From 5df7272c89210dea2b888240b7f4ec65407cbbe3 Mon Sep 17 00:00:00 2001 From: fedorareis Date: Wed, 29 Nov 2017 16:55:11 -0800 Subject: [PATCH 1/2] Revert to 0dd3a7d9e --- ldap_groups/groups.py | 24 ++++++++++++------------ 1 file changed, 12 insertions(+), 12 deletions(-) diff --git a/ldap_groups/groups.py b/ldap_groups/groups.py index e766839..7ac5753 100755 --- a/ldap_groups/groups.py +++ b/ldap_groups/groups.py @@ -9,8 +9,8 @@ from collections import deque import logging -from ldap3 import (Server, Connection, SEARCH_SCOPE_BASE_OBJECT, SEARCH_SCOPE_WHOLE_SUBTREE, MODIFY_DELETE, - MODIFY_ADD, ALL_ATTRIBUTES, NO_ATTRIBUTES, SEARCH_SCOPE_SINGLE_LEVEL) +from ldap3 import (Server, Connection, BASE, SUBTREE, MODIFY_DELETE, + MODIFY_ADD, ALL_ATTRIBUTES, NO_ATTRIBUTES, LEVEL) from ldap3.core.exceptions import (LDAPException, LDAPExceptionError, LDAPInvalidServerError, LDAPInvalidCredentialsResult, LDAPOperationsErrorResult, LDAPInvalidDNSyntaxResult, LDAPNoSuchObjectResult, LDAPSizeLimitExceededResult, LDAPEntryAlreadyExistsResult, @@ -136,14 +136,14 @@ def __init__(self, group_dn, server_uri=None, base_dn=None, user_lookup_attr=Non # Initialize search objects self.ATTRIBUTES_SEARCH = { 'base_dn': self.group_dn, - 'scope': SEARCH_SCOPE_BASE_OBJECT, + 'scope': BASE, 'filter_string': "(|(objectClass=group)(objectClass=organizationalUnit))", 'attribute_list': ALL_ATTRIBUTES } self.USER_SEARCH = { 'base_dn': self.user_search_base_dn, - 'scope': SEARCH_SCOPE_WHOLE_SUBTREE, + 'scope': SUBTREE, 'filter_string': ("(&(objectClass=user)({lookup_attribute}" "={{lookup_value}}))").format(lookup_attribute=escape_query(self.user_lookup_attr)), 'attribute_list': NO_ATTRIBUTES @@ -151,7 +151,7 @@ def __init__(self, group_dn, server_uri=None, base_dn=None, user_lookup_attr=Non self.GROUP_SEARCH = { 'base_dn': self.group_search_base_dn, - 'scope': SEARCH_SCOPE_WHOLE_SUBTREE, + 'scope': SUBTREE, 'filter_string': ("(&(objectClass=group)({lookup_attribute}" "={{lookup_value}}))").format(lookup_attribute=escape_query(self.group_lookup_attr)), 'attribute_list': NO_ATTRIBUTES @@ -159,14 +159,14 @@ def __init__(self, group_dn, server_uri=None, base_dn=None, user_lookup_attr=Non self.GROUP_MEMBER_SEARCH = { 'base_dn': self.base_dn, - 'scope': SEARCH_SCOPE_WHOLE_SUBTREE, + 'scope': SUBTREE, 'filter_string': "(&(objectCategory=user)(memberOf={group_dn}))", 'attribute_list': self.attr_list } self.GROUP_CHILDREN_SEARCH = { 'base_dn': self.base_dn, - 'scope': SEARCH_SCOPE_WHOLE_SUBTREE, + 'scope': SUBTREE, 'filter_string': ("(&(|(objectClass=group)(objectClass=organizationalUnit))" "(memberOf={group_dn}))").format(group_dn=escape_query(self.group_dn)), 'attribute_list': NO_ATTRIBUTES @@ -174,14 +174,14 @@ def __init__(self, group_dn, server_uri=None, base_dn=None, user_lookup_attr=Non self.OU_CHILDREN_SEARCH = { 'base_dn': self.group_dn, - 'scope': SEARCH_SCOPE_SINGLE_LEVEL, + 'scope': LEVEL, 'filter_string': "(|(objectClass=group)(objectClass=organizationalUnit))", 'attribute_list': NO_ATTRIBUTES } self.GROUP_SINGLE_CHILD_SEARCH = { 'base_dn': self.base_dn, - 'scope': SEARCH_SCOPE_WHOLE_SUBTREE, + 'scope': SUBTREE, 'filter_string': ("(&(&(|(objectClass=group)(objectClass=organizationalUnit))(name={{child_group_name}}))" "(memberOf={parent_dn}))").format(parent_dn=escape_query(self.group_dn)), 'attribute_list': NO_ATTRIBUTES @@ -189,21 +189,21 @@ def __init__(self, group_dn, server_uri=None, base_dn=None, user_lookup_attr=Non self.OU_SINGLE_CHILD_SEARCH = { 'base_dn': self.group_dn, - 'scope': SEARCH_SCOPE_SINGLE_LEVEL, + 'scope': LEVEL, 'filter_string': "(&(|(objectClass=group)(objectClass=organizationalUnit))(name={child_group_name}))", 'attribute_list': NO_ATTRIBUTES } self.DESCENDANT_SEARCH = { 'base_dn': self.group_dn, - 'scope': SEARCH_SCOPE_WHOLE_SUBTREE, + 'scope': SUBTREE, 'filter_string': "(|(objectClass=group)(objectClass=organizationalUnit))", 'attribute_list': NO_ATTRIBUTES } self.VALID_GROUP_TEST = { 'base_dn': self.group_dn, - 'scope': SEARCH_SCOPE_BASE_OBJECT, + 'scope': BASE, 'filter_string': "(|(objectClass=group)(objectClass=organizationalUnit))", 'attribute_list': NO_ATTRIBUTES } From 1a9a2bc748a4d7e2c5c28a6a34a36c005e0e5fd7 Mon Sep 17 00:00:00 2001 From: Kyle Reis Date: Fri, 20 Apr 2018 20:08:37 -0700 Subject: [PATCH 2/2] Fixed get_descendants (#1) * Changed how get_descendants works * Switched out search function to test performance impact * Switched out search function to test performance impact * Switched out search function to test performance impact * Switched out search function to test performance impact * Search change updates * Search change updates * Search change updates * Search change updates * Search change updates * Search change updates * Search change updates * Temporary performance check * Added paging passthrough for descendants and changing search --- ldap_groups/groups.py | 38 ++++++++++++++++++++------------------ 1 file changed, 20 insertions(+), 18 deletions(-) diff --git a/ldap_groups/groups.py b/ldap_groups/groups.py index 7ac5753..ede9d37 100755 --- a/ldap_groups/groups.py +++ b/ldap_groups/groups.py @@ -594,22 +594,23 @@ def get_descendants(self, page_size=500): """ - entry_list = self.ldap_connection.extend.standard.paged_search( - search_base=self.DESCENDANT_SEARCH['base_dn'], - search_filter=self.DESCENDANT_SEARCH['filter_string'], - search_scope=self.DESCENDANT_SEARCH['scope'], - attributes=self.DESCENDANT_SEARCH['attribute_list'], - paged_size=page_size - ) + descendants = [] + queue = deque() + queue.appendleft(self) + visited = set() - return [ - ADGroup( - group_dn=entry["dn"], server_uri=self.server_uri, base_dn=self.base_dn, - user_lookup_attr=self.user_lookup_attr, group_lookup_attr=self.group_lookup_attr, - attr_list=self.attr_list, bind_dn=self.bind_dn, bind_password=self.bind_password, - user_search_base_dn=self.user_search_base_dn, group_search_base_dn=self.user_search_base_dn - ) for entry in entry_list if entry["type"] == "searchResEntry" - ] + while len(queue): + node = queue.popleft() + + if node not in visited: + children = node.get_children(page_size=page_size) + for child in children: + if child not in descendants: + descendants.append(child) + queue.appendleft(child) + visited.add(node) + + return descendants def get_children(self, page_size=500): """ Returns a list of this group's children. @@ -638,24 +639,25 @@ def get_children(self, page_size=500): return [] try: - entry_list = self.ldap_connection.extend.standard.paged_search( + self.ldap_connection.search( search_base=connection_dict['base_dn'], search_filter=connection_dict['filter_string'], search_scope=connection_dict['scope'], attributes=connection_dict['attribute_list'], paged_size=page_size ) + entry_list = self.ldap_connection.entries except LDAPInvalidFilterError: logger.debug("Invalid Filter!: {filter}".format(filter=connection_dict['filter_string'])) return [] else: - results = [result["dn"] for result in entry_list if result["type"] == "searchResEntry"] + results = entry_list for result in results: children.append( ADGroup( - group_dn=result, server_uri=self.server_uri, base_dn=self.base_dn, + group_dn=result.entry_dn, server_uri=self.server_uri, base_dn=self.base_dn, user_lookup_attr=self.user_lookup_attr, group_lookup_attr=self.group_lookup_attr, attr_list=self.attr_list, bind_dn=self.bind_dn, bind_password=self.bind_password, user_search_base_dn=self.user_search_base_dn,