diff --git a/auth/ldap/auth.php b/auth/ldap/auth.php index 3ba6af8..1064485 100644 --- a/auth/ldap/auth.php +++ b/auth/ldap/auth.php @@ -35,6 +35,8 @@ require_once($CFG->libdir.'/authlib.php'); */ class auth_plugin_ldap extends auth_plugin_base { + private $userinfo_cache = array(); + /** * Constructor with initialisation. */ @@ -186,6 +188,11 @@ class auth_plugin_ldap extends auth_plugin_base { * @return mixed array with no magic quotes or false on error */ function get_userinfo($username) { + # use cache to speed things up + if (isset($this->userinfo_cache[$username])) { + return $this->userinfo_cache[$username]; + } + $textlib = textlib_get_instance(); $extusername = $textlib->convert(stripslashes($username), 'utf-8', $this->config->ldapencoding); @@ -246,6 +253,49 @@ class auth_plugin_ldap extends auth_plugin_base { return $result; } + function cache_userinfo ($conn, $entry) { + $attrmap = $this->ldap_attributes(); + $attributes = @ldap_get_attributes($conn, $entry); + $textlib = textlib_get_instance(); + $user_entry = array(); + for ($j=0; $j<$attributes['count']; $j++) { + $values = ldap_get_values_len($conn, $entry,$attributes[$j]); + if (is_array($values)) { + $user_entry[$attributes[$j]] = $values; + } + else { + $user_entry[$attributes[$j]] = array($values); + } + } + + foreach ($attrmap as $key=>$values) { + if (!is_array($values)) { + $values = array($values); + } + $ldapval = NULL; + foreach ($values as $value) { + if ($value == 'dn') { + $result[$key] = $user_dn; + } + if (!array_key_exists($value, $user_entry)) { + continue; // wrong data mapping! + } + if (is_array($user_entry[$value])) { + $newval = $textlib->convert($user_entry[$value][0], $this->config->ldapencoding, 'utf-8'); + } else { + $newval = $textlib->convert($user_entry[$value], $this->config->ldapencoding, 'utf-8'); + } + if (!empty($newval)) { // favour ldap entries that are set + $ldapval = $newval; + } + } + if (!is_null($ldapval)) { + $result[$key] = $ldapval; + } + } + $this->userinfo_cache[$result['username']] = $result; + } + /** * reads userinformation from ldap and return it in an object * @@ -592,6 +642,23 @@ class auth_plugin_ldap extends auth_plugin_base { exit; } + # build array of search attributes + $attrmap = $this->ldap_attributes(); + + $result = array(); + $search_attribs = array(); + + foreach ($attrmap as $key=>$values) { + if (!is_array($values)) { + $values = array($values); + } + foreach ($values as $value) { + if (!in_array($value, $search_attribs)) { + array_push($search_attribs, $value); + } + } + } + print "Connecting to ldap...\n"; $ldapconnection = $this->ldap_connect(); @@ -624,16 +691,17 @@ class auth_plugin_ldap extends auth_plugin_base { //use ldap_search to find first user from subtree $ldap_result = ldap_search($ldapconnection, $context, $filter, - array($this->config->user_attribute)); + $search_attribs); } else { //search only in this context $ldap_result = ldap_list($ldapconnection, $context, $filter, - array($this->config->user_attribute)); + $search_attribs); } if ($entry = ldap_first_entry($ldapconnection, $ldap_result)) { do { + $this->cache_userinfo($ldapconnection, $entry); $value = ldap_get_values_len($ldapconnection, $entry, $this->config->user_attribute); $value = $textlib->convert($value[0], $this->config->ldapencoding, 'utf-8'); // usernames are __always__ lowercase.