summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAleksander Machniak <machniak@kolabsys.com>2014-10-31 19:28:07 (GMT)
committerAleksander Machniak <machniak@kolabsys.com>2014-10-31 19:28:07 (GMT)
commit7bc79c68dd1635821fb4d379c15590b521d98979 (patch)
tree0a8fab3cd2d9e7f13269f517bd492b9d7193b028
parente8e352bae686834ba42ebf5418c8e9eacb8e2cee (diff)
downloadkolab-wap-7bc79c68dd1635821fb4d379c15590b521d98979.tar.gz
Fix redundant ldap bind (kolab-service) with enabled cache (#3854)
Remove redundant/useless code
-rw-r--r--lib/Auth/LDAP.php78
1 files changed, 24 insertions, 54 deletions
diff --git a/lib/Auth/LDAP.php b/lib/Auth/LDAP.php
index 2287e03..cf5c062 100644
--- a/lib/Auth/LDAP.php
+++ b/lib/Auth/LDAP.php
@@ -129,10 +129,6 @@ class LDAP extends Net_LDAP3 {
{
$this->_log(LOG_DEBUG, "Auth::LDAP: authentication request for $username against domain $domain");
- if (!$this->connect()) {
- return false;
- }
-
if ($domain == NULL) {
$domain = $this->domain;
}
@@ -1188,7 +1184,6 @@ class LDAP extends Net_LDAP3 {
} else {
return $value;
}
-
}
public function _log($level, $msg)
@@ -1418,18 +1413,6 @@ class LDAP extends Net_LDAP3 {
return $result;
}
- if (!$this->connect()) {
- $this->_log(LOG_DEBUG, "Could not connect");
- return false;
- }
-
- $bind_dn = $this->config_get("service_bind_dn", $this->conf->get("service_bind_dn"));
- $bind_pw = $this->config_get("service_bind_pw", $this->conf->get("service_bind_pw"));
-
- if (!$this->bind($bind_dn, $bind_pw)) {
- return false;
- }
-
$this->_log(LOG_DEBUG, "Auth::LDAP::domain_root_dn(\$domain = $domain)");
if ($entry_attrs = $this->_find_domain($domain)) {
@@ -1464,38 +1447,6 @@ class LDAP extends Net_LDAP3 {
return $domain_root_dn;
}
- /**
- * Probe the root dn with the user credentials.
- *
- * When a list of domains is retrieved, this does not mean the user
- * actually has access. Given the root dn for each domain however, we
- * can in fact attempt to list / search the root dn and see if we get
- * any results. If we don't, maybe this user is not authorized for the
- * domain at all?
- */
- private function _probe_root_dn($entry_root_dn)
- {
- //console("Running for entry root dn: " . $entry_root_dn);
- if (($tmpconn = ldapconnect($this->_ldap_server)) == false) {
- //message("LDAP Error: " . $this->_errstr());
- return false;
- }
-
- //console("User DN: " . $_SESSION['user']->user_bind_dn);
-
- if (ldap_bind($tmpconn, $_SESSION['user']->user_bind_dn, $_SESSION['user']->user_bind_pw) === false) {
- //message("LDAP Error: " . $this->_errstr());
- return false;
- }
-
- if (($list_success = ldap_list($tmpconn, $entry_root_dn, '(objectClass=*)', array('*', 'aci'))) === false) {
- //message("LDAP Error: " . $this->_errstr());
- return false;
- }
-
- return true;
- }
-
private function _read($entry_dn, $attributes = array('*'))
{
$result = $this->search($entry_dn, '(objectclass=*)', 'base', $attributes);
@@ -1528,11 +1479,30 @@ class LDAP extends Net_LDAP3 {
{
$this->_log(LOG_DEBUG, "Auth::LDAP::_find_domain($domain)");
- $ckey = 'domain::' . $domain;
+ $ckey = 'domain::' . $domain;
+
+ if (isset($this->icache[$ckey])) {
+ return $this->icache[$ckey];
+ }
// use memcache
- if ($domain_dn = $this->get_cache_data($ckey)) {
- return $this->_read($domain_dn, $attributes);
+ $domain_dn = $this->get_cache_data($ckey);
+
+ // connect and bind only if needed
+ if (empty($this->_current_bind_dn)
+ && (!$domain_dn || empty($_SESSION['user']) || empty($_SESSION['user']->user_bind_dn))
+ ) {
+ $bind_dn = $this->conf->get('service_bind_dn');
+ $bind_pw = $this->conf->get('service_bind_pw');
+
+ if (!$this->bind($bind_dn, $bind_pw)) {
+ return false;
+ }
+ }
+
+ // Got cached domain DN, no need for searching, just read
+ if ($domain_dn) {
+ return $this->icache[$ckey] = $this->_read($domain_dn, $attributes);
}
$domain_base_dn = $this->conf->get('ldap', 'domain_base_dn');
@@ -1552,9 +1522,9 @@ class LDAP extends Net_LDAP3 {
if (count($result) == 1) {
$this->set_cache_data($ckey, key($result));
}
-
- return $result;
}
+
+ return $this->icache[$ckey] = $result;
}
/**