LDAP: optimize LDAP requests for users and groups. Settings are still to do, though.

2012-04-23 13:04:58 +07:00 · 2012-04-23 13:04:58 +07:00 · 912c87eeda
parent 6ee7dc5f59
commit 912c87eeda
2 changed files with 46 additions and 18 deletions
--- a/apps/user_ldap/group_ldap.php
+++ b/apps/user_ldap/group_ldap.php
@ -47,14 +47,12 @@ class OC_GROUP_LDAP extends OC_Group_Backend {
 			LDAP_GROUP_MEMBER_ASSOC_ATTR.'='.$uid,
 			$this->ldapGroupDisplayName.'='.$gid
 		));
-		$groups = OC_LDAP::search($filter, $this->ldapGroupDisplayName);
+		$groups = $this->retrieveList($filter, $this->ldapGroupDisplayName);

-		if(count($groups) == 1) {
+		if(count($groups) > 0) {
 			return true;
-		} else if(count($groups) < 1) {
-			return false;
 		} else {
-			throw new Exception('Too many groups of the same name!? – this exception should never been thrown :)');
+			return false;
 		}
 	}

@ -85,7 +83,7 @@ class OC_GROUP_LDAP extends OC_Group_Backend {
 			$this->ldapGroupDisplayName.'='.$gid
 		));

-		return $this->retrieveList($filter, $this->ldapGroupMemberAttr);
+		return $this->retrieveList($filter, $this->ldapGroupMemberAttr, false);
 	}

 	/**
@ -95,13 +93,7 @@ class OC_GROUP_LDAP extends OC_Group_Backend {
 	 * Returns a list with all groups
 	 */
 	public function getGroups() {
-		$groups = OC_LDAP::search($this->ldapGroupFilter, $this->ldapGroupDisplayName);
-
-		if(count($groups) == 0 )
-			return array();
-		else {
-			return array_unique($groups, SORT_LOCALE_STRING);
-		}
+		return $this->retrieveList($this->ldapGroupFilter, $this->ldapGroupDisplayName);
 	}

 	/**
@ -113,8 +105,13 @@ class OC_GROUP_LDAP extends OC_Group_Backend {
 		return in_array($gid, $this->getGroups());
 	}

-	private function retrieveList($filter, $attr) {
-		$list = OC_LDAP::search($filter, $attr);
+	private function retrieveList($filter, $attr, $searchForGroups = true) {
+		if($searchForGroups) {
+			$list = OC_LDAP::searchGroups($filter, $attr);
+		} else {
+			$list = OC_LDAP::searchUsers($filter, $attr);
+		}
+

 		if(is_array($list)) {
 			return array_unique($list, SORT_LOCALE_STRING);
--- a/apps/user_ldap/lib_ldap.php
+++ b/apps/user_ldap/lib_ldap.php
@ -38,6 +38,8 @@ class OC_LDAP {
 	static protected $ldapHost;
 	static protected $ldapPort;
 	static protected $ldapBase;
+	static protected $ldapBaseUsers;
+	static protected $ldapBaseGroups;
 	static protected $ldapAgentName;
 	static protected $ldapAgentPassword;
 	static protected $ldapTLS;
@ -64,16 +66,41 @@ class OC_LDAP {
 		}
 	}

+	/**
+	 * @brief executes an LDAP search, optimized for Users
+	 * @param $filter the LDAP filter for the search
+	 * @param $attr optional, when a certain attribute shall be filtered out
+	 * @returns array with the search result
+	 *
+	 * Executes an LDAP search
+	 */
+	static public function searchUsers($filter, $attr = null) {
+		return self::search($filter, self::$ldapBaseUsers, $attr);
+	}
+
+	/**
+	 * @brief executes an LDAP search, optimized for Groups
+	 * @param $filter the LDAP filter for the search
+	 * @param $attr optional, when a certain attribute shall be filtered out
+	 * @returns array with the search result
+	 *
+	 * Executes an LDAP search
+	 */
+	static public function searchGroups($filter, $attr = null) {
+		return self::search($filter, self::$ldapBaseGroups, $attr);
+	}
+
 	/**
 	 * @brief executes an LDAP search
 	 * @param $filter the LDAP filter for the search
+	 * @param $base the LDAP subtree that shall be searched
 	 * @param $attr optional, when a certain attribute shall be filtered out
 	 * @returns array with the search result
 	 *
 	 * Executes an LDAP search
 	 */
-	static public function search($filter, $attr = null) {
-		$sr = ldap_search(self::getConnectionResource(), self::$ldapBase, $filter, array($attr));
+	static private function search($filter, $base, $attr = null) {
+		$sr = ldap_search(self::getConnectionResource(), $base, $filter, array($attr));
 		$findings = ldap_get_entries(self::getConnectionResource(), $sr );

 		if(!is_null($attr)) {
@ -150,7 +177,9 @@ class OC_LDAP {
 			self::$ldapPort            = OC_Appconfig::getValue('user_ldap', 'ldap_port', OC_USER_BACKEND_LDAP_DEFAULT_PORT);
 			self::$ldapAgentName       = OC_Appconfig::getValue('user_ldap', 'ldap_dn','');
 			self::$ldapAgentPassword   = OC_Appconfig::getValue('user_ldap', 'ldap_password','');
-			self::$ldapBase            = OC_Appconfig::getValue('user_ldap', 'ldap_base','');
+			self::$ldapBase            = OC_Appconfig::getValue('user_ldap', 'ldap_base', '');
+			self::$ldapBaseUsers       = OC_Appconfig::getValue('user_ldap', 'ldap_base_users',self::$ldapBase);
+			self::$ldapBaseGroups      = OC_Appconfig::getValue('user_ldap', 'ldap_base_groups', self::$ldapBase);
 			self::$ldapTLS             = OC_Appconfig::getValue('user_ldap', 'ldap_tls',0);
 			self::$ldapNoCase          = OC_Appconfig::getValue('user_ldap', 'ldap_nocase', 0);
 			self::$ldapUserDisplayName = OC_Appconfig::getValue('user_ldap', 'ldap_display_name', OC_USER_BACKEND_LDAP_DEFAULT_DISPLAY_NAME);
@ -163,6 +192,8 @@ class OC_LDAP {
 					|| ( empty(self::$ldapAgentName) &&  empty(self::$ldapAgentPassword))
 				)
 				&& !empty(self::$ldapBase)
+				&& !empty(self::$ldapBaseUsers)
+				&& !empty(self::$ldapBaseGroups)
 				&& !empty(self::$ldapUserDisplayName)
 			)
 			{