summaryrefslogtreecommitdiffstats
path: root/apps/user_ldap
diff options
context:
space:
mode:
authorArthur Schiwon <blizzz@owncloud.com>2012-07-26 16:11:23 +0200
committerArthur Schiwon <blizzz@owncloud.com>2012-07-26 16:11:32 +0200
commit6c92a85d49822dba180fe949d211db60c5b40d51 (patch)
tree1a1eed9ddaf006b91122cb7b61ceebe9ba83182e /apps/user_ldap
parente0121ea75e85db681b4c7e50aa73b0b519c4d989 (diff)
downloadnextcloud-server-6c92a85d49822dba180fe949d211db60c5b40d51.tar.gz
nextcloud-server-6c92a85d49822dba180fe949d211db60c5b40d51.zip
LDAP: use OC_Cache to cache results from LDAP. Default is set to 10 min. Should improve performance especially when LDAP users use the sync client, because userExists checks with the LDAP server are reduced.
Diffstat (limited to 'apps/user_ldap')
-rw-r--r--apps/user_ldap/group_ldap.php53
-rw-r--r--apps/user_ldap/lib/connection.php59
-rw-r--r--apps/user_ldap/settings.php12
-rw-r--r--apps/user_ldap/templates/settings.php1
-rw-r--r--apps/user_ldap/user_ldap.php18
5 files changed, 109 insertions, 34 deletions
diff --git a/apps/user_ldap/group_ldap.php b/apps/user_ldap/group_ldap.php
index b9f4bdf1990..aff25593ef7 100644
--- a/apps/user_ldap/group_ldap.php
+++ b/apps/user_ldap/group_ldap.php
@@ -26,11 +26,6 @@ namespace OCA\user_ldap;
class GROUP_LDAP extends lib\Access implements \OCP\GroupInterface {
protected $enabled = false;
- protected $_group_user = array();
- protected $_user_groups = array();
- protected $_group_users = array();
- protected $_groups = array();
-
public function setConnector(lib\Connection &$connection) {
parent::setConnector($connection);
if(empty($this->connection->ldapGroupFilter) || empty($this->connection->ldapGroupMemberAssocAttr)) {
@@ -51,18 +46,20 @@ class GROUP_LDAP extends lib\Access implements \OCP\GroupInterface {
if(!$this->enabled) {
return false;
}
- if(isset($this->_group_user[$gid][$uid])) {
- return $this->_group_user[$gid][$uid];
+ if($this->connection->isCached('inGroup'.$uid.':'.$gid)) {
+ return $this->connection->getFromCache('inGroup'.$uid.':'.$gid);
}
$dn_user = $this->username2dn($uid);
$dn_group = $this->groupname2dn($gid);
// just in case
if(!$dn_group || !$dn_user) {
+ $this->connection->writeToCache('inGroup'.$uid.':'.$gid, false);
return false;
}
//usually, LDAP attributes are said to be case insensitive. But there are exceptions of course.
$members = $this->readAttribute($dn_group, $this->connection->ldapGroupMemberAssocAttr);
if(!$members) {
+ $this->connection->writeToCache('inGroup'.$uid.':'.$gid, false);
return false;
}
@@ -81,8 +78,10 @@ class GROUP_LDAP extends lib\Access implements \OCP\GroupInterface {
$members = $dns;
}
- $this->_group_user[$gid][$uid] = in_array($dn_user, $members);
- return $this->_group_user[$gid][$uid];
+ $isInGroup = in_array($dn_user, $members);
+ $this->connection->writeToCache('inGroup'.$uid.':'.$gid, $isInGroup);
+
+ return $isInGroup;
}
/**
@@ -97,12 +96,12 @@ class GROUP_LDAP extends lib\Access implements \OCP\GroupInterface {
if(!$this->enabled) {
return array();
}
- if(isset($this->_user_groups[$uid])) {
- return $this->_user_groups[$uid];
+ if($this->connection->isCached('getUserGroups'.$uid)) {
+ return $this->connection->getFromCache('getUserGroups'.$uid);
}
$userDN = $this->username2dn($uid);
if(!$userDN) {
- $this->_user_groups[$uid] = array();
+ $this->connection->writeToCache('getUserGroups'.$uid, array());
return array();
}
@@ -124,9 +123,10 @@ class GROUP_LDAP extends lib\Access implements \OCP\GroupInterface {
$this->connection->ldapGroupMemberAssocAttr.'='.$uid
));
$groups = $this->fetchListOfGroups($filter, array($this->connection->ldapGroupDisplayName,'dn'));
- $this->_user_groups[$uid] = array_unique($this->ownCloudGroupNames($groups), SORT_LOCALE_STRING);
+ $groups = array_unique($this->ownCloudGroupNames($groups), SORT_LOCALE_STRING);
+ $this->connection->writeToCache('getUserGroups'.$uid, $groups);
- return $this->_user_groups[$uid];
