Bug 52278 - simplesamlphp does 2 ldap binds where 0 are necessary
simplesamlphp does 2 ldap binds where 0 are necessary
Status: CLOSED FIXED
Product: UCS
Classification: Unclassified
Component: SAML
UCS 4.4
Other Linux
: P5 normal (vote)
: UCS 4.4-6-errata
Assigned To: Florian Best
Jürn Brodersen
:
Depends on: 43384
Blocks:
  Show dependency treegraph
 
Reported: 2020-10-28 16:37 CET by Florian Best
Modified: 2020-11-04 14:49 CET (History)
2 users (show)

See Also:
What kind of report is it?: Development Internal
What type of bug is this?: ---
Who will be affected by this bug?: ---
How will those affected feel about the bug?: ---
User Pain:
Enterprise Customer affected?:
School Customer affected?:
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number:
Bug group (optional): Cleanup, Large environments, Regression, UCS Performance
Max CVSS v3 score:


Attachments
patch (git:fbest/52278-improove-saml-performance) (2.60 KB, patch)
2020-10-28 16:37 CET, Florian Best
Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Florian Best univentionstaff 2020-10-28 16:37:11 CET
Created attachment 10538 [details]
patch (git:fbest/52278-improove-saml-performance)

In our self written PHP module for simplesamlphp (uLDAP.php) we are doing 2 LDAP binds in the constructor of the class. This is not necessary, we can do them also when they are needed.
Comment 1 Florian Best univentionstaff 2020-11-02 13:32:58 CET
The LDAP bind has been moved into a static variable, so it's only initialized once.
The call to initialize this LDAP variable has been deferred to when it is used the first time.

univention-saml.yaml
6a87fd13dec3 | YAML Bug #52278

univention-saml (6.0.2-59)
49b0b8c9f213 | Bug #52278: defer LDAP bind when it is needed
Comment 2 Florian Best univentionstaff 2020-11-02 13:35:21 CET
Introduced in Bug #43384 (git:00624a4420a9d88421f2c1c3dbcc5b5ab30e2dce).
Comment 3 Jürn Brodersen univentionstaff 2020-11-02 22:05:26 CET
What I tested:
No ldap bind on loading the login form -> OK
Login -> OK
Wrong password -> OK
Expired password -> OK
Changing expired password -> OK
jenkins -> OK
yaml -> OK

-> verified