Univention Bugzilla – Attachment 10538 Details for
Bug 52278
simplesamlphp does 2 ldap binds where 0 are necessary
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
patch (git:fbest/52278-improove-saml-performance)
52278.patch (text/plain), 2.60 KB, created by
Florian Best
on 2020-10-28 16:37:11 CET
(
hide
)
Description:
patch (git:fbest/52278-improove-saml-performance)
Filename:
MIME Type:
Creator:
Florian Best
Created:
2020-10-28 16:37:11 CET
Size:
2.60 KB
patch
obsolete
>commit 2cbc303c14bf17a2a435fef6596549a472fd2af7 >Author: Florian Best <best@univention.de> >Date: Wed Oct 28 16:31:02 2020 +0100 > > Bug #52278: fix performance leak > > The request which only displays a login form did 2 LDAP binds, while none are necessary. > curl "https://ucs-sso.$(hostname -d)/simplesamlphp/saml2/idp/SSOService.php?SAMLRequest=$SAML_REQUEST&RelayState=$RELAY_STATE" > > Only initialize LDAP instance on the first use > >diff --git saml/univention-saml/simplesamlphp/modules/uldap/lib/Auth/Source/uLDAP.php saml/univention-saml/simplesamlphp/modules/uldap/lib/Auth/Source/uLDAP.php >index 1becc44f4a..2a3c2835e2 100644 >--- saml/univention-saml/simplesamlphp/modules/uldap/lib/Auth/Source/uLDAP.php >+++ saml/univention-saml/simplesamlphp/modules/uldap/lib/Auth/Source/uLDAP.php >@@ -16,7 +16,7 @@ class sspmod_uldap_Auth_Source_uLDAP extends sspmod_core_Auth_UserPassBase { > * A LDAP configuration object. > */ > private $ldapConfig; >- private $ldap; >+ private static $_ldap = NULL; > private $config; > > >@@ -35,11 +35,16 @@ class sspmod_uldap_Auth_Source_uLDAP extends sspmod_core_Auth_UserPassBase { > > $this->ldapConfig = new sspmod_ldap_ConfigHelper($config, > 'Authentication source ' . var_export($this->authId, TRUE)); >- $this->ldap = new SimpleSAML_Auth_LDAP($config['hostname'], $config['enable_tls'], $config['debug'], $config['timeout']); >- $this->ldap->bind($config['search.username'], $config['search.password']); > $this->config = $config; > } > >+ private function ldap() { >+ if (self::$_ldap === NULL) { >+ self::$_ldap = new SimpleSAML_Auth_LDAP($config['hostname'], $config['enable_tls'], $config['debug'], $config['timeout']); >+ self::$_ldap->bind($config['search.username'], $config['search.password']); >+ } >+ return self::$_ldap; >+ } > > /** > * Attempt to log in using the given username and password. >@@ -71,8 +76,8 @@ class sspmod_uldap_Auth_Source_uLDAP extends sspmod_core_Auth_UserPassBase { > $expired_messages = array("password expired", "The password has expired.", "account expired"); > if (in_array($this->ldapConfig->extended_error, $expired_messages)) { > SimpleSAML\Logger::debug('password is expired, checking for password change'); >- $user_dn = $this->ldap->searchfordn($this->config['search.base'], $this->config['search.attributes'], $username, TRUE); >- $attributes = $this->ldap->getAttributes($user_dn); >+ $user_dn = $this->ldap()->searchfordn($this->config['search.base'], $this->config['search.attributes'], $username, TRUE); >+ $attributes = $this->ldap()->getAttributes($user_dn); > $this->throw_common_login_errors($attributes); > } > }
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=10538">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 52278
: 10538