summaryrefslogtreecommitdiffstats
path: root/apps/user_ldap
diff options
context:
space:
mode:
authorArthur Schiwon <blizzz@owncloud.com>2014-10-10 21:29:11 +0200
committerArthur Schiwon <blizzz@owncloud.com>2014-10-17 20:16:04 +0200
commit4e8c7570d40fd8862b3b45b08d21bc1967779f01 (patch)
tree2ae09cc21bb68f883913b646c73c2502bf464413 /apps/user_ldap
parenta7a532f58a8476cb83e8d11f527e1f19d82ef135 (diff)
downloadnextcloud-server-4e8c7570d40fd8862b3b45b08d21bc1967779f01.tar.gz
nextcloud-server-4e8c7570d40fd8862b3b45b08d21bc1967779f01.zip
make performance less bad. Still far from good, but at least it works
Diffstat (limited to 'apps/user_ldap')
-rw-r--r--apps/user_ldap/group_ldap.php36
-rw-r--r--apps/user_ldap/lib/access.php2
2 files changed, 30 insertions, 8 deletions
diff --git a/apps/user_ldap/group_ldap.php b/apps/user_ldap/group_ldap.php
index 8a6084b6c8f..e8d268d3df2 100644
--- a/apps/user_ldap/group_ldap.php
+++ b/apps/user_ldap/group_ldap.php
@@ -34,6 +34,11 @@ class GROUP_LDAP extends BackendUtility implements \OCP\GroupInterface {
*/
protected $cachedGroupMembers = array();
+ /**
+ * @var string[] $cachedGroupsByMember array of groups with uid as key
+ */
+ protected $cachedGroupsByMember = array();
+
public function __construct(Access $access) {
parent::__construct($access);
$filter = $this->access->connection->ldapGroupFilter;
@@ -98,16 +103,28 @@ class GROUP_LDAP extends BackendUtility implements \OCP\GroupInterface {
}
//extra work if we don't get back user DNs
- //TODO: this can be done with one LDAP query
if(strtolower($this->access->connection->ldapGroupMemberAssocAttr) === 'memberuid') {
$dns = array();
+ $filterParts = array();
+ $bytes = 0;
foreach($members as $mid) {
$filter = str_replace('%uid', $mid, $this->access->connection->ldapLoginFilter);
- $ldap_users = $this->access->fetchListOfUsers($filter, 'dn');
- if(count($ldap_users) < 1) {
- continue;
+ $filterParts[] = $filter;
+ $bytes += strlen($filter);
+ if($bytes >= 9000000) {
+ // AD has a default input buffer of 10 MB, we do not want
+ // to take even the chance to exceed it
+ $filter = $this->access->combineFilterWithOr($filterParts);
+ $bytes = 0;
+ $filterParts = array();
+ $users = $this->access->fetchListOfUsers($filter, 'dn', count($filterParts));
+ $dns = array_merge($dns, $users);
}
- $dns[] = $ldap_users[0];
+ }
+ if(count($filterParts) > 0) {
+ $filter = $this->access->combineFilterWithOr($filterParts);
+ $users = $this->access->fetchListOfUsers($filter, 'dn', count($filterParts));
+ $dns = array_merge($dns, $users);
}
$members = $dns;
}
@@ -316,8 +333,13 @@ class GROUP_LDAP extends BackendUtility implements \OCP\GroupInterface {
$uid = $userDN;
}
- $groups = array_values($this->getGroupsByMember($uid));
- $groups = $this->access->ownCloudGroupNames($groups);
+ if(isset($this->cachedGroupsByMember[$uid])) {
+ $groups = $this->cachedGroupsByMember[$uid];
+ } else {
+ $groups = array_values($this->getGroupsByMember($uid));
+ $groups = $this->access->ownCloudGroupNames($groups);
+ $this->cachedGroupsByMember[$uid] = $groups;
+ }
$primaryGroup = $this->getUserPrimaryGroup($userDN);
if($primaryGroup !== false) {
diff --git a/apps/user_ldap/lib/access.php b/apps/user_ldap/lib/access.php
index 159b0d73000..44162e32d47 100644
--- a/apps/user_ldap/lib/access.php
+++ b/apps/user_ldap/lib/access.php
@@ -1359,7 +1359,7 @@ class Access extends LDAPUtility implements user\IUserTools {
* @param string[] $bases array containing the allowed base DN or DNs
* @return bool
*/
- private function isDNPartOfBase($dn, $bases) {
+ public function isDNPartOfBase($dn, $bases) {
$belongsToBase = false;
$bases = $this->sanitizeDN($bases);