByDN($fdn) { if (!isset($this->cache[$fdn])) { - $this->cache[$fdn] = $this->getXbyY('owncloud_name', 'ldap_dn', $fdn); + $this->cache[$fdn] = $this->getXbyY('owncloud_name', 'ldap_dn', $this->getDNHash($fdn)); } return $this->cache[$fdn]; } - protected function prepareListOfIdsQuery(array $dnList): IQueryBuilder { + /** + * @param array<string> $hashList + */ + protected function prepareListOfIdsQuery(array $hashList): IQueryBuilder { $qb = $this->dbc->getQueryBuilder(); - $qb->select('owncloud_name', 'ldap_dn') + $qb->select('owncloud_name', 'ldap_dn', 'ldap_full_dn') ->from($this->getTableName(false)) - ->where($qb->expr()->in('ldap_dn', $qb->createNamedParameter($dnList, QueryBuilder::PARAM_STR_ARRAY))); + ->where($qb->expr()->in('ldap_dn', $qb->createNamedParameter($hashList, QueryBuilder::PARAM_STR_ARRAY))); return $qb; } protected function collectResultsFromListOfIdsQuery(IQueryBuilder $qb, array &$results): void { $stmt = $qb->execute(); while ($entry = $stmt->fetch(\Doctrine\DBAL\FetchMode::ASSOCIATIVE)) { - $results[$entry['ldap_dn']] = $entry['owncloud_name']; - $this->cache[$entry['ldap_dn']] = $entry['owncloud_name']; + $results[$entry['ldap_full_dn']] = $entry['owncloud_name']; + $this->cache[$entry['ldap_full_dn']] = $entry['owncloud_name']; } $stmt->closeCursor(); } + /** + * @param array<string> $fdns + * @return array<string,string> + */ public function getListOfIdsByDn(array $fdns): array { $totalDBParamLimit = 65000; $sliceSize = 1000; @@ -223,6 +238,7 @@ abstract class AbstractMapping { $results = []; $slice = 1; + $fdns = array_map([$this, 'getDNHash'], $fdns); $fdnsSlice = count($fdns) > $sliceSize ? array_slice($fdns, 0, $sliceSize) : $fdns; $qb = $this->prepareListOfIdsQuery($fdnsSlice); @@ -294,7 +310,7 @@ abstract class AbstractMapping { } public function getDnByUUID($uuid) { - return $this->getXbyY('ldap_dn', 'directory_uuid', $uuid); + return $this->getXbyY('ldap_full_dn', 'directory_uuid', $uuid); } /** @@ -305,7 +321,7 @@ abstract class AbstractMapping { * @throws \Exception */ public function getUUIDByDN($dn) { - return $this->getXbyY('directory_uuid', 'ldap_dn', $dn); + return $this->getXbyY('directory_uuid', 'ldap_dn', $this->getDNHash($dn)); } /** @@ -318,7 +334,7 @@ abstract class AbstractMapping { public function getList($offset = null, $limit = null) { $query = $this->dbc->prepare(' SELECT - `ldap_dn` AS `dn`, + `ldap_full_dn` AS `dn`, `owncloud_name` AS `name`, `directory_uuid` AS `uuid` FROM `' . $this->getTableName() . '`', @@ -339,19 +355,9 @@ abstract class AbstractMapping { * @return bool */ public function map($fdn, $name, $uuid) { - if (mb_strlen($fdn) > 255) { - \OC::$server->getLogger()->error( - 'Cannot map, because the DN exceeds 255 characters: {dn}', - [ - 'app' => 'user_ldap', - 'dn' => $fdn, - ] - ); - return false; - } - $row = [ - 'ldap_dn' => $fdn, + 'ldap_dn' => $this->getDNHash($fdn), + 'ldap_full_dn' => $fdn, 'owncloud_name' => $name, 'directory_uuid' => $uuid ]; |