+ return $groups;
}
/**
@@ -137,19 +137,19 @@ class GROUP_LDAP extends lib\Access implements \OCP\GroupInterface {
if(!$this->enabled) {
return array();
}
- if(isset($this->_group_users[$gid])) {
- return $this->_group_users[$gid];
+ if($this->connection->isCached('usersInGroup'.$gid)) {
+ return $this->connection->getFromCache('usersInGroup'.$gid);
}
$groupDN = $this->groupname2dn($gid);
if(!$groupDN) {
- $this->_group_users[$gid] = array();
+ $this->connection->writeToCache('usersInGroup'.$gid, array());
return array();
}
$members = $this->readAttribute($groupDN, $this->connection->ldapGroupMemberAssocAttr);
if(!$members) {
- $this->_group_users[$gid] = array();
+ $this->connection->writeToCache('usersInGroup'.$gid, array());
return array();
}
@@ -173,8 +173,10 @@ class GROUP_LDAP extends lib\Access implements \OCP\GroupInterface {
if(!$isMemberUid) {
$result = array_intersect($result, \OCP\User::getUsers());
}
- $this->_group_users[$gid] = array_unique($result, SORT_LOCALE_STRING);
- return $this->_group_users[$gid];
+ $groupUsers = array_unique($result, SORT_LOCALE_STRING);
+ $this->connection->writeToCache('usersInGroup'.$gid, $groupUsers);
+
+ return $groupUsers;
}
/**
@@ -187,11 +189,14 @@ class GROUP_LDAP extends lib\Access implements \OCP\GroupInterface {
if(!$this->enabled) {
return array();
}
- if(empty($this->_groups)) {
- $ldap_groups = $this->fetchListOfGroups($this->connection->ldapGroupFilter, array($this->connection->ldapGroupDisplayName, 'dn'));
- $this->_groups = $this->ownCloudGroupNames($ldap_groups);
+ if($this->connection->isCached('getGroups')) {
+ return $this->connection->getFromCache('getGroups');
}
- return $this->_groups;
+ $ldap_groups = $this->fetchListOfGroups($this->connection->ldapGroupFilter, array($this->connection->ldapGroupDisplayName, 'dn'));
+ $ldap_groups = $this->ownCloudGroupNames($ldap_groups);
+ $this->connection->writeToCache('getGroups', $ldap_groups);
+
+ return $ldap_groups;
}
/**
diff --git a/apps/user_ldap/lib/connection.php b/apps/user_ldap/lib/connection.php
index 96ffea4b64b..cd9c83ff333 100644
--- a/apps/user_ldap/lib/connection.php
+++ b/apps/user_ldap/lib/connection.php
@@ -28,7 +28,10 @@ class Connection {
private $configID;
private $configured = false;
- //cached settings
+ //cache handler
+ protected $cache;
+
+ //settings
protected $config = array(
'ldapHost' => null,
'ldapPort' => null,
@@ -48,10 +51,12 @@ class Connection {
'ldapQuotaAttribute' => null,
'ldapQuotaDefault' => null,
'ldapEmailAttribute' => null,
+ 'ldapCacheTTL' => null,
);
public function __construct($configID = 'user_ldap') {
$this->configID = $configID;
+ $this->cache = \OC_Cache::getGlobalCache();
}
public function __destruct() {
@@ -92,6 +97,57 @@ class Connection {
return $this->ldapConnectionRes;
}
+ private function getCacheKey($key) {
+ $prefix = 'LDAP-'.$this->configID.'-';
+ if(is_null($key)) {
+ return $prefix;
+ }
+ return $prefix.md5($key);
+ }
+
+ public function getFromCache($key) {
+ if(!$this->configured) {
+ $this->readConfiguration();
+ }
+ if(!$this->config['ldapCacheTTL']) {
+ return null;
+ }
+ if(!$this->isCached($key)) {
+ return null;
+
+ }
+ $key = $this->getCacheKey($key);
+
+ return unserialize(base64_decode($this->cache->get($key)));
+ }
+
+ public function isCached($key) {
+ if(!$this->configured) {
+ $this->readConfiguration();
+ }
+ if(!$this->config['ldapCacheTTL']) {
+ return false;
+ }
+ $key = $this->getCacheKey($key);
+ return $this->cache->hasKey($key);
+ }
+
+ public function writeToCache($key, $value) {
+ if(!$this->configured) {
+ $this->readConfiguration();
+ }
+ if(!$this->config['ldapCacheTTL']) {
+ return null;
+ }
+ $key = $this->getCacheKey($key);
+ $value = base64_encode(serialize($value));
+ $this->cache->set($key, $value, $this->config['ldapCacheTTL']);
+ }
+
+ public function clearCache() {
+ $this->cache->clear($this->getCacheKey(null));
+ }
+
/**
* Caches the general LDAP configuration.
