james-server-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Peter Kvokacka (Commented) (JIRA)" <server-...@james.apache.org>
Subject [jira] [Commented] (JAMES-1313) more effective getUserByName(String name) in org.apache.james.user.ldap.ReadOnlyUsersLDAPRepository
Date Mon, 02 Apr 2012 11:45:24 GMT

    [ https://issues.apache.org/jira/browse/JAMES-1313?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13244140#comment-13244140
] 

Peter Kvokacka commented on JAMES-1313:
---------------------------------------

I'm not an LDAP expert. As I wrote, the previous patch I provided, works fine for me and has
the restriction. As it seems it doesn't work for Kevin, I made quick changes to support his
case as well. I tested it quickly on my james 3.0 beta3 setup and it works. I suggest these
changes to beta4 code base. I don't have time to test it on beta4, because to get beta4 work
can take some time, I suppose, because of many changes between beta3 and beta4. 

The main idea of the patch is to replace search with potencialy huge result-set (all user
in your userBase) with single search for one user. Therefore I created new method searchAndBuildUser()
instead of  buildUser() and I used it in getUserByName(). It makes ldap search like this
ldapContext.search(userBase,"(&(${userIdAttribute}=${name})(objectClass=${userObjectClass}))")
where userBase, userIdAttribure and userObjectClass are attributes from configuration and
name is "mail user name" as Kevin named it. I'm not sure how quick would be the search on
LDAP with many users, certainly longer than my previous suggestion, but still I think more
efficient than original implementation.

I also return previous implementation of buildUser() as it is used in buildUserCollection()
in case of listing all users where the previous implementation is perfectly fine.

Peter 
                
> more effective getUserByName(String name) in org.apache.james.user.ldap.ReadOnlyUsersLDAPRepository

> ----------------------------------------------------------------------------------------------------
>
>                 Key: JAMES-1313
>                 URL: https://issues.apache.org/jira/browse/JAMES-1313
>             Project: JAMES Server
>          Issue Type: Improvement
>          Components: UsersStore & UsersRepository
>    Affects Versions: 3.0-beta3
>            Reporter: Peter Kvokacka
>            Assignee: Norman Maurer
>            Priority: Minor
>              Labels: patch
>             Fix For: 3.0-beta4
>
>         Attachments: ReadOnlyUsersLDAPRepository.java.2.patch, ReadOnlyUsersLDAPRepository.java.for3.0beta4_wholeFile,
ReadOnlyUsersLDAPRepository.java.patch
>
>
> Hello 
> I'd like to use james in my current project, but I find LDAP implementation of usersRepository
to be not very effective.
> Especially method getUserByName(String name) in org.apache.james.user.ldap.ReadOnlyUsersLDAPRepository
seems to search all users in LDAP with userBase and after that it goes through the result
in memory and looking for specific user. Which produce search like this with potencialy big
resultset:
>   SEARCH REQ conn=26 op=6 msgID=7 base="ou=people,dc=mycompany,dc=sk" scope=wholeSubtree
filter="(objectClass=inetOrgPerson)" attrs="distinguishedName"
>   SEARCH RES conn=26 op=6 msgID=7 result=0 nentries=438 etime=169
>   SEARCH REQ conn=26 op=7 msgID=8 base="uid=somebody,ou=people,dc=mycompany,dc=sk" scope=baseObject
filter="(objectClass=*)" attrs="ALL"
>   SEARCH RES conn=26 op=7 msgID=8 result=0 nentries=1 etime=1
>   ... X more, where X is size-1 of userBase subtree
> I suggest a patch that (at least in my case) does simple search instead:
>   <repository name="LocalUsers"
>       class="org.apache.james.user.ldap.ReadOnlyUsersLDAPRepository"
>       ldapHost="ldaps://ldap.mycomapny.local:1636"
>       principal="cn=admin"
>       credentials="***"
>       userBase="ou=people,dc=mycompany,dc=sk"
>       userIdAttribute="uid"
>       userObjectClass="inetOrgPerson"/>
>   SEARCH REQ conn=26 op=1 msgID=2 base="uid=test0123,ou=people,dc=mycompany,dc=sk" scope=baseObject
filter="(objectClass=inetOrgPerson)" attrs="uid"
>   SEARCH RES conn=26 op=1 msgID=2 result=0 nentries=1 etime=1
> There is only one assumption that distinguishedName for each entry in userBase is "userIdAttribute=$name,userBase",
where $name is username. I don't think of it as of a strong restriction, but you should consider
that and decide for yourself. It works just fine for me.
> Also it looks like getUserByNameCaseInsensitive(String name) is not used anywhere, so
you can stick with current implementation for now.
> Peter
> Index: src/main/java/org/apache/james/user/ldap/ReadOnlyUsersLDAPRepository.java
> ===================================================================
> --- src/main/java/org/apache/james/user/ldap/ReadOnlyUsersLDAPRepository.java (revision
1169673)
> +++ src/main/java/org/apache/james/user/ldap/ReadOnlyUsersLDAPRepository.java (working
copy)
> @@ -351,16 +351,23 @@
>       *             Propagated by the underlying LDAP communication layer.
>       */
>      private ReadOnlyLDAPUser buildUser(String userDN) throws NamingException {
> -        ReadOnlyLDAPUser result;
>  
> -        Attributes userAttributes = ldapConnection.getLdapContext().getAttributes(userDN);
> +        SearchControls sc = new SearchControls();
> +        sc.setSearchScope(SearchControls.OBJECT_SCOPE);
> +        sc.setReturningAttributes(new String[] {userIdAttribute});
> +        sc.setCountLimit(1);
> +  
> +        NamingEnumeration<SearchResult> sr = ldapConnection.getLdapContext().search(userDN,
"(objectClass=" + userObjectClass + ")", sc);
> +        
> +        if (!sr.hasMore())
> +            return null;
> +  
> +        Attributes userAttributes = sr.next().getAttributes();
>          Attribute userName = userAttributes.get(userIdAttribute);
> +        
> +        return new ReadOnlyLDAPUser(userName.get().toString(), userDN, ldapHost);
> +  }    
>  
> -        result = new ReadOnlyLDAPUser(userName.get().toString(), userDN, ldapHost);
> -
> -        return result;
> -    }
> -
>      /*
>       * (non-Javadoc)
>       * 
> @@ -425,23 +432,14 @@
>       */
>      public User getUserByName(String name) throws UsersRepositoryException {
>          try {
> -            Iterator<ReadOnlyLDAPUser> userIt = buildUserCollection(getValidUsers()).iterator();
> -            while (userIt.hasNext()) {
> -                ReadOnlyLDAPUser u = userIt.next();
> -                if (u.getUserName().equals(name)) {
> -                    return u;
> -                }
> -            }
> -
> +            return buildUser(userIdAttribute + "=" + name + "," + userBase); 
>          } catch (NamingException e) {
>              log.error("Unable to retrieve user from ldap", e);
>              throw new UsersRepositoryException("Unable to retrieve user from ldap",
e);
> -
> +  
>          }
> -        return null;
> +    }        
>  
> -    }
> -
>      /*
>       * (non-Javadoc)
>       * 

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira

        

---------------------------------------------------------------------
To unsubscribe, e-mail: server-dev-unsubscribe@james.apache.org
For additional commands, e-mail: server-dev-help@james.apache.org


Mime
View raw message