mirror of
https://github.com/nextcloud/server.git
synced 2026-05-28 04:32:30 -04:00
Support LDAP dns longer than 255 characters
Adds an ldap_full_dn column to store the dn, and only store a sha256 hash in the ldap_dn which is shorter and can be indexed without trouble. Migration still needs to be implemented. Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
This commit is contained in:
Côme Chilliet
parent
129de6079e
commit
662e3240b0
2 changed files with 43 additions and 27 deletions
|
|
@ -67,6 +67,7 @@ abstract class AbstractMapping {
|
|||
*/
|
||||
public function isColNameValid($col) {
|
||||
switch ($col) {
|
||||
case 'ldap_full_dn':
|
||||
case 'ldap_dn':
|
||||
case 'owncloud_name':
|
||||
case 'directory_uuid':
|
||||
|
|
@ -134,7 +135,7 @@ abstract class AbstractMapping {
|
|||
*/
|
||||
public function getDNByName($name) {
|
||||
$dn = array_search($name, $this->cache);
|
||||
if ($dn === false && ($dn = $this->getXbyY('ldap_dn', 'owncloud_name', $name)) !== false) {
|
||||
if ($dn === false && ($dn = $this->getXbyY('ldap_full_dn', 'owncloud_name', $name)) !== false) {
|
||||
$this->cache[$dn] = $name;
|
||||
}
|
||||
return $dn;
|
||||
|
|
@ -151,11 +152,11 @@ abstract class AbstractMapping {
|
|||
$oldDn = $this->getDnByUUID($uuid);
|
||||
$statement = $this->dbc->prepare('
|
||||
UPDATE `' . $this->getTableName() . '`
|
||||
SET `ldap_dn` = ?
|
||||
SET `ldap_dn` = ?, `ldap_full_dn` = ?
|
||||
WHERE `directory_uuid` = ?
|
||||
');
|
||||
|
||||
$r = $this->modify($statement, [$fdn, $uuid]);
|
||||
$r = $this->modify($statement, [$this->getDNHash($fdn), $fdn, $uuid]);
|
||||
|
||||
if ($r && is_string($oldDn) && isset($this->cache[$oldDn])) {
|
||||
$this->cache[$fdn] = $this->cache[$oldDn];
|
||||
|
|
@ -183,7 +184,14 @@ abstract class AbstractMapping {
|
|||
|
||||
unset($this->cache[$fdn]);
|
||||
|
||||
return $this->modify($statement, [$uuid, $fdn]);
|
||||
return $this->modify($statement, [$uuid, $this->getDNHash($fdn)]);
|
||||
}
|
||||
|
||||
/**
|
||||
* Get the hash to store in database column ldap_dn for a given dn
|
||||
*/
|
||||
protected function getDNHash(string $fdn): string {
|
||||
return (string)hash('sha256', $fdn, false);
|
||||
}
|
||||
|
||||
/**
|
||||
|
|
@ -194,28 +202,35 @@ abstract class AbstractMapping {
|
|||
*/
|
||||
public function getNameByDN($fdn) {
|
||||
if (!isset($this->cache[$fdn])) {
|
||||
$this->cache[$fdn] = $this->getXbyY('owncloud_name', 'ldap_dn', $fdn);
|
||||
$this->cache[$fdn] = $this->getXbyY('owncloud_name', 'ldap_dn', $this->getDNHash($fdn));
|
||||
}
|
||||
return $this->cache[$fdn];
|
||||
}
|
||||
|
||||
protected function prepareListOfIdsQuery(array $dnList): IQueryBuilder {
|
||||
/**
|
||||
* @param array<string> $hashList
|
||||
*/
|
||||
protected function prepareListOfIdsQuery(array $hashList): IQueryBuilder {
|
||||
$qb = $this->dbc->getQueryBuilder();
|
||||
$qb->select('owncloud_name', 'ldap_dn')
|
||||
$qb->select('owncloud_name', 'ldap_dn', 'ldap_full_dn')
|
||||
->from($this->getTableName(false))
|
||||
->where($qb->expr()->in('ldap_dn', $qb->createNamedParameter($dnList, QueryBuilder::PARAM_STR_ARRAY)));
|
||||
->where($qb->expr()->in('ldap_dn', $qb->createNamedParameter($hashList, QueryBuilder::PARAM_STR_ARRAY)));
|
||||
return $qb;
|
||||
}
|
||||
|
||||
protected function collectResultsFromListOfIdsQuery(IQueryBuilder $qb, array &$results): void {
|
||||
$stmt = $qb->execute();
|
||||
while ($entry = $stmt->fetch(\Doctrine\DBAL\FetchMode::ASSOCIATIVE)) {