*/
@@ -118,6 +174,7 @@ class Connection {
$this->config['ldapEmailAttribute'] = \OCP\Config::getAppValue($this->configID, 'ldap_email_attr', '');
$this->config['ldapGroupMemberAssocAttr'] = \OCP\Config::getAppValue($this->configID, 'ldap_group_member_assoc_attribute', 'uniqueMember');
$this->config['ldapIgnoreNamingRules'] = \OCP\Config::getSystemValue('ldapIgnoreNamingRules', false);
+ $this->config['ldapCacheTTL'] = \OCP\Config::getAppValue($this->configID, 'ldap_cache_ttl', 10*60);
$this->configured = $this->validateConfiguration();
}
diff --git a/apps/user_ldap/settings.php b/apps/user_ldap/settings.php
index 42084855e85..135c735e703 100644
--- a/apps/user_ldap/settings.php
+++ b/apps/user_ldap/settings.php
@@ -20,7 +20,7 @@
* License along with this library. If not, see <http://www.gnu.org/licenses/>.
*
*/
-$params = array('ldap_host', 'ldap_port', 'ldap_dn', 'ldap_agent_password', 'ldap_base', 'ldap_base_users', 'ldap_base_groups', 'ldap_userlist_filter', 'ldap_login_filter', 'ldap_group_filter', 'ldap_display_name', 'ldap_group_display_name', 'ldap_tls', 'ldap_nocase', 'ldap_quota_def', 'ldap_quota_attr', 'ldap_email_attr', 'ldap_group_member_assoc_attribute');
+$params = array('ldap_host', 'ldap_port', 'ldap_dn', 'ldap_agent_password', 'ldap_base', 'ldap_base_users', 'ldap_base_groups', 'ldap_userlist_filter', 'ldap_login_filter', 'ldap_group_filter', 'ldap_display_name', 'ldap_group_display_name', 'ldap_tls', 'ldap_nocase', 'ldap_quota_def', 'ldap_quota_attr', 'ldap_email_attr', 'ldap_group_member_assoc_attribute', 'ldap_cache_ttl');
OCP\Util::addscript('user_ldap', 'settings');
@@ -29,18 +29,23 @@ if ($_POST) {
if(isset($_POST[$param])){
if('ldap_agent_password' == $param) {
OCP\Config::setAppValue('user_ldap', $param, base64_encode($_POST[$param]));
+ } elseif('ldap_cache_ttl' == $param) {
+ if(OCP\Config::getAppValue('user_ldap', $param,'') != $_POST[$param]) {
+ $ldap = new \OCA\user_ldap\lib\Connection('user_ldap');
+ $ldap->clearCache();
+ OCP\Config::setAppValue('user_ldap', $param, $_POST[$param]);
+ }
} else {
OCP\Config::setAppValue('user_ldap', $param, $_POST[$param]);
}
}
elseif('ldap_tls' == $param) {
// unchecked checkboxes are not included in the post paramters
- OCP\Config::setAppValue('user_ldap', $param, 0);
+ OCP\Config::setAppValue('user_ldap', $param, 0);
}
elseif('ldap_nocase' == $param) {
OCP\Config::setAppValue('user_ldap', $param, 0);
}
-
}
}
@@ -57,5 +62,6 @@ $tmpl->assign( 'ldap_display_name', OCP\Config::getAppValue('user_ldap', 'ldap_d
$tmpl->assign( 'ldap_group_display_name', OCP\Config::getAppValue('user_ldap', 'ldap_group_display_name', 'cn'));
$tmpl->assign( 'ldap_group_member_assoc_attribute', OCP\Config::getAppValue('user_ldap', 'ldap_group_member_assoc_attribute', 'uniqueMember'));
$tmpl->assign( 'ldap_agent_password', base64_decode(OCP\Config::getAppValue('user_ldap', 'ldap_agent_password')));
+$tmpl->assign( 'ldap_cache_ttl', OCP\Config::getAppValue('user_ldap', 'ldap_cache_ttl', '600'));
return $tmpl->fetchPage();
