2 commits - lib/Auth

Aleksander Machniak machniak at kolabsys.com
Wed Dec 4 12:00:27 CET 2013


 lib/Auth/LDAP.php |  133 +++++++++++++++++++++++++++++++++++++-----------------
 1 file changed, 92 insertions(+), 41 deletions(-)

New commits:
commit 6d679801acda67dcea1d8828b6273993dd9e3672
Author: Aleksander Machniak <alec at alec.pl>
Date:   Wed Dec 4 12:00:01 2013 +0100

    Cache domain name to domain DN map

diff --git a/lib/Auth/LDAP.php b/lib/Auth/LDAP.php
index 54b8943..d6e9119 100644
--- a/lib/Auth/LDAP.php
+++ b/lib/Auth/LDAP.php
@@ -526,12 +526,11 @@ class LDAP extends Net_LDAP3 {
      */
     public function effective_rights($subject)
     {
-        $cache = $this->get_cache();
         $ckey  = $_SESSION['user']->user_bind_dn . '#'
             . md5($this->domain . '::' . $subject . '::' . $_SESSION['user']->user_bind_pw);
 
         // use memcache
-        if ($cache && ($result = $cache->get($ckey))) {
+        if ($result = $this->get_cache_data($ckey)) {
             return $result;
         }
         // use internal cache
@@ -565,12 +564,7 @@ class LDAP extends Net_LDAP3 {
             $result = $this->legacy_rights($subject);
         }
 
-        if ($cache) {
-            if (!$cache->replace($ckey, $result, MEMCACHE_COMPRESSED, 3600)) {
-                $cache->set($ckey, $result, MEMCACHE_COMPRESSED, 3600);
-            }
-        }
-        else {
+        if (!$this->set_cache_data($ckey, $result)) {
              $this->icache[$ckey] = $result;
         }
 
@@ -1510,6 +1504,13 @@ class LDAP extends Net_LDAP3 {
     {
         $this->_log(LOG_DEBUG, "Auth::LDAP::_find_domain($domain)");
 
+        $ckey  = 'domain::' . $domain;
+
+        // use memcache
+        if ($domain_dn = $this->get_cache_data($ckey)) {
+            return $this->_read($domain_dn, $attributes);
+        }
+
         $domain_base_dn        = $this->conf->get('ldap', 'domain_base_dn');
         $domain_filter         = $this->conf->get('ldap', 'domain_filter');
         $domain_name_attribute = $this->conf->get('ldap', 'domain_name_attribute');
@@ -1521,7 +1522,14 @@ class LDAP extends Net_LDAP3 {
         $domain_filter = "(&" . $domain_filter . "(" . $domain_name_attribute . "=" . $domain . "))";
 
         if ($result = $this->_search($domain_base_dn, $domain_filter, $attributes)) {
-            return $result->entries(true);
+            $result = $result->entries(true);
+
+            // cache domain DN
+            if (count($result) == 1) {
+                $this->set_cache_data($ckey, key($result));
+            }
+
+            return $result;
         }
     }
 
@@ -1569,6 +1577,7 @@ class LDAP extends Net_LDAP3 {
                 $this->memcache = false;
                 return false;
             }
+
             // add all configured hosts to pool
             $pconnect = $this->conf->get('kolab_wap', 'memcache_pconnect', Conf::BOOL);
             $hosts    = $this->conf->get('kolab_wap', 'memcache_hosts');
@@ -1618,4 +1627,40 @@ class LDAP extends Net_LDAP3 {
         }
     }
 
+    /**
+     * Get cached data
+     *
+     * @param string $key Cache key
+     *
+     * @return mixed Cached value
+     */
+    public function get_cache_data($key)
+    {
+        if ($cache = $this->get_cache()) {
+            return $cache->get($ckey);
+        }
+    }
+
+    /**
+     * Store cached data
+     *
+     * @param string $key  Cache key
+     * @param mixed  $data Data
+     * @param int    $ttl  Cache TTL in seconds
+     *
+     * @return bool False on failure or when cache is disabled, True if data was saved succesfully
+     */
+    public function set_cache_data($key, $data, $ttl = 3600)
+    {
+        if ($cache = $this->get_cache()) {
+            if (!$cache->replace($ckey, $data, MEMCACHE_COMPRESSED, $ttl)) {
+                return $cache->set($ckey, $data, MEMCACHE_COMPRESSED, $ttl);
+            }
+            else {
+                return true;
+            }
+        }
+
+        return false;
+    }
 }


commit ca8edc9c0a1ff77533ec6691eec60d2c6b668aea
Author: Aleksander Machniak <alec at alec.pl>
Date:   Wed Dec 4 10:17:59 2013 +0100

    Code for finding a domain by name moved to _find_domain() method

diff --git a/lib/Auth/LDAP.php b/lib/Auth/LDAP.php
index 25cb754..54b8943 100644
--- a/lib/Auth/LDAP.php
+++ b/lib/Auth/LDAP.php
@@ -309,16 +309,14 @@ class LDAP extends Net_LDAP3 {
         }
 
