LDAP_MEMBEROF_REGEX working after recursive group search and filtering out last result
I've noticed that in old backend
mavis_tacplus_ldap.pl has env var EXPAND_AD_GROUP_MEMBERSHIP which undef by default.
As result old backend not expanding all groups recursively and work faster
In my case users contains more than 100 groups in memberof attr and expanding all groups take more than 7 seconds
my $expand_ad_group_membership = undef;
$expand_ad_group_membership = $ENV{'EXPAND_AD_GROUP_MEMBERSHIP'} if exists $ENV{'EXPAND_AD_GROUP_MEMBERSHIP'};
......
$mesg = $ldap->search(base => $LDAP_BASE, filter => sprintf($LDAP_FILTER, $V[AV_A_USER]), scope => $LDAP_SCOPE,
attrs => ['shadowExpire','memberOf','dn', 'uidNumber', 'gidNumber', 'loginShell', 'homeDirectory', 'sshPublicKey',
'krbPasswordExpiration', $LDAP_TACMEMBER]);
if ($mesg->count() == 1) {
my $entry = $mesg->entry(0);
my $val = $entry->get_value('memberOf', asref => 1);
$authdn = $entry->dn;
my (@M, @MO);
if ($#{$val} > -1) {
$val = expand_memberof($val) if defined $expand_ad_group_membership;
} else {
$val = expand_groupOfNames($entry->dn) if defined $expand_ad_group_membership;
}
foreach my $m (sort @$val) {
if ($m =~ /$LDAP_MEMBEROF_REGEX/i) {
push @M, $1;
push @MO, $m;
}
}
........
Now new backend works a lot faster for me
It would be great if you provide this option for new backend in git
Thank you!