|
||||
$results[$entry['ldap_dn']] = $entry['owncloud_name'];
|
||||
$this->cache[$entry['ldap_dn']] = $entry['owncloud_name'];
|
||||
$results[$entry['ldap_full_dn']] = $entry['owncloud_name'];
|
||||
$this->cache[$entry['ldap_full_dn']] = $entry['owncloud_name'];
|
||||
}
|
||||
$stmt->closeCursor();
|
||||
}
|
||||
|
||||
/**
|
||||
* @param array<string> $fdns
|
||||
* @return array<string,string>
|
||||
*/
|
||||
public function getListOfIdsByDn(array $fdns): array {
|
||||
$totalDBParamLimit = 65000;
|
||||
$sliceSize = 1000;
|
||||
|
|
@ -223,6 +238,7 @@ abstract class AbstractMapping {
|
|||
$results = [];
|
||||
|
||||
$slice = 1;
|
||||
$fdns = array_map([$this, 'getDNHash'], $fdns);
|
||||
$fdnsSlice = count($fdns) > $sliceSize ? array_slice($fdns, 0, $sliceSize) : $fdns;
|
||||
$qb = $this->prepareListOfIdsQuery($fdnsSlice);
|
||||
|
||||
|
|
@ -294,7 +310,7 @@ abstract class AbstractMapping {
|
|||
}
|
||||
|
||||
public function getDnByUUID($uuid) {
|
||||
return $this->getXbyY('ldap_dn', 'directory_uuid', $uuid);
|
||||
return $this->getXbyY('ldap_full_dn', 'directory_uuid', $uuid);
|
||||
}
|
||||
|
||||
/**
|
||||
|
|
@ -305,7 +321,7 @@ abstract class AbstractMapping {
|
|||
* @throws \Exception
|
||||
*/
|
||||
public function getUUIDByDN($dn) {
|
||||
return $this->getXbyY('directory_uuid', 'ldap_dn', $dn);
|
||||
return $this->getXbyY('directory_uuid', 'ldap_dn', $this->getDNHash($dn));
|
||||
}
|
||||
|
||||
/**
|
||||
|
|
@ -318,7 +334,7 @@ abstract class AbstractMapping {
|
|||
public function getList($offset = null, $limit = null) {
|
||||
$query = $this->dbc->prepare('
|
||||
SELECT
|
||||
`ldap_dn` AS `dn`,
|
||||
`ldap_full_dn` AS `dn`,
|
||||
`owncloud_name` AS `name`,
|
||||
`directory_uuid` AS `uuid`
|
||||
FROM `' . $this->getTableName() . '`',
|
||||
|
|
@ -339,19 +355,9 @@ abstract class AbstractMapping {
|
|||
* @return bool
|
||||
*/
|
||||
public function map($fdn, $name, $uuid) {
|
||||
if (mb_strlen($fdn) > 255) {
|
||||
\OC::$server->getLogger()->error(
|
||||
'Cannot map, because the DN exceeds 255 characters: {dn}',
|
||||
[
|
||||
'app' => 'user_ldap',
|
||||
'dn' => $fdn,
|
||||
]
|
||||
);
|
||||
return false;
|
||||
}
|
||||
|
||||
$row = [
|
||||
'ldap_dn' => $fdn,
|
||||
'ldap_dn' => $this->getDNHash($fdn),
|
||||
'ldap_full_dn' => $fdn,
|
||||
'owncloud_name' => $name,
|
||||
'directory_uuid' => $uuid
|
||||
];
|
||||
|
|
|
|||
|
|
@ -47,7 +47,12 @@ class Version1010Date20200630192842 extends SimpleMigrationStep {
|
|||
$table = $schema->createTable('ldap_user_mapping');
|
||||
$table->addColumn('ldap_dn', Types::STRING, [
|
||||
'notnull' => true,
|
||||
'length' => 255,
|
||||
'length' => 64,
|
||||
'default' => '',
|
||||
]);
|
||||
$table->addColumn('ldap_full_dn', Types::STRING, [
|
||||
'notnull' => true,
|
||||
'length' => 4096,
|
||||
'default' => '',
|
||||
]);
|
||||
$table->addColumn('owncloud_name', Types::STRING, [
|
||||
|
|
@ -68,7 +73,12 @@ class Version1010Date20200630192842 extends SimpleMigrationStep {
|
|||
$table = $schema->createTable('ldap_group_mapping');
|
||||
$table->addColumn('ldap_dn', Types::STRING, [
|
||||
'notnull' => true,
|
||||
'length' => 255,
|
||||
'length' => 64,
|
||||
'default' => '',
|
||||
]);
|
||||
$table->addColumn('ldap_full_dn', Types::STRING, [
|
||||
'notnull' => true,
|
||||
'length' => 4096,
|
||||
'default' => '',
|
||||
]);
|
||||
$table->addColumn('owncloud_name', Types::STRING, [
|
||||
|
|
|
|||
Loading…
Reference in a new issue