diff --git a/apps/user_ldap/templates/settings.php b/apps/user_ldap/templates/settings.php
index 31f453b5a5a..cc61598a263 100644
--- a/apps/user_ldap/templates/settings.php
+++ b/apps/user_ldap/templates/settings.php
@@ -26,6 +26,7 @@
<p><label for="ldap_quota_attr">Quota Attribute</label><input type="text" id="ldap_quota_attr" name="ldap_quota_attr" value="<?php echo $_['ldap_quota_attr']; ?>" />
<label for="ldap_quota_def">Quota Default</label><input type="text" id="ldap_quota_def" name="ldap_quota_def" value="<?php if (isset($_['ldap_quota_def'])) echo $_['ldap_quota_def']; ?>" />bytes</p>
<p><label for="ldap_email_attr">Email Attribute</label><input type="text" id="ldap_email_attr" name="ldap_email_attr" value="<?php echo $_['ldap_email_attr']; ?>" /></p>
+ <p><label for="ldap_cache_ttl">Cache Time-To-Live</label><input type="text" id="ldap_cache_ttl" name="ldap_cache_ttl" value="<?php echo $_['ldap_cache_ttl']; ?>" /><small><?php echo $l->t('in seconds');?></small></p>
</fieldset>
<input type="submit" value="Save" /> <a href="http://owncloud.org/support/ldap-backend/" target="_blank"><img src="<?php echo OCP\Util::imagePath('','actions/info.png'); ?>" style="height:1.75ex" /> <?php echo $l->t('Help');?></a>
</div>
diff --git a/apps/user_ldap/user_ldap.php b/apps/user_ldap/user_ldap.php
index 61f84047f1e..57b2ef489ba 100644
--- a/apps/user_ldap/user_ldap.php
+++ b/apps/user_ldap/user_ldap.php
@@ -27,9 +27,6 @@ namespace OCA\user_ldap;
class USER_LDAP extends lib\Access implements \OCP\UserInterface {
- // cache getUsers()
- protected $_users = null;
-
private function updateQuota($dn) {
$quota = null;
if(!empty($this->connection->ldapQuotaDefault)) {
@@ -97,11 +94,13 @@ class USER_LDAP extends lib\Access implements \OCP\UserInterface {
* Get a list of all users.
*/
public function getUsers(){
- if(is_null($this->_users)) {
+ $ldap_users = $this->connection->getFromCache('getUsers');
+ if(is_null($ldap_users)) {
$ldap_users = $this->fetchListOfUsers($this->connection->ldapUserFilter, array($this->connection->ldapUserDisplayName, 'dn'));
- $this->_users = $this->ownCloudUserNames($ldap_users);
+ $ldap_users = $this->ownCloudUserNames($ldap_users);
+ $this->connection->writeToCache('getUsers', $ldap_users);
}
- return $this->_users;
+ return $ldap_users;
}
/**
@@ -110,18 +109,25 @@ class USER_LDAP extends lib\Access implements \OCP\UserInterface {
* @return boolean
*/
public function userExists($uid){
+ if($this->connection->isCached('userExists'.$uid)) {
+ return $this->connection->getFromCache('userExists'.$uid);
+ }
+
//getting dn, if false the user does not exist. If dn, he may be mapped only, requires more checking.
$dn = $this->username2dn($uid);
if(!$dn) {
+ $this->connection->writeToCache('userExists'.$uid, false);
return false;
}
//if user really still exists, we will be able to read his cn
$cn = $this->readAttribute($dn, 'cn');
if(!$cn || empty($cn)) {
+ $this->connection->writeToCache('userExists'.$uid, false);
return false;
}
+ $this->connection->writeToCache('userExists'.$uid, true);
return true;
}