View Issue Details

IDProjectCategoryView StatusLast Update
0001028SOGoWeb Mailpublic2011-01-24 13:03
Reporterpaubry Assigned Tofrancis  
PrioritynormalSeverityfeatureReproducibilityalways
Status resolvedResolutionfixed 
Product Version1.3.4 
Fixed in Version1.3.5 
Summary0001028: make LDAP requests more configurable
Description

Searching in a LDAP directory makes our SOGo webmail hangs for tens of seconds because of requests like:
&(|(cn=aubry)(sn=aubry)(displayName=aubry)(mail=aubry)(telephoneNumber=aubry))(ur1TypeEntree=pers))
The reason of this is that some of these LDAP attributes are not indexed, and we could do it to get acceptable response times. Anyway:

  • we do not want to use such complex requests, &(|(cn=aubry)(mail=aubry))(ur1TypeEntree=pers)) would be sufficient in our case;
  • the search fields may differ for distinct LDAP directories;
    The issue is that the fields used above are hard-coded in LDAPSource._qualifierForFilter().
    The patch attached adds a new parameter (SearchFieldNames) to customize the LDAP requests.
    Best,
    PA
Additional Information

if set, parameter SearchFieldNames is an array containing the LDAP attributes used to search the LDAP directory. If not set, a default attribute list is used.
Example: searching a LDAP directory configured with
SearchFieldNames = ( "mail", "cn" )
will result in LDAP requests like
|(cn=token)(mail=token))

TagsNo tags attached.

Activities

2010-12-02 11:26

 

patch-1.3.4-SearchFieldNames.txt (4,778 bytes)   
diff -Nbaur --exclude=config.make --exclude=configure --exclude='SOGoCASSession.*' --exclude='SOGoSystemDefaults.*' --exclude='*.css' SOGo-1.3.4-dist/SoObjects/SOGo/LDAPSource.h SOGo-1.3.4/SoObjects/SOGo/LDAPSource.h
--- SOGo-1.3.4-dist/SoObjects/SOGo/LDAPSource.h	2010-11-17 17:30:03.000000000 +0100
+++ SOGo-1.3.4/SoObjects/SOGo/LDAPSource.h	2010-12-02 13:35:05.000000000 +0100
@@ -52,6 +52,7 @@
   NSString *CNField;
   NSString *UIDField;
   NSArray *mailFields;
+  NSArray *searchFields;
   NSString *IMAPHostField;
   NSArray *bindFields;
 
@@ -76,6 +77,7 @@
 	   CNField: (NSString *) newCNField
 	  UIDField: (NSString *) newUIDField
 	mailFields: (NSArray *) newMailFields
+      searchFields: (NSArray *) newSearchFields
      IMAPHostField: (NSString *) newIMAPHostField
      andBindFields: (id) newBindFields;
 
diff -Nbaur --exclude=config.make --exclude=configure --exclude='SOGoCASSession.*' --exclude='SOGoSystemDefaults.*' --exclude='*.css' SOGo-1.3.4-dist/SoObjects/SOGo/LDAPSource.m SOGo-1.3.4/SoObjects/SOGo/LDAPSource.m
--- SOGo-1.3.4-dist/SoObjects/SOGo/LDAPSource.m	2010-11-17 17:30:03.000000000 +0100
+++ SOGo-1.3.4/SoObjects/SOGo/LDAPSource.m	2010-12-02 17:01:09.000000000 +0100
@@ -155,6 +155,9 @@
       UIDField = @"uid";
       mailFields = [NSArray arrayWithObject: @"mail"];
       [mailFields retain];
+      searchFields = [NSArray arrayWithObjects: 
+		      @"mail", CNField, UIDField, @"sn", @"displayname", @"telephonenumber", nil];
+      [searchFields retain];
       IMAPHostField = nil;
       bindFields = nil;
       _scope = @"sub";
@@ -178,6 +181,7 @@
   [CNField release];
   [UIDField release];
   [mailFields release];
+  [searchFields release];
   [IMAPHostField release];
   [bindFields release];
   [_filter release];
@@ -209,6 +213,7 @@
               CNField: [udSource objectForKey: @"CNFieldName"]
              UIDField: [udSource objectForKey: @"UIDFieldName"]
            mailFields: [udSource objectForKey: @"MailFieldNames"]
+         searchFields: [udSource objectForKey: @"SearchFieldNames"]
 	IMAPHostField: [udSource objectForKey: @"IMAPHostFieldName"]
 	andBindFields: [udSource objectForKey: @"bindFields"]];
 
