Merge pull request #3349 from Blejwi/ldap_query_fix

Login fix
allegro · Dec 6, 2018 · 65bd522 · 65bd522
2 parents 5b0c57a + a9f7776
commit 65bd522
Show file tree

Hide file tree

Showing 2 changed files with 50 additions and 5 deletions.
diff --git a/docs/installation/configuration.md b/docs/installation/configuration.md
@@ -90,12 +90,13 @@ AUTH_LDAP_GROUP_SEARCH = LDAPSearch("DC=organization,DC=internal",
 ```
 
 If you nest one LDAP group in another and want to use such (parent) group
-in Ralph, you have to define this mapping in ``AUTH_LDAP_NESTED_GROUPS``:
+in Ralph, you have to define this mapping in ``AUTH_LDAP_NESTED_GROUPS`` and set ``AUTH_LDAP_QUERY_PAGE_SIZE`` setting:
 
 ```python3
 AUTH_LDAP_NESTED_GROUPS = {
   'CN=_gr_ralph_users,OU=Other,DC=mygroups,DC=domain': "staff",  # _gr_ralph_users contains other LDAP groups inside
 }
+AUTH_LDAP_QUERY_PAGE_SIZE = 500  # Note that LDAP default page size limit is 1000
 ```
 
 Note: For OpenDJ implementation ``AUTH_LDAP_GROUP_MAPPING`` is not obligatory. ``AUTH_LDAP_GROUP_TYPE`` and ``AUTH_LDAP_GROUP_SEARCH`` should be set as follows:

diff --git a/src/ralph/accounts/management/commands/ldap_sync.py b/src/ralph/accounts/management/commands/ldap_sync.py
@@ -75,12 +75,13 @@ def get_nested_groups():
         for ldap_group_name, ralph_group_name in nested_groups.items():
             ldap_filter = nested_filter.format(ldap_group_name)
             logger.info('Fetching {}'.format(ralph_group_name))
-            users = conn.search_s(
-                settings.AUTH_LDAP_USER_SEARCH_BASE,
-                ldap.SCOPE_SUBTREE,
+            users = _make_paged_query(
+                conn, settings.AUTH_LDAP_USER_SEARCH_BASE, ldap.SCOPE_SUBTREE,
                 '(&(objectClass={}){})'.format(
                     settings.LDAP_SERVER_OBJECT_USER_CLASS, ldap_filter
-                )
+                ),
+                [settings.AUTH_LDAP_USER_USERNAME_ATTR],
+                settings.AUTH_LDAP_QUERY_PAGE_SIZE
             )
             logger.info('{} fetched'.format(ralph_group_name))
             group_users[ralph_group_name] = set([
@@ -96,6 +97,49 @@ def get_nested_groups():
     return group_users, users_groups
 
 
+def _make_paged_query(
+    conn, search_base, search_scope, ad_query, attr_list, page_size
+):
+    """
+    Makes paged query to LDAP.
+    Default max page size for LDAP is 1000.
+    """
+    result = []
+    page_result_control = SimplePagedResultsControl(
+        size=page_size,
+        cookie=''
+    )
+
+    msgid = conn.search_ext(
+        search_base,
+        search_scope,
+        ad_query,
+        attr_list,
+        serverctrls=[page_result_control],
+    )
+
+    while True:
+        r_type, r_data, r_msgid, serverctrls = conn.result3(msgid)
+        result.extend(r_data)
+
+        if serverctrls:
+            if serverctrls[0].cookie:
+                page_result_control.size = page_size
+                page_result_control.cookie = serverctrls[0].cookie
+
+                msgid = conn.search_ext(
+                    search_base,
+                    search_scope,
+                    ad_query,
+                    attr_list,
+                    serverctrls=[page_result_control],
+                )
+            else:
+                break
+
+    return result
+
+
 class NestedGroups(object):
     """
     Class fetch nested groups and mapping them to standard Django's