2 commits - lib/Auth
Aleksander Machniak
machniak at kolabsys.com
Wed Dec 4 12:00:27 CET 2013
lib/Auth/LDAP.php | 133 +++++++++++++++++++++++++++++++++++++-----------------
1 file changed, 92 insertions(+), 41 deletions(-)
New commits:
commit 6d679801acda67dcea1d8828b6273993dd9e3672
Author: Aleksander Machniak <alec at alec.pl>
Date: Wed Dec 4 12:00:01 2013 +0100
Cache domain name to domain DN map
diff --git a/lib/Auth/LDAP.php b/lib/Auth/LDAP.php
index 54b8943..d6e9119 100644
--- a/lib/Auth/LDAP.php
+++ b/lib/Auth/LDAP.php
@@ -526,12 +526,11 @@ class LDAP extends Net_LDAP3 {
*/
public function effective_rights($subject)
{
- $cache = $this->get_cache();
$ckey = $_SESSION['user']->user_bind_dn . '#'
. md5($this->domain . '::' . $subject . '::' . $_SESSION['user']->user_bind_pw);
// use memcache
- if ($cache && ($result = $cache->get($ckey))) {
+ if ($result = $this->get_cache_data($ckey)) {
return $result;
}
// use internal cache
@@ -565,12 +564,7 @@ class LDAP extends Net_LDAP3 {
$result = $this->legacy_rights($subject);
}
- if ($cache) {
- if (!$cache->replace($ckey, $result, MEMCACHE_COMPRESSED, 3600)) {
- $cache->set($ckey, $result, MEMCACHE_COMPRESSED, 3600);
- }
- }
- else {
+ if (!$this->set_cache_data($ckey, $result)) {
$this->icache[$ckey] = $result;
}
@@ -1510,6 +1504,13 @@ class LDAP extends Net_LDAP3 {
{
$this->_log(LOG_DEBUG, "Auth::LDAP::_find_domain($domain)");
+ $ckey = 'domain::' . $domain;
+
+ // use memcache
+ if ($domain_dn = $this->get_cache_data($ckey)) {
+ return $this->_read($domain_dn, $attributes);
+ }
+
$domain_base_dn = $this->conf->get('ldap', 'domain_base_dn');
$domain_filter = $this->conf->get('ldap', 'domain_filter');
$domain_name_attribute = $this->conf->get('ldap', 'domain_name_attribute');
@@ -1521,7 +1522,14 @@ class LDAP extends Net_LDAP3 {
$domain_filter = "(&" . $domain_filter . "(" . $domain_name_attribute . "=" . $domain . "))";
if ($result = $this->_search($domain_base_dn, $domain_filter, $attributes)) {
- return $result->entries(true);
+ $result = $result->entries(true);
+
+ // cache domain DN
+ if (count($result) == 1) {
+ $this->set_cache_data($ckey, key($result));
+ }
+
+ return $result;
}
}
@@ -1569,6 +1577,7 @@ class LDAP extends Net_LDAP3 {
$this->memcache = false;
return false;
}
+
// add all configured hosts to pool
$pconnect = $this->conf->get('kolab_wap', 'memcache_pconnect', Conf::BOOL);
$hosts = $this->conf->get('kolab_wap', 'memcache_hosts');
@@ -1618,4 +1627,40 @@ class LDAP extends Net_LDAP3 {
}
}
+ /**
+ * Get cached data
+ *
+ * @param string $key Cache key
+ *
+ * @return mixed Cached value
+ */
+ public function get_cache_data($key)
+ {
+ if ($cache = $this->get_cache()) {
+ return $cache->get($ckey);
+ }
+ }
+
+ /**
+ * Store cached data
+ *
+ * @param string $key Cache key
+ * @param mixed $data Data
+ * @param int $ttl Cache TTL in seconds
+ *
+ * @return bool False on failure or when cache is disabled, True if data was saved succesfully
+ */
+ public function set_cache_data($key, $data, $ttl = 3600)
+ {
+ if ($cache = $this->get_cache()) {
+ if (!$cache->replace($ckey, $data, MEMCACHE_COMPRESSED, $ttl)) {
+ return $cache->set($ckey, $data, MEMCACHE_COMPRESSED, $ttl);
+ }
+ else {
+ return true;
+ }
+ }
+
+ return false;
+ }
}
commit ca8edc9c0a1ff77533ec6691eec60d2c6b668aea
Author: Aleksander Machniak <alec at alec.pl>
Date: Wed Dec 4 10:17:59 2013 +0100
Code for finding a domain by name moved to _find_domain() method
diff --git a/lib/Auth/LDAP.php b/lib/Auth/LDAP.php
index 25cb754..54b8943 100644
--- a/lib/Auth/LDAP.php
+++ b/lib/Auth/LDAP.php
@@ -309,16 +309,14 @@ class LDAP extends Net_LDAP3 {
}
// Query the ACI for the primary domain
