Loading Dockerfile +1 −0 Original line number Diff line number Diff line Loading @@ -163,6 +163,7 @@ RUN cd ${BASE_DIR}/custom_apps && patch -p0 < ${TMP_PATCH_DIR}/005-autocomplete- RUN cd ${BASE_DIR} && patch -u ${BASE_DIR}/apps/dashboard/lib/Controller/DashboardController.php -i ${TMP_PATCH_DIR}/012-remove-user-status-widget.patch RUN patch -u ${BASE_DIR}/core/templates/layout.guest.php -i ${TMP_PATCH_DIR}/016-login-screen.patch RUN patch -u ${BASE_DIR}/lib/private/Notification/Manager.php -i ${TMP_PATCH_DIR}/020-fairuse-notification-fix.patch RUN cd ${BASE_DIR} && patch -u ${BASE_DIR}/apps/user_ldap/lib/User_LDAP.php -i ${TMP_PATCH_DIR}/023-ldap-check-pwd-optimization.patch RUN rm -rf ${TMP_PATCH_DIR} RUN curl -fsSL -o ldap_write_support.tar.gz \ Loading patches/023-ldap-check-pwd-optimization.patch 0 → 100644 +73 −0 Original line number Diff line number Diff line From: Akhil <akhil@e.email> Date: Wed, 04 Jan 2023 16:24 +0530 Subject: [PATCH] This patch optimize the ldap checkPassword function to reduce number of LDAP binds and SQL UPDATE operations per password check --- ./apps/user_ldap/lib/User_LDAP.php 2023-01-04 16:20:02.747181606 +0530 +++ ./apps/user_ldap/lib/User_LDAP-new.php 2023-01-04 16:22:34.282504132 +0530 @@ -114,11 +114,12 @@ * @return string|false * @throws \Exception */ - public function loginName2UserName($loginName) { + public function loginName2UserName($loginName, bool $overrideCacheIfFalse = false) { $cacheKey = 'loginName2UserName-' . $loginName; $username = $this->access->connection->getFromCache($cacheKey); - if ($username !== null) { + $overrideCache = $overrideCacheIfFalse && $username === false; + if ($username !== null && !$overrideCache) { return $username; } @@ -176,39 +177,27 @@ * @return false|string */ public function checkPassword($uid, $password) { - try { - $ldapRecord = $this->getLDAPUserByLoginName($uid); - } catch (NotOnLDAP $e) { - $this->logger->debug( - $e->getMessage(), - ['app' => 'user_ldap', 'exception' => $e] - ); + $username = $this->loginName2UserName($uid, true); + if(!$username) { return false; } - $dn = $ldapRecord['dn'][0]; - $user = $this->access->userManager->get($dn); - if (!$user instanceof User) { - $this->logger->warning( - 'LDAP Login: Could not get user object for DN ' . $dn . - '. Maybe the LDAP entry has no set display name attribute?', - ['app' => 'user_ldap'] - ); - return false; - } - if ($user->getUsername() !== false) { - //are the credentials OK? - if (!$this->access->areCredentialsValid($dn, $password)) { + $dn = $this->access->username2dn($username); + //are the credentials OK? + if ($dn && $this->access->areCredentialsValid($dn, $password)) { + $user = $this->access->userManager->get($username); + if (!$user instanceof User) { + $this->logger->warning( + 'LDAP Login: Could not get user object for DN ' . $dn . + '. Maybe the LDAP entry has no set display name attribute?', + ['app' => 'user_ldap'] + ); return false; } - $this->access->cacheUserExists($user->getUsername()); - $user->processAttributes($ldapRecord); $user->markLogin(); - return $user->getUsername(); } - return false; } Loading
Dockerfile +1 −0 Original line number Diff line number Diff line Loading @@ -163,6 +163,7 @@ RUN cd ${BASE_DIR}/custom_apps && patch -p0 < ${TMP_PATCH_DIR}/005-autocomplete- RUN cd ${BASE_DIR} && patch -u ${BASE_DIR}/apps/dashboard/lib/Controller/DashboardController.php -i ${TMP_PATCH_DIR}/012-remove-user-status-widget.patch RUN patch -u ${BASE_DIR}/core/templates/layout.guest.php -i ${TMP_PATCH_DIR}/016-login-screen.patch RUN patch -u ${BASE_DIR}/lib/private/Notification/Manager.php -i ${TMP_PATCH_DIR}/020-fairuse-notification-fix.patch RUN cd ${BASE_DIR} && patch -u ${BASE_DIR}/apps/user_ldap/lib/User_LDAP.php -i ${TMP_PATCH_DIR}/023-ldap-check-pwd-optimization.patch RUN rm -rf ${TMP_PATCH_DIR} RUN curl -fsSL -o ldap_write_support.tar.gz \ Loading
patches/023-ldap-check-pwd-optimization.patch 0 → 100644 +73 −0 Original line number Diff line number Diff line From: Akhil <akhil@e.email> Date: Wed, 04 Jan 2023 16:24 +0530 Subject: [PATCH] This patch optimize the ldap checkPassword function to reduce number of LDAP binds and SQL UPDATE operations per password check --- ./apps/user_ldap/lib/User_LDAP.php 2023-01-04 16:20:02.747181606 +0530 +++ ./apps/user_ldap/lib/User_LDAP-new.php 2023-01-04 16:22:34.282504132 +0530 @@ -114,11 +114,12 @@ * @return string|false * @throws \Exception */ - public function loginName2UserName($loginName) { + public function loginName2UserName($loginName, bool $overrideCacheIfFalse = false) { $cacheKey = 'loginName2UserName-' . $loginName; $username = $this->access->connection->getFromCache($cacheKey); - if ($username !== null) { + $overrideCache = $overrideCacheIfFalse && $username === false; + if ($username !== null && !$overrideCache) { return $username; } @@ -176,39 +177,27 @@ * @return false|string */ public function checkPassword($uid, $password) { - try { - $ldapRecord = $this->getLDAPUserByLoginName($uid); - } catch (NotOnLDAP $e) { - $this->logger->debug( - $e->getMessage(), - ['app' => 'user_ldap', 'exception' => $e] - ); + $username = $this->loginName2UserName($uid, true); + if(!$username) { return false; } - $dn = $ldapRecord['dn'][0]; - $user = $this->access->userManager->get($dn); - if (!$user instanceof User) { - $this->logger->warning( - 'LDAP Login: Could not get user object for DN ' . $dn . - '. Maybe the LDAP entry has no set display name attribute?', - ['app' => 'user_ldap'] - ); - return false; - } - if ($user->getUsername() !== false) { - //are the credentials OK? - if (!$this->access->areCredentialsValid($dn, $password)) { + $dn = $this->access->username2dn($username); + //are the credentials OK? + if ($dn && $this->access->areCredentialsValid($dn, $password)) { + $user = $this->access->userManager->get($username); + if (!$user instanceof User) { + $this->logger->warning( + 'LDAP Login: Could not get user object for DN ' . $dn . + '. Maybe the LDAP entry has no set display name attribute?', + ['app' => 'user_ldap'] + ); return false; } - $this->access->cacheUserExists($user->getUsername()); - $user->processAttributes($ldapRecord); $user->markLogin(); - return $user->getUsername(); } - return false; }
