patches sent

nextcloud · Feb 19, 2022 · aca5c5e · aca5c5e
1 parent aa38e77
commit aca5c5e
Show file tree

Hide file tree

Showing 56 changed files with 544 additions and 11,102 deletions.
diff --git a/apps/user_ldap/appinfo/signature.json b/apps/user_ldap/appinfo/signature.json
diff --git a/apps/user_ldap/l10n/.gitkeep b/apps/user_ldap/l10n/.gitkeep
diff --git a/apps/user_ldap/lib/Access.php b/apps/user_ldap/lib/Access.php
@@ -527,6 +527,11 @@ public function dn2username($fdn, $ldapName = null) {
 	 * @throws \Exception
 	 */
 	public function dn2ocname($fdn, $ldapName = null, $isUser = true, &$newlyMapped = null, array $record = null) {
+		static $intermediates = [];
+		if (isset($intermediates[($isUser ? 'user-' : 'group-') . $fdn])) {
+			return false; // is a known intermediate
+		}
+
 		$newlyMapped = false;
 		if ($isUser) {
 			$mapper = $this->getUserMapper();
@@ -562,6 +567,7 @@ public function dn2ocname($fdn, $ldapName = null, $isUser = true, &$newlyMapped
 			$ldapName = $this->readAttribute($fdn, $nameAttribute, $filter);
 			if (!isset($ldapName[0]) || empty($ldapName[0])) {
 				$this->logger->debug('No or empty name for ' . $fdn . ' with filter ' . $filter . '.', ['app' => 'user_ldap']);
+				$intermediates[($isUser ? 'user-' : 'group-') . $fdn] = true;
 				return false;
 			}
 			$ldapName = $ldapName[0];

diff --git a/apps/user_ldap/lib/Configuration.php b/apps/user_ldap/lib/Configuration.php
@@ -63,6 +63,8 @@ class Configuration {
 		'ldapPort' => null,
 		'ldapBackupHost' => null,
 		'ldapBackupPort' => null,
+		'ldapBackgroundHost' => null,
+		'ldapBackgroundPort' => null,
 		'ldapBase' => null,
 		'ldapBaseUsers' => null,
 		'ldapBaseGroups' => null,
@@ -437,6 +439,8 @@ public function getDefaults() {
 			'ldap_port'                         => '',
 			'ldap_backup_host'                  => '',
 			'ldap_backup_port'                  => '',
+			'ldap_background_host'              => '',
+			'ldap_background_port'              => '',
 			'ldap_override_main_server'         => '',
 			'ldap_dn'                           => '',
 			'ldap_agent_password'               => '',
@@ -501,6 +505,8 @@ public function getConfigTranslationArray() {
 			'ldap_port'                         => 'ldapPort',
 			'ldap_backup_host'                  => 'ldapBackupHost',
 			'ldap_backup_port'                  => 'ldapBackupPort',
+			'ldap_background_host'              => 'ldapBackgroundHost',
+			'ldap_background_port'              => 'ldapBackgroundPort',
 			'ldap_override_main_server'         => 'ldapOverrideMainServer',
 			'ldap_dn'                           => 'ldapAgentName',
 			'ldap_agent_password'               => 'ldapAgentPassword',

diff --git a/apps/user_ldap/lib/Connection.php b/apps/user_ldap/lib/Connection.php
@@ -267,7 +267,7 @@ public function getFromCache($key) {
 	 *
 	 * @return string
 	 */
-	public function writeToCache($key, $value) {
+	public function writeToCache($key, $value, int $ttlOverride = null) {
 		if (!$this->configured) {
 			$this->readConfiguration();
 		}
@@ -278,7 +278,8 @@ public function writeToCache($key, $value) {
 		}
 		$key   = $this->getCacheKey($key);
 		$value = base64_encode(json_encode($value));
-		$this->cache->set($key, $value, $this->configuration->ldapCacheTTL);
+		$ttl = $ttlOverride ?? $this->configuration->ldapCacheTTL;
+		$this->cache->set($key, $value, $ttl);
 	}
 
 	public function clearCache() {
@@ -570,18 +571,32 @@ private function establishConnection() {
 
 			$isOverrideMainServer = ($this->configuration->ldapOverrideMainServer
 				|| $this->getFromCache('overrideMainServer'));
-			$isBackupHost = (trim($this->configuration->ldapBackupHost) !== "");
+			$isBackupHost = (trim($this->configuration->ldapBackupHost) !== "")
+				&& (!\OC::$CLI || !$this->configuration->ldapBackgroundHost);
 			$bindStatus = false;
+			$mainServerConnectionFailure = false;
 			try {
 				if (!$isOverrideMainServer) {
-					$this->doConnect($this->configuration->ldapHost,
-						$this->configuration->ldapPort);
+					$host = $this->configuration->ldapHost;
+					$port = $this->configuration->ldapPort;
+					if (\OC::$CLI && $this->configuration->ldapBackgroundHost) {
+						$host = $this->configuration->ldapBackgroundHost;
+						$port = $this->configuration->ldapBackgroundPort;
+					}
+					$this->doConnect($host, $port);
 					return $this->bind();
 				}
 			} catch (ServerNotAvailableException $e) {
 				if (!$isBackupHost) {
 					throw $e;
 				}
+				$mainServerConnectionFailure = true;
+				$this->logger->info(
+					'Main LDAP not reachable, connecting to backup',
+					[
+						'app' => 'user_ldap'
+					]
+				);
 			}
 
 			//if LDAP server is not reachable, try the Backup (Replica!) Server
@@ -592,10 +607,10 @@ private function establishConnection() {
 				$bindStatus = $this->bind();
 				$error = $this->ldap->isResource($this->ldapConnectionRes) ?
 					$this->ldap->errno($this->ldapConnectionRes) : -1;
-				if ($bindStatus && $error === 0 && !$this->getFromCache('overrideMainServer')) {
+				if ($bindStatus && $error === 0 && $mainServerConnectionFailure && !$this->getFromCache('overrideMainServer')) {
 					//when bind to backup server succeeded and failed to main server,
-					//skip contacting him until next cache refresh
-					$this->writeToCache('overrideMainServer', true);
+					//skip contacting it for 15min
+					$this->writeToCache('overrideMainServer', true, 60 * 15);
 				}
 			}
 
@@ -625,6 +640,10 @@ private function doConnect($host, $port) {
 			throw new ServerNotAvailableException('Could not disable LDAP referrals.');
 		}
 
+		if (!$this->ldap->setOption($this->ldapConnectionRes, LDAP_OPT_NETWORK_TIMEOUT, 8)) {
+			throw new ServerNotAvailableException('Could not set network timeout');
+		}
+
 		if ($this->configuration->ldapTLS) {
 			if (!$this->ldap->startTls($this->ldapConnectionRes)) {
 				throw new ServerNotAvailableException('Start TLS failed, when connecting to LDAP host ' . $host . '.');