Module: check_mk
Branch: master
Commit: d9d7f6589515bc2d2a1a4228c5821384311a22a4
URL: http://git.mathias-kettner.de/git/?p=check_mk.git;a=commit;h=d9d7f6589515bc…
Author: Lars Michelsen <lm(a)mathias-kettner.de>
Date: Wed Jan 16 10:11:35 2013 +0100
LDAP: Reduced number of ldap querys during a single page request / sync process
---
ChangeLog | 2 +
web/plugins/userdb/ldap.py | 45 +++++++++++++++++++++++++++++++++++++------
2 files changed, 40 insertions(+), 7 deletions(-)
diff --git a/ChangeLog b/ChangeLog
index 106a27c..f6215ef 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -22,9 +22,11 @@
* Add: New user_options to limit seen nagios objects even the role is set to see all
* FIX: LDAP: Fixed problem with special chars in LDAP queries when having
contactgroup sync plugin enabled
+ * FIX: LDAP: OpenLDAP - Changed default filter for users
* LDAP: Role sync plugin validates the given group DNs with the group base dn now
* LDAP: Using roles defined in default user profile in role sync plugin processing
* LDAP: Improved error handling in case of misconfigurations
+ * LDAP: Reduced number of ldap querys during a single page request / sync process
1.2.1i4:
Core:
diff --git a/web/plugins/userdb/ldap.py b/web/plugins/userdb/ldap.py
index 679dd52..d560bd1 100644
--- a/web/plugins/userdb/ldap.py
+++ b/web/plugins/userdb/ldap.py
@@ -49,6 +49,9 @@ except:
pass
from lib import *
+g_ladp_user_cache = {}
+g_ldap_group_cache = {}
+
# File for storing the time of the last success event
g_ldap_sync_time_file = defaults.var_dir + '/web/ldap_sync_time.mk'
@@ -75,7 +78,8 @@ ldap_filter_map = {
'groups': '(objectclass=group)',
},
'openldap': {
- 'users': '(objectcategory=user)',
+ #'users': '(objectcategory=user)',
+ 'users': '(objectclass=person)',
'groups': '(objectclass=groupOfUniqueNames)',
},
}
@@ -91,6 +95,9 @@ ldap_filter_map = {
# | General LDAP handling code |
# '----------------------------------------------------------------------'
+def ldap_log(s):
+ file('/tmp/ldap.log', 'a').write('%s\n' % s)
+
class MKLDAPException(MKGeneralException):
pass
@@ -169,6 +176,7 @@ def ldap_default_bind():
'connection settings</a>.'))
def ldap_bind(username, password, catch = True):
+ ldap_log('LDAP_BIND %s' % username)
try:
ldap_connection.simple_bind_s(username, password)
except ldap.LDAPError, e:
@@ -190,6 +198,8 @@ def ldap_search(base, filt = '(objectclass=*)', columns = [], scope = None):
elif config_scope == 'one':
scope = ldap.SCOPE_ONELEVEL
+ ldap_log('LDAP_SEARCH "%s" "%s" "%s" "%r"' % (base, scope, filt, columns))
+
# Convert all keys to lower case!
result = []
try:
@@ -248,6 +258,9 @@ def ldap_user_id_attr():
return config.ldap_userspec.get('user_id', ldap_attr('user_id'))
def ldap_get_user(username, no_escape = False):
+ if username in g_ldap_user_cache:
+ return g_ldap_user_cache[username]
+
# Check wether or not the user exists in the directory
# It's only ok when exactly one entry is found.
# Returns the DN and user_id as tuple in this case.
@@ -260,6 +273,9 @@ def ldap_get_user(username, no_escape = False):
if result:
dn = result[0][0]
user_id = result[0][1][ldap_user_id_attr()][0]
+
+ g_ldap_user_cache[username] = (dn, user_id)
+
if no_escape:
return (dn, user_id)
else:
@@ -290,20 +306,29 @@ def ldap_user_groups(username, attr = 'cn'):
# so the username read from ldap might differ. Fix it here.
user_dn, username = ldap_get_user(username)
+ if username in g_ldap_group_cache:
+ if attr == 'cn':
+ return g_ldap_group_cache[username][0]
+ else:
+ return g_ldap_group_cache[username][1]
+
# Apply configured group ldap filter and only reply with groups
# having the current user as member
filt = '(&%s(member=%s))' % (ldap_filter('groups'), ldap.filter.escape_filter_chars(user_dn))
# First get all groups
- groups = []
+ groups_cn = []
+ groups_dn = []
for dn, group in ldap_search(ldap_replace_macros(config.ldap_groupspec['dn']),
filt, ['cn']):
- if attr == 'cn':
- groups.append(group['cn'][0])
+ groups_cn.append(group['cn'][0])
+ groups_dn.append(dn)
- elif attr == 'dn':
- groups.append(dn)
+ g_ldap_group_cache.setdefault(username, (groups_cn, groups_dn))
- return groups
+ if attr == 'cn':
+ return groups_cn
+ else:
