[
https://issues.apache.org/jira/browse/JAMES-1313?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Norman Maurer resolved JAMES-1313.
----------------------------------
Resolution: Fixed
Fix Version/s: (was: 3.0-beta3)
3.0-beta4
Assignee: Norman Maurer
Thanks again for the patch. I just committed it. Sorry for taking so long but I
lost track of it :(
> more effective getUserByName(String name) in
> org.apache.james.user.ldap.ReadOnlyUsersLDAPRepository
> ----------------------------------------------------------------------------------------------------
>
> Key: JAMES-1313
> URL: https://issues.apache.org/jira/browse/JAMES-1313
> Project: JAMES Server
> Issue Type: Improvement
> Components: UsersStore & UsersRepository
> Affects Versions: 3.0-beta3
> Reporter: Peter Kvokacka
> Assignee: Norman Maurer
> Priority: Minor
> Labels: patch
> Fix For: 3.0-beta4
>
> Attachments: ReadOnlyUsersLDAPRepository.java.patch
>
>
> Hello
> I'd like to use james in my current project, but I find LDAP implementation
> of usersRepository to be not very effective.
> Especially method getUserByName(String name) in
> org.apache.james.user.ldap.ReadOnlyUsersLDAPRepository seems to search all
> users in LDAP with userBase and after that it goes through the result in
> memory and looking for specific user. Which produce search like this with
> potencialy big resultset:
> SEARCH REQ conn=26 op=6 msgID=7 base="ou=people,dc=mycompany,dc=sk"
> scope=wholeSubtree filter="(objectClass=inetOrgPerson)"
> attrs="distinguishedName"
> SEARCH RES conn=26 op=6 msgID=7 result=0 nentries=438 etime=169
> SEARCH REQ conn=26 op=7 msgID=8
> base="uid=somebody,ou=people,dc=mycompany,dc=sk" scope=baseObject
> filter="(objectClass=*)" attrs="ALL"
> SEARCH RES conn=26 op=7 msgID=8 result=0 nentries=1 etime=1
> ... X more, where X is size-1 of userBase subtree
> I suggest a patch that (at least in my case) does simple search instead:
> <repository name="LocalUsers"
> class="org.apache.james.user.ldap.ReadOnlyUsersLDAPRepository"
> ldapHost="ldaps://ldap.mycomapny.local:1636"
> principal="cn=admin"
> credentials="***"
> userBase="ou=people,dc=mycompany,dc=sk"
> userIdAttribute="uid"
> userObjectClass="inetOrgPerson"/>
> SEARCH REQ conn=26 op=1 msgID=2
> base="uid=test0123,ou=people,dc=mycompany,dc=sk" scope=baseObject
> filter="(objectClass=inetOrgPerson)" attrs="uid"
> SEARCH RES conn=26 op=1 msgID=2 result=0 nentries=1 etime=1
> There is only one assumption that distinguishedName for each entry in
> userBase is "userIdAttribute=$name,userBase", where $name is username. I
> don't think of it as of a strong restriction, but you should consider that
> and decide for yourself. It works just fine for me.
> Also it looks like getUserByNameCaseInsensitive(String name) is not used
> anywhere, so you can stick with current implementation for now.
> Peter
> Index:
> src/main/java/org/apache/james/user/ldap/ReadOnlyUsersLDAPRepository.java
> ===================================================================
> --- src/main/java/org/apache/james/user/ldap/ReadOnlyUsersLDAPRepository.java
> (revision 1169673)
> +++ src/main/java/org/apache/james/user/ldap/ReadOnlyUsersLDAPRepository.java
> (working copy)
> @@ -351,16 +351,23 @@
> * Propagated by the underlying LDAP communication layer.
> */
> private ReadOnlyLDAPUser buildUser(String userDN) throws NamingException
> {
> - ReadOnlyLDAPUser result;
>
> - Attributes userAttributes =
> ldapConnection.getLdapContext().getAttributes(userDN);
> + SearchControls sc = new SearchControls();
> + sc.setSearchScope(SearchControls.OBJECT_SCOPE);
> + sc.setReturningAttributes(new String[] {userIdAttribute});
> + sc.setCountLimit(1);
> +
> + NamingEnumeration<SearchResult> sr =
> ldapConnection.getLdapContext().search(userDN, "(objectClass=" +
> userObjectClass + ")", sc);
> +
> + if (!sr.hasMore())
> + return null;
> +
> + Attributes userAttributes = sr.next().getAttributes();
> Attribute userName = userAttributes.get(userIdAttribute);
> +
> + return new ReadOnlyLDAPUser(userName.get().toString(), userDN,
> ldapHost);
> + }
>
> - result = new ReadOnlyLDAPUser(userName.get().toString(), userDN,
> ldapHost);
> -
> - return result;
> - }
> -
> /*
> * (non-Javadoc)
> *
> @@ -425,23 +432,14 @@
> */
> public User getUserByName(String name) throws UsersRepositoryException {
> try {
> - Iterator<ReadOnlyLDAPUser> userIt =
> buildUserCollection(getValidUsers()).iterator();
> - while (userIt.hasNext()) {
> - ReadOnlyLDAPUser u = userIt.next();
> - if (u.getUserName().equals(name)) {
> - return u;
> - }
> - }
> -
> + return buildUser(userIdAttribute + "=" + name + "," + userBase);
> } catch (NamingException e) {
> log.error("Unable to retrieve user from ldap", e);
> throw new UsersRepositoryException("Unable to retrieve user from
> ldap", e);
> -
> +
> }
> - return null;
> + }
>
> - }
> -
> /*
> * (non-Javadoc)
> *
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators:
https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
---------------------------------------------------------------------
To unsubscribe, e-mail: server-dev-unsubscr...@james.apache.org
For additional commands, e-mail: server-dev-h...@james.apache.org
