diff --git a/lam/config/lam.conf_sample b/lam/config/lam.conf_sample index 4ee8ac29..72667812 100644 --- a/lam/config/lam.conf_sample +++ b/lam/config/lam.conf_sample @@ -34,6 +34,9 @@ scriptRights: 750 # Number of minutes LAM caches LDAP searches. cachetimeout: 5 +# LDAP search limit. +searchLimit: 0 + # Module settings modules: posixAccount_minUID: 10000 diff --git a/lam/help/help.inc b/lam/help/help.inc index e49b69e9..69d8af2e 100644 --- a/lam/help/help.inc +++ b/lam/help/help.inc @@ -4,7 +4,7 @@ $Id$ This code is part of LDAP Account Manager (http://www.ldap-account-manager.org/) Copyright (C) 2003 - 2006 Michael Duergner - 2003 - 2009 Roland Gruber + 2003 - 2010 Roland Gruber This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -116,6 +116,8 @@ $helpArray = array ( "Text" => _("The number of users who may login to LAM is restricted. This can be either a fixed list of DNs or LAM can search LDAP to find a DN which matches the given user name.")), "221" => array ("Headline" => _("LDAP search"), "Text" => _("Please enter the LDAP suffix where LAM should start to search for users. The LDAP filter needs to match the given user name to exactly one DN. The value \"%USER%\" will be replaced by the user name from the login page.")), + "222" => array ("Headline" => _("LDAP search limit"), + "Text" => _("Here you can set a limit for LDAP searches. This will restrict the number of results for LDAP searches. Please use this if LAM's LDAP queries produce too much load.")), "230" => array ("Headline" => _("Profile management") . " - " . _("Add profile"), "Text" => _("Please enter the name of the new profile and the password to change its settings. Profile names may contain letters, numbers and -/_.")), "231" => array ("Headline" => _("Profile management") . " - " . _("Rename profile"), diff --git a/lam/lib/config.inc b/lam/lib/config.inc index f8a0646e..b969350c 100644 --- a/lam/lib/config.inc +++ b/lam/lib/config.inc @@ -3,7 +3,7 @@ $Id$ This code is part of LDAP Account Manager (http://www.ldap-account-manager.org/) - Copyright (C) 2003 - 2009 Roland Gruber + Copyright (C) 2003 - 2010 Roland Gruber This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -219,6 +219,9 @@ class LAMConfig { /** LDAP cache timeout */ private $cachetimeout; + + /** LDAP search limit */ + private $searchLimit = 0; /** Active account types */ private $activeTypes = "user,group,host,smbDomain"; @@ -242,7 +245,7 @@ class LAMConfig { private $settings = array("ServerURL", "useTLS", "Passwd", "Admins", "treesuffix", "defaultLanguage", "scriptPath", "scriptServer", "scriptRights", "cachetimeout", "modules", "activeTypes", "types", "accessLevel", 'loginMethod', 'loginSearchSuffix', - 'loginSearchFilter'); + 'loginSearchFilter', 'searchLimit'); /** @@ -385,6 +388,7 @@ class LAMConfig { if (!in_array("scriptServer", $saved)) array_push($file_array, "\n\n# Servers of external script\n" . "scriptServer: " . $this->scriptServer . "\n"); if (!in_array("scriptRights", $saved)) array_push($file_array, "\n\n# Access rights for home directories\n" . "scriptRights: " . $this->scriptRights . "\n"); if (!in_array("cachetimeout", $saved)) array_push($file_array, "\n\n# Number of minutes LAM caches LDAP searches.\n" . "cacheTimeout: " . $this->cachetimeout . "\n"); + if (!in_array("searchLimit", $saved)) array_push($file_array, "\n\n# LDAP search limit.\n" . "searchLimit: " . $this->searchLimit . "\n"); if (!in_array("activeTypes", $saved)) array_push($file_array, "\n\n# List of active account types.\n" . "activeTypes: " . $this->activeTypes . "\n"); if (!in_array("accessLevel", $saved)) array_push($file_array, "\n\n# Access level for this profile.\n" . "accessLevel: " . $this->accessLevel . "\n"); if (!in_array("loginMethod", $saved)) array_push($file_array, "\n\n# Login method.\n" . "loginMethod: " . $this->loginMethod . "\n"); @@ -802,6 +806,29 @@ class LAMConfig { return true; } + /** + * Returns the LDAP search limit. + * + * @return integer search limit + */ + public function get_searchLimit() { + return $this->searchLimit; + } + + /** + * Sets the LDAP search limit. + * + * @param integer $value new search limit + * @return boolean true if $value has correct format + */ + public function set_searchLimit($value) { + if (is_numeric($value) && ($value > -1)) { + $this->searchLimit = $value; + } + else return false; + return true; + } + /** * Returns an array of all selected account modules * diff --git a/lam/templates/config/confmain.php b/lam/templates/config/confmain.php index f2d65318..c6b90ebe 100644 --- a/lam/templates/config/confmain.php +++ b/lam/templates/config/confmain.php @@ -285,6 +285,28 @@ echo ""; printHelpLink(getHelp('', '214'), '214'); echo "\n"; +// LDAP search limit +$searchLimitOptions = array( +array(0, '-'), array(100, 100), array(500, 500), +array(1000, 1000), array(5000, 5000), array(10000, 10000), +array(50000, 50000), array(100000, 100000) +); +echo ("". + _("LDAP search limit") . ": ". + "\n"); +$tabindex++; +echo ""; +printHelpLink(getHelp('', '222'), '222'); +echo "\n"; + // access level is only visible in Pro version if (isLAMProVersion()) { // new line @@ -540,6 +562,7 @@ function checkInput() { if (!$conf->set_cacheTimeout($_POST['cachetimeout'])) { $errors[] = array("ERROR", _("Cache timeout is invalid!")); } + $conf->set_searchLimit($_POST['searchLimit']); if (isLAMProVersion()) { $conf->setAccessLevel($_POST['accessLevel']); }