fix(ldap): Set the maximum number of results and the time use to quer…

…y LDAP Also, we ask the LDAP to get back only required attributes and not all attributes linked to the user Closes gravitee-io/issues#654
gravitee-io · Jul 6, 2017 · a386878 · a386878
1 parent 6b93faf
commit a386878
Showing 1 changed file with 22 additions and 8 deletions.
diff --git a/...api-idp-ldap/src/main/java/io/gravitee/management/idp/ldap/lookup/LdapIdentityLookup.java b/...api-idp-ldap/src/main/java/io/gravitee/management/idp/ldap/lookup/LdapIdentityLookup.java
@@ -31,6 +31,8 @@
 import org.springframework.ldap.filter.AndFilter;
 import org.springframework.ldap.filter.EqualsFilter;
 import org.springframework.ldap.filter.WhitespaceWildcardsFilter;
+import org.springframework.ldap.query.LdapQuery;
+import org.springframework.ldap.query.LdapQueryBuilder;
 
 import javax.naming.NamingException;
 import javax.naming.directory.Attribute;
@@ -73,25 +75,37 @@ public Collection<User> search(String query) {
         AndFilter filter = new AndFilter();
         filter.and(new EqualsFilter("objectclass", "person"));
         filter.and(new WhitespaceWildcardsFilter("cn", query));
-        return ldapTemplate.search("", filter.encode(), new UserAttributesMapper());
+
+        LdapQuery ldapQuery = LdapQueryBuilder
+                .query()
+                .countLimit(20)
+                .timeLimit(5000)
+                .attributes(identifierAttribute, "givenname", "sn", "mail")
+                .filter(filter);
+
+
+        return ldapTemplate.search(ldapQuery, new UserAttributesMapper());
     }
 
     @Override
     public User retrieve(String id) {
         AndFilter filter = new AndFilter();
         filter.and(new EqualsFilter("objectclass", "person"));
         filter.and(new EqualsFilter(identifierAttribute, id));
-        List<User> users = ldapTemplate.search("", filter.encode(), new UserAttributesMapper());
+
+        LdapQuery ldapQuery = LdapQueryBuilder
+                .query()
+                .countLimit(1)
+                .timeLimit(5000)
+                .attributes(identifierAttribute, "givenname", "sn", "mail")
+                .filter(filter);
+
+        List<User> users = ldapTemplate.search(ldapQuery, new UserAttributesMapper());
         if (users != null && ! users.isEmpty()) {
             LdapUser user = (LdapUser) users.iterator().next();
             List<String> result = ldapTemplate.search(
                     "", filter.encode(),
-                    new ContextMapper<String>() {
-                        @Override
-                        public String mapFromContext(Object o) throws NamingException {
-                            return ((LdapCtx) o).getNameInNamespace();
-                        }
-                    });
+                    (ContextMapper<String>) o -> ((LdapCtx) o).getNameInNamespace());
             user.setDn(result.iterator().next());
 
             return user;