- $domain_filter = $this->conf->get('ldap', 'domain_filter');
- $domain_filter = '(&(' . $domain_name_attribute . '=' . $primary_domain . ')' . $domain_filter . ')';
- $results = $this->_search($domain_base_dn, $domain_filter);
- $entries = $results->entries(true);
- $domain_entry = array_shift($entries);
-
- if (in_array('inetdomainbasedn', $domain_entry)) {
- $_base_dn = $domain_entry['inetdomainbasedn'];
+ if ($domain_entry = $this->_find_domain($primary_domain)) {
+ $domain_entry = array_shift($domain_entry);
+ if (in_array('inetdomainbasedn', $domain_entry)) {
+ $_base_dn = $domain_entry['inetdomainbasedn'];
+ }
}
- else {
+
+ if (empty($_base_dn)) {
$_base_dn = $this->_standard_root_dn($primary_domain);
}
@@ -511,27 +509,15 @@ class LDAP extends Net_LDAP3 {
$domain_dn = $this->entry_dn($domain, array(), $domain_base_dn);
if (!$domain_dn) {
- $domain_filter = $this->conf->get('ldap', 'domain_filter');
- $domain_name_attribute = $this->conf->get('ldap', 'domain_name_attribute');
- $domain_filter = "(&" . $domain_filter . "(" . $domain_name_attribute . "=" . $domain . "))";
-
- $this->_log(LOG_DEBUG, "Auth::LDAP::domain_info() uses _search()");
- if ($result = $this->_search($domain_base_dn, $domain_filter, $attributes)) {
- $result = $result->entries(true);
- }
+ $result = $this->_find_domain($domain, $attributes);
}
else {
- $this->_log(LOG_DEBUG, "Auth::LDAP::domain_info() uses _read()");
$result = $this->_read($domain_dn, $attributes);
}
- if (!$result) {
- return false;
- }
-
$this->_log(LOG_DEBUG, "Auth::LDAP::domain_info() result: " . var_export($result, true));
- return $result;
+ return $result ? $result : false;
}
/**
@@ -1424,25 +1410,19 @@ class LDAP extends Net_LDAP3 {
return false;
}
- $domain_base_dn = $this->conf->get('ldap', 'domain_base_dn');
- $domain_filter = $this->conf->get('ldap', 'domain_filter');
$domain_name_attribute = $this->conf->get('ldap', 'domain_name_attribute');
if (empty($domain_name_attribute)) {
$domain_name_attribute = 'associateddomain';
}
- $domain_filter = "(&" . $domain_filter . "(" . $domain_name_attribute . "=" . $domain . "))";
-
- $result = $this->_search($domain_base_dn, $domain_filter);
+ $entry_attrs = $this->_find_domain($domain);
- if (!$result) {
+ if (!$entry_attrs) {
return $this->_standard_root_dn($domain);
}
- $entries = $result->entries(true);
- $entry_dn = key($entries);
- $entry_attrs = $entries[$entry_dn];
+ $entry_attrs = array_shift($entry_attrs);
if (is_array($entry_attrs)) {
if (array_key_exists('inetdomainbasedn', $entry_attrs) && !empty($entry_attrs['inetdomainbasedn'])) {
@@ -1462,7 +1442,6 @@ class LDAP extends Net_LDAP3 {
}
return $domain_root_dn;
-
}
/**
@@ -1520,6 +1499,33 @@ class LDAP extends Net_LDAP3 {
}
/**
+ * Find domain by name
+ *
+ * @param string $domain Domain name
+ * @param array $attributes Result attributes
+ *
+ * @return array Domain records indexed by base DN
+ */
+ private function _find_domain($domain, $attributes = array('*'))
+ {
+ $this->_log(LOG_DEBUG, "Auth::LDAP::_find_domain($domain)");
+
+ $domain_base_dn = $this->conf->get('ldap', 'domain_base_dn');
+ $domain_filter = $this->conf->get('ldap', 'domain_filter');
+ $domain_name_attribute = $this->conf->get('ldap', 'domain_name_attribute');
+
+ if (empty($domain_name_attribute)) {
+ $domain_name_attribute = 'associateddomain';
+ }
+
+ $domain_filter = "(&" . $domain_filter . "(" . $domain_name_attribute . "=" . $domain . "))";
+
+ if ($result = $this->_search($domain_base_dn, $domain_filter, $attributes)) {
+ return $result->entries(true);
+ }
+ }
+
+ /**
* From a domain name, such as 'kanarip.com', create a standard root
* dn, such as 'dc=kanarip,dc=com'.
*
More information about the commits
mailing list