         // Query the ACI for the primary domain
-        $domain_filter = $this->conf->get('ldap', 'domain_filter');
-        $domain_filter = '(&(' . $domain_name_attribute . '=' . $primary_domain . ')' . $domain_filter . ')';
-        $results       = $this->_search($domain_base_dn, $domain_filter);
-        $entries       = $results->entries(true);
-        $domain_entry  = array_shift($entries);
-
-        if (in_array('inetdomainbasedn', $domain_entry)) {
-            $_base_dn = $domain_entry['inetdomainbasedn'];
+        if ($domain_entry = $this->_find_domain($primary_domain)) {
+            $domain_entry = array_shift($domain_entry);
+            if (in_array('inetdomainbasedn', $domain_entry)) {
+                $_base_dn = $domain_entry['inetdomainbasedn'];
+            }
         }
-        else {
+
+        if (empty($_base_dn)) {
             $_base_dn = $this->_standard_root_dn($primary_domain);
         }
 
@@ -511,27 +509,15 @@ class LDAP extends Net_LDAP3 {
         $domain_dn      = $this->entry_dn($domain, array(), $domain_base_dn);
 
         if (!$domain_dn) {
-            $domain_filter         = $this->conf->get('ldap', 'domain_filter');
-            $domain_name_attribute = $this->conf->get('ldap', 'domain_name_attribute');
-            $domain_filter         = "(&" . $domain_filter . "(" . $domain_name_attribute . "=" . $domain . "))";
-
-            $this->_log(LOG_DEBUG, "Auth::LDAP::domain_info() uses _search()");
-            if ($result = $this->_search($domain_base_dn, $domain_filter, $attributes)) {
-                $result = $result->entries(true);
-            }
+            $result = $this->_find_domain($domain, $attributes);
         }
         else {
-            $this->_log(LOG_DEBUG, "Auth::LDAP::domain_info() uses _read()");
             $result = $this->_read($domain_dn, $attributes);
         }
 
-        if (!$result) {
-            return false;
-        }
-
         $this->_log(LOG_DEBUG, "Auth::LDAP::domain_info() result: " . var_export($result, true));
 
-        return $result;
+        return $result ? $result : false;
     }
 
     /**
@@ -1424,25 +1410,19 @@ class LDAP extends Net_LDAP3 {
             return false;
         }
 
-        $domain_base_dn        = $this->conf->get('ldap', 'domain_base_dn');
-        $domain_filter         = $this->conf->get('ldap', 'domain_filter');
         $domain_name_attribute = $this->conf->get('ldap', 'domain_name_attribute');
 
         if (empty($domain_name_attribute)) {
             $domain_name_attribute = 'associateddomain';
         }
 
-        $domain_filter = "(&" . $domain_filter . "(" . $domain_name_attribute . "=" . $domain . "))";
-
-        $result = $this->_search($domain_base_dn, $domain_filter);
+        $entry_attrs = $this->_find_domain($domain);
 
-        if (!$result) {
+        if (!$entry_attrs) {
             return $this->_standard_root_dn($domain);
         }
 
-        $entries     = $result->entries(true);
-        $entry_dn    = key($entries);
-        $entry_attrs = $entries[$entry_dn];
+        $entry_attrs = array_shift($entry_attrs);
 
         if (is_array($entry_attrs)) {
             if (array_key_exists('inetdomainbasedn', $entry_attrs) && !empty($entry_attrs['inetdomainbasedn'])) {
@@ -1462,7 +1442,6 @@ class LDAP extends Net_LDAP3 {
         }
 
         return $domain_root_dn;
-
     }
 
     /**
@@ -1520,6 +1499,33 @@ class LDAP extends Net_LDAP3 {
     }
 
     /**
+     * Find domain by name
+     *
+     * @param string $domain     Domain name
+     * @param array  $attributes Result attributes
+     *
+     * @return array Domain records indexed by base DN
+     */
+    private function _find_domain($domain, $attributes = array('*'))
+    {
+        $this->_log(LOG_DEBUG, "Auth::LDAP::_find_domain($domain)");
+
+        $domain_base_dn        = $this->conf->get('ldap', 'domain_base_dn');
+        $domain_filter         = $this->conf->get('ldap', 'domain_filter');
+        $domain_name_attribute = $this->conf->get('ldap', 'domain_name_attribute');
+
+        if (empty($domain_name_attribute)) {
+            $domain_name_attribute = 'associateddomain';
+        }
+
+        $domain_filter = "(&" . $domain_filter . "(" . $domain_name_attribute . "=" . $domain . "))";
+
+        if ($result = $this->_search($domain_base_dn, $domain_filter, $attributes)) {
+            return $result->entries(true);
+        }
+    }
+
+    /**
      * From a domain name, such as 'kanarip.com', create a standard root
      * dn, such as 'dc=kanarip,dc=com'.
      *




More information about the commits mailing list