added config option for LDAP search limit

lam/config/lam.conf_sample

@@ -34,6 +34,9 @@ scriptRights: 750
 # Number of minutes LAM caches LDAP searches.
 cachetimeout: 5
 
+# LDAP search limit.
+searchLimit: 0
+
 # Module settings
 
 modules: posixAccount_minUID: 10000

lam/help/help.inc

@@ -4,7 +4,7 @@ $Id$
 
   This code is part of LDAP Account Manager (http://www.ldap-account-manager.org/)
   Copyright (C) 2003 - 2006 Michael Duergner
-                2003 - 2009 Roland Gruber
+                2003 - 2010 Roland Gruber
 
   This program is free software; you can redistribute it and/or modify
   it under the terms of the GNU General Public License as published by
@@ -116,6 +116,8 @@ $helpArray = array (
 					"Text" => _("The number of users who may login to LAM is restricted. This can be either a fixed list of DNs or LAM can search LDAP to find a DN which matches the given user name.")),
 				"221" => array ("Headline" => _("LDAP search"),
 					"Text" => _("Please enter the LDAP suffix where LAM should start to search for users. The LDAP filter needs to match the given user name to exactly one DN. The value \"%USER%\" will be replaced by the user name from the login page.")),
+				"222" => array ("Headline" => _("LDAP search limit"),
+					"Text" => _("Here you can set a limit for LDAP searches. This will restrict the number of results for LDAP searches. Please use this if LAM's LDAP queries produce too much load.")),
 				"230" => array ("Headline" => _("Profile management") . " - " . _("Add profile"),
 					"Text" => _("Please enter the name of the new profile and the password to change its settings. Profile names may contain letters, numbers and -/_.")),
 				"231" => array ("Headline" => _("Profile management") . " - " . _("Rename profile"),

lam/lib/config.inc

@@ -3,7 +3,7 @@
 $Id$
 
   This code is part of LDAP Account Manager (http://www.ldap-account-manager.org/)
-  Copyright (C) 2003 - 2009  Roland Gruber
+  Copyright (C) 2003 - 2010  Roland Gruber
 
   This program is free software; you can redistribute it and/or modify
   it under the terms of the GNU General Public License as published by
@@ -220,6 +220,9 @@ class LAMConfig {
 	/** LDAP cache timeout */
 	private $cachetimeout;
 	
+	/** LDAP search limit */
+	private $searchLimit = 0;
+
 	/** Active account types */
 	private $activeTypes = "user,group,host,smbDomain";
 
@@ -242,7 +245,7 @@ class LAMConfig {
 	private $settings = array("ServerURL", "useTLS", "Passwd", "Admins", "treesuffix",
 		"defaultLanguage", "scriptPath", "scriptServer", "scriptRights", "cachetimeout",
 		"modules", "activeTypes", "types", "accessLevel", 'loginMethod', 'loginSearchSuffix',
-		'loginSearchFilter');
+		'loginSearchFilter', 'searchLimit');
 
 
 	/**
@@ -385,6 +388,7 @@ class LAMConfig {
 			if (!in_array("scriptServer", $saved)) array_push($file_array, "\n\n# Servers of external script\n" . "scriptServer: " . $this->scriptServer . "\n");
 			if (!in_array("scriptRights", $saved)) array_push($file_array, "\n\n# Access rights for home directories\n" . "scriptRights: " . $this->scriptRights . "\n");
 			if (!in_array("cachetimeout", $saved)) array_push($file_array, "\n\n# Number of minutes LAM caches LDAP searches.\n" . "cacheTimeout: " . $this->cachetimeout . "\n");
+			if (!in_array("searchLimit", $saved)) array_push($file_array, "\n\n# LDAP search limit.\n" . "searchLimit: " . $this->searchLimit . "\n");
 			if (!in_array("activeTypes", $saved)) array_push($file_array, "\n\n# List of active account types.\n" . "activeTypes: " . $this->activeTypes . "\n");
 			if (!in_array("accessLevel", $saved)) array_push($file_array, "\n\n# Access level for this profile.\n" . "accessLevel: " . $this->accessLevel . "\n");
 			if (!in_array("loginMethod", $saved)) array_push($file_array, "\n\n# Login method.\n" . "loginMethod: " . $this->loginMethod . "\n");
@@ -802,6 +806,29 @@ class LAMConfig {
 		return true;
 	}
 
+	/**
+	* Returns the LDAP search limit.
+	*
+	* @return integer search limit
+	*/
+	public function get_searchLimit() {
+		return $this->searchLimit;
+	}
+
+	/**
+	* Sets the LDAP search limit.
+	*
+	* @param integer $value new search limit
+	* @return boolean true if $value has correct format
+	*/
+	public function set_searchLimit($value) {
+		if (is_numeric($value) && ($value > -1)) {
+			$this->searchLimit = $value;
+		}
+		else return false;
+		return true;
+	}
+
 	/**
 	* Returns an array of all selected account modules
 	*

lam/templates/config/confmain.php

@@ -285,6 +285,28 @@ echo "<td>";
 printHelpLink(getHelp('', '214'), '214');
 echo "</td></tr>\n";
 
+// LDAP search limit
+$searchLimitOptions = array(
+array(0, '-'), array(100, 100), array(500, 500),
+array(1000, 1000), array(5000, 5000), array(10000, 10000),
+array(50000, 50000), array(100000, 100000)
+);
+echo ("<tr><td align=\"right\"><b>".
+	_("LDAP search limit") . ": </b></td>".
+	"<td><select tabindex=\"$tabindex\" name=\"searchLimit\">\n");
+for ($i = 0; $i < sizeof($searchLimitOptions); $i++) {
+	$selected = "";
+	if ($searchLimitOptions[$i][0] == $conf->get_searchLimit()) {
+		$selected = "selected";
+	}
+	echo "<option value=\"" . $searchLimitOptions[$i][0] . "\" $selected>" . $searchLimitOptions[$i][1] . "</option>";
+}
+echo ("</select></td>\n");
+$tabindex++;
+echo "<td>";
+printHelpLink(getHelp('', '222'), '222');
+echo "</td></tr>\n";
+
 // access level is only visible in Pro version
 if (isLAMProVersion()) {
 	// new line
@@ -540,6 +562,7 @@ function checkInput() {
 	if (!$conf->set_cacheTimeout($_POST['cachetimeout'])) {
 		$errors[] = array("ERROR", _("Cache timeout is invalid!"));
 	}
+	$conf->set_searchLimit($_POST['searchLimit']);
 	if (isLAMProVersion()) {
 		$conf->setAccessLevel($_POST['accessLevel']);
 	}