Skip to content

Commit

Permalink
Merge pull request #12006 from uberbrady/ldap_manager_cache
Browse files Browse the repository at this point in the history 
Added cache manager lookups in LDAP for performance boost
  • Loading branch information
@snipe
snipe committed Oct 21, 2022
2 parents edf191b + bc78d34 commit 453f2c3
Showing 1 changed file with 33 additions and 23 deletions.
56 changes: 33 additions & 23 deletions app/Console/Commands/LdapSync.php
View file
Expand Up @@ -175,6 +175,8 @@ public function handle()
$tmp_pass = substr(str_shuffle('0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ'), 0, 20);
$pass = bcrypt($tmp_pass);

$manager_cache = [];

for ($i = 0; $i < $results['count']; $i++) {
$item = [];
$item['username'] = isset($results[$i][$ldap_result_username][0]) ? $results[$i][$ldap_result_username][0] : '';
Expand Down Expand Up @@ -217,34 +219,42 @@ public function handle()
$user->department_id = $department->id;

if($item['manager'] != null) {
// Get the LDAP Manager
try {
$ldap_manager = Ldap::findLdapUsers($item['manager'], -1, $this->option('filter'));
} catch (\Exception $e) {
\Log::warn("Manager lookup caused an exception: ".$e->getMessage().". Falling back to direct username lookup");
// Hail-mary for Okta manager 'shortnames' - will only work if
// Okta configuration is using full email-address-style usernames
$ldap_manager = [
"count" => 1,
0 => [
$ldap_result_username => [$item['manager']]
]
];
}
// Check Cache first
if (isset($manager_cache[$item['manager']])) {
// found in cache; use that and avoid extra lookups
$user->manager_id = $manager_cache[$item['manager']];
} else {
// Get the LDAP Manager
try {
$ldap_manager = Ldap::findLdapUsers($item['manager'], -1, $this->option('filter'));
} catch (\Exception $e) {
\Log::warn("Manager lookup caused an exception: " . $e->getMessage() . ". Falling back to direct username lookup");
// Hail-mary for Okta manager 'shortnames' - will only work if
// Okta configuration is using full email-address-style usernames
$ldap_manager = [
"count" => 1,
0 => [
$ldap_result_username => [$item['manager']]
]
];
}

if ($ldap_manager["count"] > 0) {
if ($ldap_manager["count"] > 0) {

// Get the Manager's username
// PHP LDAP returns every LDAP attribute as an array, and 90% of the time it's an array of just one item. But, hey, it's an array.
$ldapManagerUsername = $ldap_manager[0][$ldap_result_username][0];
// Get the Manager's username
// PHP LDAP returns every LDAP attribute as an array, and 90% of the time it's an array of just one item. But, hey, it's an array.
$ldapManagerUsername = $ldap_manager[0][$ldap_result_username][0];

// Get User from Manager username.
$ldap_manager = User::where('username', $ldapManagerUsername)->first();
// Get User from Manager username.
$ldap_manager = User::where('username', $ldapManagerUsername)->first();

if ( $ldap_manager && isset($ldap_manager->id) ) {
// Link user to manager id.
$user->manager_id = $ldap_manager->id;
if ($ldap_manager && isset($ldap_manager->id)) {
// Link user to manager id.
$user->manager_id = $ldap_manager->id;
}
}
$manager_cache[$item['manager']] = $ldap_manager && isset($ldap_manager->id) ? $ldap_manager->id : null; // Store results in cache, even if 'failed'

}
}

Expand Down

0 comments on commit 453f2c3

Please sign in to comment.