+ return groups_dn
# .----------------------------------------------------------------------.
# | _ _ _ _ _ _ |
@@ -568,6 +593,12 @@ def ldap_sync(add_to_changelog, only_username):
# requests to e.g. the page hook would cause duplicate calculations
file(g_ldap_sync_time_file, 'w').write('%s\n' % time.time())
+ # Flush ldap related before each sync to have a caching only for the
+ # current sync process
+ global g_ldap_user_cache, g_ldap_group_cache
+ g_ldap_user_cache = {}
+ g_ldap_group_cache = {}
+
ldap_connect()
# Unused at the moment, always sync all users
Module: check_mk
Branch: master
Commit: 3053a297aece14e4515c57194c4a49d3446b177e
URL: http://git.mathias-kettner.de/git/?p=check_mk.git;a=commit;h=3053a297aece14…
Author: Lars Michelsen <lm(a)mathias-kettner.de>
Date: Tue Jan 15 15:13:57 2013 +0100
Added missing entry
---
ChangeLog | 1 +
1 files changed, 1 insertions(+), 0 deletions(-)
diff --git a/ChangeLog b/ChangeLog
index c9d9eb8..106a27c 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -23,6 +23,7 @@
* FIX: LDAP: Fixed problem with special chars in LDAP queries when having
contactgroup sync plugin enabled
* LDAP: Role sync plugin validates the given group DNs with the group base dn now
+ * LDAP: Using roles defined in default user profile in role sync plugin processing
* LDAP: Improved error handling in case of misconfigurations
1.2.1i4:
Module: check_mk
Branch: master
Commit: 1137097a6a7a7270d324975ee3abf7b9655a4c82
URL: http://git.mathias-kettner.de/git/?p=check_mk.git;a=commit;h=1137097a6a7a72…
Author: Lars Michelsen <lm(a)mathias-kettner.de>
Date: Mon Jan 14 16:48:56 2013 +0100
LDAP: Using roles defined in default user profile in role sync plugin processing
---
web/plugins/userdb/ldap.py | 8 +++++---
1 files changed, 5 insertions(+), 3 deletions(-)
diff --git a/web/plugins/userdb/ldap.py b/web/plugins/userdb/ldap.py
index 0742ee2..180b7bd 100644
--- a/web/plugins/userdb/ldap.py
+++ b/web/plugins/userdb/ldap.py
@@ -497,10 +497,12 @@ def ldap_convert_groups_to_roles(params, user_id, ldap_user, user):
# 1. Fetch DNs of all LDAP groups of the user
ldap_groups = [ g.lower() for g in ldap_user_groups(user_id, 'dn') ]
- # 2. Loop all roles mentioned in params (configured to be synchronized)
- roles = []
+ # 2. Load default roles from default user profile
+ roles = config.default_user_profile['roles'][:]
+
+ # 3. Loop all roles mentioned in params (configured to be synchronized)
for role_id, dn in params.items():
- if dn.lower() in ldap_groups:
+ if dn.lower() in ldap_groups and role_id not in roles:
roles.append(role_id)
return {'roles': roles}
Module: check_mk
Branch: master
Commit: 23dfa737d93a90898c54cc10ed57b7423123ccab
URL: http://git.mathias-kettner.de/git/?p=check_mk.git;a=commit;h=23dfa737d93a90…
Author: Lars Michelsen <lm(a)mathias-kettner.de>
Date: Wed Jan 16 08:41:54 2013 +0100
Fixed typos in ldap contactgroup membership plugin texts
---
web/plugins/userdb/ldap.py | 6 +++---
1 files changed, 3 insertions(+), 3 deletions(-)
diff --git a/web/plugins/userdb/ldap.py b/web/plugins/userdb/ldap.py
index 180b7bd..679dd52 100644
--- a/web/plugins/userdb/ldap.py
+++ b/web/plugins/userdb/ldap.py
@@ -483,10 +483,10 @@ def ldap_convert_groups_to_contactgroups(params, user_id, ldap_user, user):
return {'contactgroups': [ g for g in ldap_groups if g in cg_names]}
ldap_attribute_plugins['groups_to_contactgroups'] = {
- 'title': _('Contactgroup Memberhip'),
- 'help': _('Adds the user to contactgroups based on the group memberhips in LDAP. This '
+ 'title': _('Contactgroup Membership'),
+ 'help': _('Adds the user to contactgroups based on the group memberships in LDAP. This '
'plugin adds the user only to existing contactgroups while the name of the '
- 'contactgroup must match the common name of the LDAP group.'),
+ 'contactgroup must match the common name (cn) of the LDAP group.'),
'convert': ldap_convert_groups_to_contactgroups,
'lock_attributes': ['contactgroups'],
'no_param_txt': _('Add user to all contactgroups where the common name matches the group name.'),
Module: check_mk
Branch: master
Commit: 75b4752536d41dfd88f0b0928d349b639910b46f
URL: http://git.mathias-kettner.de/git/?p=check_mk.git;a=commit;h=75b4752536d41d…
Author: Mathias Kettner <mk(a)mathias-kettner.de>
Date: Tue Jan 15 12:11:45 2013 +0100
Fix exception with update_context_links()
Seemed to appear only in dashlets
---
web/htdocs/views.py | 4 ++--
1 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/web/htdocs/views.py b/web/htdocs/views.py
index 88f6bcc..9c4ed79 100644
--- a/web/htdocs/views.py
+++ b/web/htdocs/views.py
@@ -1741,8 +1741,8 @@ def show_context_links(thisview, active_filters, show_filters, display_options,
html.end_context_buttons()
def update_context_links(enable_command_toggle, enable_checkbox_toggle):
- html.javascript("update_togglebutton('commands', %d);" % enable_command_toggle)
- html.javascript("update_togglebutton('checkbox', %d);" % (enable_command_toggle and enable_checkbox_toggle, ))
+ html.javascript("update_togglebutton('commands', %d);" % (enable_command_toggle and 1 or 0))
+ html.javascript("update_togglebutton('checkbox', %d);" % (enable_command_toggle and enable_checkbox_toggle and 1 or 0, ))
# Collect all views that share a context with thisview. For example
# if a view has an active filter variable specifying a host, then