added config option for LDAP search limit

This commit is contained in:
Roland Gruber 2010-02-06 18:30:21 +00:00
parent 545d0a6517
commit fa9edd7963
4 changed files with 58 additions and 3 deletions

View File

@ -34,6 +34,9 @@ scriptRights: 750
# Number of minutes LAM caches LDAP searches. # Number of minutes LAM caches LDAP searches.
cachetimeout: 5 cachetimeout: 5
# LDAP search limit.
searchLimit: 0
# Module settings # Module settings
modules: posixAccount_minUID: 10000 modules: posixAccount_minUID: 10000

View File

@ -4,7 +4,7 @@ $Id$
This code is part of LDAP Account Manager (http://www.ldap-account-manager.org/) This code is part of LDAP Account Manager (http://www.ldap-account-manager.org/)
Copyright (C) 2003 - 2006 Michael Duergner Copyright (C) 2003 - 2006 Michael Duergner
2003 - 2009 Roland Gruber 2003 - 2010 Roland Gruber
This program is free software; you can redistribute it and/or modify This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by it under the terms of the GNU General Public License as published by
@ -116,6 +116,8 @@ $helpArray = array (
"Text" => _("The number of users who may login to LAM is restricted. This can be either a fixed list of DNs or LAM can search LDAP to find a DN which matches the given user name.")), "Text" => _("The number of users who may login to LAM is restricted. This can be either a fixed list of DNs or LAM can search LDAP to find a DN which matches the given user name.")),
"221" => array ("Headline" => _("LDAP search"), "221" => array ("Headline" => _("LDAP search"),
"Text" => _("Please enter the LDAP suffix where LAM should start to search for users. The LDAP filter needs to match the given user name to exactly one DN. The value \"%USER%\" will be replaced by the user name from the login page.")), "Text" => _("Please enter the LDAP suffix where LAM should start to search for users. The LDAP filter needs to match the given user name to exactly one DN. The value \"%USER%\" will be replaced by the user name from the login page.")),
"222" => array ("Headline" => _("LDAP search limit"),
"Text" => _("Here you can set a limit for LDAP searches. This will restrict the number of results for LDAP searches. Please use this if LAM's LDAP queries produce too much load.")),
"230" => array ("Headline" => _("Profile management") . " - " . _("Add profile"), "230" => array ("Headline" => _("Profile management") . " - " . _("Add profile"),
"Text" => _("Please enter the name of the new profile and the password to change its settings. Profile names may contain letters, numbers and -/_.")), "Text" => _("Please enter the name of the new profile and the password to change its settings. Profile names may contain letters, numbers and -/_.")),
"231" => array ("Headline" => _("Profile management") . " - " . _("Rename profile"), "231" => array ("Headline" => _("Profile management") . " - " . _("Rename profile"),

