Univention Bugzilla – Attachment 7943 Details for
Bug 42167
password reset (student) causes search for every user in LDAP before narrowing it down
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
Extracted patch as hotfix (NOT TESTED BY QA!)
bug42167c.patch (text/plain), 2.68 KB, created by
Sönke Schwardt-Krummrich
on 2016-08-30 13:06:07 CEST
(
hide
)
Description:
Extracted patch as hotfix (NOT TESTED BY QA!)
Filename:
MIME Type:
Creator:
Sönke Schwardt-Krummrich
Created:
2016-08-30 13:06:07 CEST
Size:
2.68 KB
patch
obsolete
>--- schoolldap.py.ORIG >+++ schoolldap.py >@@ -34,6 +34,7 @@ import univention.config_registry > import univention.uldap > import univention.admin.config > import univention.admin.modules >+from univention.admin.uexceptions import noObject > > import univention.admin.modules as udm_modules > from univention.management.console.protocol.message import Message >@@ -436,28 +437,49 @@ class SchoolBaseModule(Base): > groupObj = groupModule.object(None, ldap_connection, None, group) > groupObj.open() > >- users = cls.get_all(ldap_connection, school, LDAP_Filter.forUsers(pattern)) >- users = [user.get_udm_object(ldap_connection) for user in users] >- if groupObj: >- # filter users to be members of the specified group >- users = [i for i in users if i.dn in set(groupObj['users'])] >+ # The following code block prevents a massive performance loss if the group >+ # contains far less users than all available users. The else-block opens >+ # all available users ==> high LDAP load! (Bug #42167) >+ users = [] >+ for userdn in set(groupObj['users']): >+ try: >+ user = cls.from_dn(userdn, school, ldap_connection) >+ except noObject: >+ continue >+ if school not in user.schools: >+ continue >+ udm_obj = user.get_udm_object(ldap_connection) >+ if pattern: >+ # check if pattern is part of any of user's common properties (case insensitive) >+ if not any([pattern.lower() in udm_obj.info.get(propertyname, '').lower() for propertyname in LDAP_Filter.forUsersSubMatch]): >+ continue >+ users.append(udm_obj) >+ else: >+ # be aware that this search opens all user objects of specified type and may take some time! >+ users = cls.get_all(ldap_connection, school, LDAP_Filter.forUsers(pattern)) >+ users = [user.get_udm_object(ldap_connection) for user in users] >+ > return users > > > class LDAP_Filter: >+ forUsersSubMatch = ['lastname', 'username', 'firstname'] >+ forGroupsSubMatch = ['name', 'description'] >+ forComputersSubMatch = ['name', 'description'] >+ forComputersFullMatch = ['mac', 'ip'] > > @staticmethod > def forUsers( pattern ): >- return LDAP_Filter.forAll( pattern, ['lastname', 'username', 'firstname'] ) >+ return LDAP_Filter.forAll(pattern, LDAP_Filter.forUsersSubMatch) > > @staticmethod > def forGroups( pattern, school = None ): > # school parameter is deprecated >- return LDAP_Filter.forAll( pattern, ['name', 'description'] ) >+ return LDAP_Filter.forAll(pattern, LDAP_Filter.forGroupsSubMatch) > > @staticmethod > def forComputers( pattern ): >- return LDAP_Filter.forAll( pattern, ['name', 'description'], ['mac', 'ip'] ) >+ return LDAP_Filter.forAll(pattern, LDAP_Filter.forComputersSubMatch, LDAP_Filter.forComputersFullMatch) > > regWhiteSpaces = re.compile(r'\s+') > @staticmethod
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=7943">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 42167
: 7943 |
7944
|
7945