Add option to use paged LDAP search when synchronizing users (#3895)

2018-05-05 17:30:47 +03:00 · 2018-05-05 17:30:47 +03:00 · 501fb228e6
commit 501fb228e6
parent 7467ff3d94
7 changed files with 59 additions and 2 deletions
--- a/modules/auth/auth_form.go
+++ b/modules/auth/auth_form.go
@ -25,6 +25,8 @@ type AuthenticationForm struct {
 	AttributeSurname              string
 	AttributeMail                 string
 	AttributesInBind              bool
+	UsePagedSearch                bool
+	SearchPageSize                int
 	Filter                        string
 	AdminFilter                   string
 	IsActive                      bool
--- a/modules/auth/ldap/ldap.go
+++ b/modules/auth/ldap/ldap.go
@ -42,6 +42,7 @@ type Source struct {
 	AttributeSurname  string // Surname attribute
 	AttributeMail     string // E-mail attribute
 	AttributesInBind  bool   // fetch attributes in bind context (not user)
+	SearchPageSize    uint32 // Search with paging page size
 	Filter            string // Query filter to validate entry
 	AdminFilter       string // Query filter to check if user is admin
 	Enabled           bool   // if this source is disabled
@ -269,6 +270,11 @@ func (ls *Source) SearchEntry(name, passwd string, directBind bool) *SearchResul
 	}
 }

+// UsePagedSearch returns if need to use paged search
+func (ls *Source) UsePagedSearch() bool {
+	return ls.SearchPageSize > 0
+}
+
 // SearchEntries : search an LDAP source for all users matching userFilter
 func (ls *Source) SearchEntries() []*SearchResult {
 	l, err := dial(ls)
@ -298,7 +304,12 @@ func (ls *Source) SearchEntries() []*SearchResult {
 		[]string{ls.AttributeUsername, ls.AttributeName, ls.AttributeSurname, ls.AttributeMail},
 		nil)

-	sr, err := l.Search(search)
+	var sr *ldap.SearchResult
+	if ls.UsePagedSearch() {
+		sr, err = l.SearchWithPaging(search, ls.SearchPageSize)
+	} else {
+		sr, err = l.Search(search)
+	}
 	if err != nil {
 		log.Error(4, "LDAP Search failed unexpectedly! (%v)", err)
 		return nil