View File

@ -3,7 +3,7 @@
$Id$ $Id$
This code is part of LDAP Account Manager (http://www.ldap-account-manager.org/) This code is part of LDAP Account Manager (http://www.ldap-account-manager.org/)
Copyright (C) 2003 - 2009 Roland Gruber Copyright (C) 2003 - 2010 Roland Gruber
This program is free software; you can redistribute it and/or modify This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by it under the terms of the GNU General Public License as published by
@ -219,6 +219,9 @@ class LAMConfig {
/** LDAP cache timeout */ /** LDAP cache timeout */
private $cachetimeout; private $cachetimeout;
/** LDAP search limit */
private $searchLimit = 0;
/** Active account types */ /** Active account types */
private $activeTypes = "user,group,host,smbDomain"; private $activeTypes = "user,group,host,smbDomain";
@ -242,7 +245,7 @@ class LAMConfig {
private $settings = array("ServerURL", "useTLS", "Passwd", "Admins", "treesuffix", private $settings = array("ServerURL", "useTLS", "Passwd", "Admins", "treesuffix",
"defaultLanguage", "scriptPath", "scriptServer", "scriptRights", "cachetimeout", "defaultLanguage", "scriptPath", "scriptServer", "scriptRights", "cachetimeout",
"modules", "activeTypes", "types", "accessLevel", 'loginMethod', 'loginSearchSuffix', "modules", "activeTypes", "types", "accessLevel", 'loginMethod', 'loginSearchSuffix',
'loginSearchFilter'); 'loginSearchFilter', 'searchLimit');
/** /**
@ -385,6 +388,7 @@ class LAMConfig {
if (!in_array("scriptServer", $saved)) array_push($file_array, "\n\n# Servers of external script\n" . "scriptServer: " . $this->scriptServer . "\n"); if (!in_array("scriptServer", $saved)) array_push($file_array, "\n\n# Servers of external script\n" . "scriptServer: " . $this->scriptServer . "\n");
if (!in_array("scriptRights", $saved)) array_push($file_array, "\n\n# Access rights for home directories\n" . "scriptRights: " . $this->scriptRights . "\n"); if (!in_array("scriptRights", $saved)) array_push($file_array, "\n\n# Access rights for home directories\n" . "scriptRights: " . $this->scriptRights . "\n");
if (!in_array("cachetimeout", $saved)) array_push($file_array, "\n\n# Number of minutes LAM caches LDAP searches.\n" . "cacheTimeout: " . $this->cachetimeout . "\n"); if (!in_array("cachetimeout", $saved)) array_push($file_array, "\n\n# Number of minutes LAM caches LDAP searches.\n" . "cacheTimeout: " . $this->cachetimeout . "\n");
if (!in_array("searchLimit", $saved)) array_push($file_array, "\n\n# LDAP search limit.\n" . "searchLimit: " . $this->searchLimit . "\n");
if (!in_array("activeTypes", $saved)) array_push($file_array, "\n\n# List of active account types.\n" . "activeTypes: " . $this->activeTypes . "\n"); if (!in_array("activeTypes", $saved)) array_push($file_array, "\n\n# List of active account types.\n" . "activeTypes: " . $this->activeTypes . "\n");
if (!in_array("accessLevel", $saved)) array_push($file_array, "\n\n# Access level for this profile.\n" . "accessLevel: " . $this->accessLevel . "\n"); if (!in_array("accessLevel", $saved)) array_push($file_array, "\n\n# Access level for this profile.\n" . "accessLevel: " . $this->accessLevel . "\n");
if (!in_array("loginMethod", $saved)) array_push($file_array, "\n\n# Login method.\n" . "loginMethod: " . $this->loginMethod . "\n"); if (!in_array("loginMethod", $saved)) array_push($file_array, "\n\n# Login method.\n" . "loginMethod: " . $this->loginMethod . "\n");
@ -802,6 +806,29 @@ class LAMConfig {
return true; return true;
} }
/**
* Returns the LDAP search limit.
*
* @return integer search limit
*/
public function get_searchLimit() {
return $this->searchLimit;
}
/**
* Sets the LDAP search limit.
*
* @param integer $value new search limit
* @return boolean true if $value has correct format
*/
public function set_searchLimit($value) {
if (is_numeric($value) && ($value > -1)) {
$this->searchLimit = $value;
}
else return false;
return true;
}
/** /**
* Returns an array of all selected account modules * Returns an array of all selected account modules
* *

View File

@ -285,6 +285,28 @@ echo "<td>";
printHelpLink(getHelp('', '214'), '214'); printHelpLink(getHelp('', '214'), '214');
echo "</td></tr>\n"; echo "</td></tr>\n";
// LDAP search limit
$searchLimitOptions = array(
array(0, '-'), array(100, 100), array(500, 500),
array(1000, 1000), array(5000, 5000), array(10000, 10000),
array(50000, 50000), array(100000, 100000)
);
echo ("<tr><td align=\"right\"><b>".
_("LDAP search limit") . ": </b></td>".
"<td><select tabindex=\"$tabindex\" name=\"searchLimit\">\n");
for ($i = 0; $i < sizeof($searchLimitOptions); $i++) {
$selected = "";
if ($searchLimitOptions[$i][0] == $conf->get_searchLimit()) {
$selected = "selected";
}
echo "<option value=\"" . $searchLimitOptions[$i][0] . "\" $selected>" . $searchLimitOptions[$i][1] . "</option>";
}
echo ("</select></td>\n");
$tabindex++;
echo "<td>";
printHelpLink(getHelp('', '222'), '222');
echo "</td></tr>\n";
// access level is only visible in Pro version // access level is only visible in Pro version
if (isLAMProVersion()) { if (isLAMProVersion()) {
// new line // new line
@ -540,6 +562,7 @@ function checkInput() {
if (!$conf->set_cacheTimeout($_POST['cachetimeout'])) { if (!$conf->set_cacheTimeout($_POST['cachetimeout'])) {
$errors[] = array("ERROR", _("Cache timeout is invalid!")); $errors[] = array("ERROR", _("Cache timeout is invalid!"));
} }
$conf->set_searchLimit($_POST['searchLimit']);
if (isLAMProVersion()) { if (isLAMProVersion()) {
$conf->setAccessLevel($_POST['accessLevel']); $conf->setAccessLevel($_POST['accessLevel']);
} }