@@ -273,6 +278,7 @@
 	   CNField: (NSString *) newCNField
 	  UIDField: (NSString *) newUIDField
 	mailFields: (NSArray *) newMailFields
+      searchFields: (NSArray *) newSearchFields
      IMAPHostField: (NSString *) newIMAPHostField
      andBindFields: (id) newBindFields
 {
@@ -287,6 +293,8 @@
     ASSIGN (IMAPHostField, newIMAPHostField);
   if (newMailFields)
     ASSIGN (mailFields, newMailFields);
+  if (newSearchFields)
+    ASSIGN (searchFields, newSearchFields);
   if (newBindFields)
     {
       // Before SOGo v1.2.0, bindFields was a comma-separated list
@@ -545,25 +553,17 @@
 /* contact management */
 - (EOQualifier *) _qualifierForFilter: (NSString *) filter
 {
-  NSString *mailFormat, *fieldFormat, *escapedFilter;
+  NSString *searchFormat, *fieldFormat, *escapedFilter;
   EOQualifier *qualifier;
   NSMutableString *qs;
 
   escapedFilter = SafeLDAPCriteria(filter);
   if ([escapedFilter length] > 0)
     {
-      fieldFormat = [NSString stringWithFormat: @"(%%@='%@*')", escapedFilter];
-      mailFormat = [[mailFields stringsWithFormat: fieldFormat]
+      fieldFormat = [NSString stringWithFormat: @"(%%@='*%@*')", escapedFilter];
+      searchFormat = [[searchFields stringsWithFormat: fieldFormat]
                      componentsJoinedByString: @" OR "];
-
-      qs = [NSMutableString string];
-      if ([escapedFilter isEqualToString: @"."])
-        [qs appendFormat: @"(%@='*')", CNField];
-      else
-        [qs appendFormat: @"(%@='%@*') OR (sn='%@*') OR (displayName='%@*')"
-	    @"OR %@ OR (telephoneNumber='*%@*')",
-	    CNField, escapedFilter, escapedFilter, escapedFilter, mailFormat,
-            escapedFilter];
+      qs = [NSMutableString stringWithString: searchFormat];
 
       if (_filter && [_filter length])
 	[qs appendFormat: @" AND %@", _filter];
diff -Nbaur --exclude=config.make --exclude=configure --exclude='SOGoCASSession.*' --exclude='SOGoSystemDefaults.*' --exclude='*.css' SOGo-1.3.4-dist/SoObjects/SOGo/SOGoUserManager.m SOGo-1.3.4/SoObjects/SOGo/SOGoUserManager.m
--- SOGo-1.3.4-dist/SoObjects/SOGo/SOGoUserManager.m	2010-11-17 17:30:03.000000000 +0100
+++ SOGo-1.3.4/SoObjects/SOGo/SOGoUserManager.m	2010-12-02 14:53:03.000000000 +0100
@@ -132,6 +132,9 @@
       value = [udSource objectForKey: @"MailFieldNames"];
       if (value)
         [metadata setObject: value forKey: @"MailFieldNames"];
+      value = [udSource objectForKey: @"SearchFieldNames"];
+      if (value)
+        [metadata setObject: value forKey: @"SearchFieldNames"];
       [_sourcesMetadata setObject: metadata forKey: sourceID];
     }
   else
janfrode

janfrode

2010-12-20 02:29

reporter   ~0001961

I would appreciate if it was also configurable if it should do wildcard searches (mail=token) or plain lookups (mail=token). This because we don't want our own users to be able to harvest lists of valid email addresses.

francis

francis

2011-01-24 13:03

administrator   ~0002043

Added in revision 66faeac6511d176fd1b35b6a0a5b8cbb20b0b2d1.

Issue History

Date Modified Username Field Change
2010-12-02 11:26 paubry New Issue
2010-12-02 11:26 paubry File Added: patch-1.3.4-SearchFieldNames.txt
2010-12-20 02:29 janfrode Note Added: 0001961
2011-01-24 13:03 francis Note Added: 0002043
2011-01-24 13:03 francis Status new => resolved
2011-01-24 13:03 francis Fixed in Version => 1.3.5
2011-01-24 13:03 francis Resolution open => fixed
2011-01-24 13:03 francis Assigned To => francis