sartography
/
cr-connect-workflow
mirror of https://github.com/sartography/cr-connect-workflow.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #425 from sartography/bug/slow_ldap 

Remove wild-card from uid search, it performs very badly.  Add a bit …
This commit is contained in:
Mike Cullerton 2021-11-30 11:09:42 -05:00 committed by GitHub
parent 8cc581611e b9c936da38
commit ec9d8f8a5c
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 9 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
crc/services/ldap_service.py
View File

@ -1,13 +1,9 @@
import logging
import os import os
import ssl
from os import path
from attr import asdict
from ldap3.core.exceptions import LDAPExceptionError from ldap3.core.exceptions import LDAPExceptionError
import datetime as dt
from crc import app, db from crc import app, db
from ldap3 import Connection, Server, MOCK_SYNC, RESTARTABLE, SASL, DIGEST_MD5, ALL, Tls, EXTERNAL, SYNC from ldap3 import Connection, Server, MOCK_SYNC, RESTARTABLE
from crc.api.common import ApiError from crc.api.common import ApiError
from crc.models.ldap import LdapModel, LdapSchema from crc.models.ldap import LdapModel, LdapSchema
@ -18,7 +14,8 @@ class LdapService(object):
attributes = ['uid', 'cn', 'sn', 'displayName', 'givenName', 'mail', 'objectClass', 'UvaDisplayDepartment', attributes = ['uid', 'cn', 'sn', 'displayName', 'givenName', 'mail', 'objectClass', 'UvaDisplayDepartment',
'telephoneNumber', 'title', 'uvaPersonIAMAffiliation', 'uvaPersonSponsoredType'] 'telephoneNumber', 'title', 'uvaPersonIAMAffiliation', 'uvaPersonSponsoredType']
uid_search_string = "(&(objectclass=person)(uid=%s))" uid_search_string = "(&(objectclass=person)(uid=%s))"
user_or_last_name_search = "(&(objectclass=person)(|(uid=%s*)(sn=%s*)))" # adding a '*' to the end of uid here would match partial uid, but it is too slow on the new ldap server.
user_or_last_name_search = "(&(objectclass=person)(|(uid=%s)(sn=%s*)))"
cn_single_search = '(&(objectclass=person)(cn=%s*))' cn_single_search = '(&(objectclass=person)(cn=%s*))'
cn_double_search = '(&(objectclass=person)(&(cn=%s*)(cn=*%s*)))' cn_double_search = '(&(objectclass=person)(&(cn=%s*)(cn=*%s*)))'
temp_cache = {} temp_cache = {}
@ -89,10 +86,13 @@ class LdapService(object):
# Search by user_id or last name # Search by user_id or last name
search_string = LdapService.user_or_last_name_search % (query, query) search_string = LdapService.user_or_last_name_search % (query, query)
results = [] results = []
app.logger.info(search_string)
try: try:
conn = LdapService.__get_conn() conn = LdapService.__get_conn()
a = dt.datetime.now()
conn.search(LdapService.search_base, search_string, attributes=LdapService.attributes) conn.search(LdapService.search_base, search_string, attributes=LdapService.attributes)
b = dt.datetime.now()
app.logger.info('LDAP Search ' + search_string + " -- " + str((b - a).total_seconds()) + " sec.")
# Entries are returned as a generator, accessing entries # Entries are returned as a generator, accessing entries
# can make subsequent calls to the ldap service, so limit # can make subsequent calls to the ldap service, so limit
# those here. # those here.

2
tests/ldap/test_ldap_api.py
View File

@ -10,7 +10,7 @@ class TestLdapApi(BaseTest):
Test to make sure that LDAP api returns a real user Test to make sure that LDAP api returns a real user
""" """
self.load_example_data() self.load_example_data()
rv = self.app.get('/v1.0/ldap?query=dhf', rv = self.app.get('/v1.0/ldap?query=dhf8r',
follow_redirects=True, follow_redirects=True,
content_type="application/json", headers=self.logged_in_headers()) content_type="application/json", headers=self.logged_in_headers())
self.assertTrue(rv.status_code == 200) self.assertTrue(rv.status_code == 200)