Caches manager lookups in LDAP for performance boost

2022-10-20 16:52:40 -07:00 · 2022-10-20 16:52:40 -07:00 · bc78d341a0
commit bc78d341a0
parent edf191b724
1 changed files with 37 additions and 27 deletions
--- a/app/Console/Commands/LdapSync.php
+++ b/app/Console/Commands/LdapSync.php
@ -175,6 +175,8 @@ class LdapSync extends Command
        $tmp_pass = substr(str_shuffle('0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ'), 0, 20);
        $pass = bcrypt($tmp_pass);
        $manager_cache = [];
        for ($i = 0; $i < $results['count']; $i++) {
                $item = [];
                $item['username'] = isset($results[$i][$ldap_result_username][0]) ? $results[$i][$ldap_result_username][0] : '';
@ -217,34 +219,42 @@ class LdapSync extends Command
                $user->department_id = $department->id;
                if($item['manager'] != null) {
-                    // Get the LDAP Manager
+                    // Check Cache first
-                    try {
+                    if (isset($manager_cache[$item['manager']])) {
-                        $ldap_manager = Ldap::findLdapUsers($item['manager'], -1, $this->option('filter'));
+                        // found in cache; use that and avoid extra lookups
-                    } catch (\Exception $e) {
+                        $user->manager_id = $manager_cache[$item['manager']];
-                        \Log::warn("Manager lookup caused an exception: ".$e->getMessage().". Falling back to direct username lookup");
+                    } else {
-                        // Hail-mary for Okta manager 'shortnames' - will only work if
+                        // Get the LDAP Manager
-                        // Okta configuration is using full email-address-style usernames
+                        try {
-                        $ldap_manager = [
+                            $ldap_manager = Ldap::findLdapUsers($item['manager'], -1, $this->option('filter'));
-                            "count" => 1,
+                        } catch (\Exception $e) {
-                            0 => [
+                            \Log::warn("Manager lookup caused an exception: " . $e->getMessage() . ". Falling back to direct username lookup");
-                                $ldap_result_username => [$item['manager']]
+                            // Hail-mary for Okta manager 'shortnames' - will only work if
-                            ]
+                            // Okta configuration is using full email-address-style usernames
-                        ];
+                            $ldap_manager = [
-                    }
+                                "count" => 1,
-
+                                0 => [
-                    if ($ldap_manager["count"] > 0) {
+                                    $ldap_result_username => [$item['manager']]
-
+                                ]
-                        // Get the Manager's username
+                            ];
                        // PHP LDAP returns every LDAP attribute as an array, and 90% of the time it's an array of just one item. But, hey, it's an array.
                        $ldapManagerUsername = $ldap_manager[0][$ldap_result_username][0];
                        // Get User from Manager username.
                        $ldap_manager = User::where('username', $ldapManagerUsername)->first();
                        if ( $ldap_manager && isset($ldap_manager->id) ) {
                            // Link user to manager id.
                            $user->manager_id = $ldap_manager->id;
                        }
                        if ($ldap_manager["count"] > 0) {
                            // Get the Manager's username
                            // PHP LDAP returns every LDAP attribute as an array, and 90% of the time it's an array of just one item. But, hey, it's an array.
                            $ldapManagerUsername = $ldap_manager[0][$ldap_result_username][0];
                            // Get User from Manager username.
                            $ldap_manager = User::where('username', $ldapManagerUsername)->first();
                            if ($ldap_manager && isset($ldap_manager->id)) {
                                // Link user to manager id.
                                $user->manager_id = $ldap_manager->id;
                            }
                        }
                        $manager_cache[$item['manager']] = $ldap_manager && isset($ldap_manager->id)  ? $ldap_manager->id : null; // Store results in cache, even if 'failed'
                    }
                }