Optimize LDAP and add a search timeout

author: Drew Blessing <drew@gitlab.com> 2015-12-31 13:22:51 -0600
committer: Drew Blessing <drew@gitlab.com> 2016-01-11 08:17:32 -0600
commit: 67aa0b8c4cbf762211ad178efb537f1649d91776 (patch)
tree: 8a2f7da423f4d1140bacb05bcd04eb19ad27e66a /lib
parent: a9800ce40b7a80cbe779e3269c7eae83b883f4da (diff)
download: gitlab-ce-67aa0b8c4cbf762211ad178efb537f1649d91776.tar.gz
3 files changed, 25 insertions, 11 deletions
diff --git a/lib/gitlab/ldap/access.rb b/lib/gitlab/ldap/access.rb
index c438a3d167b..b2bdbc10d7f 100644
--- a/lib/gitlab/ldap/access.rb
+++ b/lib/gitlab/ldap/access.rb
@@ -5,7 +5,7 @@
 module Gitlab
   module LDAP
     class Access
-      attr_reader :adapter, :provider, :user
+      attr_reader :provider, :user
 
       def self.open(user, &block)
         Gitlab::LDAP::Adapter.open(user.ldap_identity.provider) do |adapter|
@@ -32,7 +32,7 @@ module Gitlab
       end
 
       def allowed?
-        if Gitlab::LDAP::Person.find_by_dn(user.ldap_identity.extern_uid, adapter)
+        if ldap_user
           return true unless ldap_config.active_directory
 
           # Block user in GitLab if he/she was blocked in AD
@@ -59,6 +59,10 @@ module Gitlab
       def ldap_config
         Gitlab::LDAP::Config.new(provider)
       end
+
+      def ldap_user
+        @ldap_user ||= Gitlab::LDAP::Person.find_by_dn(user.ldap_identity.extern_uid, adapter)
+      end
     end
   end
 end
diff --git a/lib/gitlab/ldap/adapter.rb b/lib/gitlab/ldap/adapter.rb
index 577a890a7d9..df65179bfea 100644
--- a/lib/gitlab/ldap/adapter.rb
+++ b/lib/gitlab/ldap/adapter.rb
@@ -70,19 +70,25 @@ module Gitlab
       end
 
       def ldap_search(*args)
-        results = ldap.search(*args)
+        # Net::LDAP's `time` argument doesn't work. Use Ruby `Timeout` instead.
+        Timeout.timeout(config.timeout) do
+          results = ldap.search(*args)
 
-        if results.nil?
-          response = ldap.get_operation_result
+          if results.nil?
+            response = ldap.get_operation_result
 
-          unless response.code.zero?
-            Rails.logger.warn("LDAP search error: #{response.message}")
-          end
+            unless response.code.zero?
+              Rails.logger.warn("LDAP search error: #{response.message}")
+            end
 
-          []
-        else
-          results
+            []
+          else
+            results
+          end
         end
+      rescue Timeout::Error
+        Rails.logger.warn("LDAP search timed out after #{config.timeout} seconds")
+        []
       end
     end
   end
diff --git a/lib/gitlab/ldap/config.rb b/lib/gitlab/ldap/config.rb
index 101a3285f4b..aff7ccb157f 100644
--- a/lib/gitlab/ldap/config.rb
+++ b/lib/gitlab/ldap/config.rb
@@ -88,6 +88,10 @@ module Gitlab
         options['attributes']
       end
 
+      def timeout
+        options['timeout'].to_i
+      end
+
       protected
       def base_config
         Gitlab.config.ldap
author	Drew Blessing <drew@gitlab.com>	2015-12-31 13:22:51 -0600
committer	Drew Blessing <drew@gitlab.com>	2016-01-11 08:17:32 -0600
commit	67aa0b8c4cbf762211ad178efb537f1649d91776 (patch)
tree	8a2f7da423f4d1140bacb05bcd04eb19ad27e66a /lib
parent	a9800ce40b7a80cbe779e3269c7eae83b883f4da (diff)
download	gitlab-ce-67aa0b8c4cbf762211ad178efb537f1649d91776.tar.gz