Skip to content

resolve user and groups in nested groups first before filtering the results #14464

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
blizzz merged 8 commits into from
Mar 7, 2019
Merged

resolve user and groups in nested groups first before filtering the results #14464

Changes from 1 commit
Commits
Show all changes
8 commits
Select commit Hold shift + click to select a range
c2d8a36
user_ldap: Filter groups after nexted groups
Feb 7, 2018
afb1826
user_ldap: really resolve nested groups
Feb 7, 2018
e7c506c
Reduce queries to LDAP by caching nested groups
Feb 7, 2018
459b8a4
Fixed unit test: groupsMatchFilter will not be called multiple times …
Feb 8, 2018
5dd2207
fix nested group retrieval also for 2 other cases
blizzz Mar 1, 2019
dfc7007
with LDAP server set offline, config cannot be controlled via ocs any…
blizzz Mar 5, 2019
987db8e
add missing config bits to integration tests
blizzz Mar 5, 2019
e36cede
remove unused use statement
blizzz Mar 5, 2019
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Prev Previous commit
Next Next commit
Reduce queries to LDAP by caching nested groups 
Nested groups are now cached in a CappedMemoryCache object to reduce
queries to the LDAP backend.

Signed-off-by: Roland Tapken <[email protected]>
  • Loading branch information
@blizzz
Roland Tapken authored and blizzz committed Mar 5, 2019
commit e7c506cff100b588e1943bd7dbaef2ef687a1bfb
24 changes: 18 additions & 6 deletions apps/user_ldap/lib/Group_LDAP.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -58,6 +58,11 @@ class Group_LDAP extends BackendUtility implements \OCP\GroupInterface, IGroupLD
*/
protected $cachedGroupsByMember;

/**
* @var string[] $cachedNestedGroups array of groups with gid (DN) as key
*/
protected $cachedNestedGroups;

/** @var GroupPluginManager */
protected $groupPluginManager;

Expand All @@ -71,6 +76,7 @@ public function __construct(Access $access, GroupPluginManager $groupPluginManag

$this->cachedGroupMembers = new CappedMemoryCache();
$this->cachedGroupsByMember = new CappedMemoryCache();
$this->cachedNestedGroups = new CappedMemoryCache();
$this->groupPluginManager = $groupPluginManager;
}

Expand Down Expand Up @@ -257,8 +263,8 @@ private function _getGroupDNsFromMemberOf($DN) {
if (!is_array($groups)) {
return array();
}
$nestedGroups = $this->access->connection->ldapNestedGroups;
if ((int)$nestedGroups === 1) {
$nestedGroups = (int) $this->access->connection->ldapNestedGroups;
if ($nestedGroups === 1) {
$seen = array();
while ($group = array_pop($groups)) {
if ($group === $DN || array_key_exists($group, $seen)) {
Expand All @@ -268,11 +274,17 @@ private function _getGroupDNsFromMemberOf($DN) {
$seen[$group] = 1;

// Resolve nested groups
$nestedGroups = $this->access->readAttribute($group, 'memberOf');
if (is_array($nestedGroups)) {
foreach ($nestedGroups as $nestedGroup) {
array_push($groups, $nestedGroup);
if (isset($cachedNestedGroups[$group])) {
$nestedGroups = $cachedNestedGroups[$group];
} else {
$nestedGroups = $this->access->readAttribute($group, 'memberOf');
if (!is_array($nestedGroups)) {
$nestedGroups = [];
}
$cachedNestedGroups[$group] = $nestedGroups;
}
foreach ($nestedGroups as $nestedGroup) {
array_push($groups, $nestedGroup);
}
}
// Get unique group DN's from those we have visited in the loop
Expand Down