Google Git
Sign in
gerrit / gerrit / cc3a3a49d61641991e742de3fb579a1cd12b500d^1..cc3a3a49d61641991e742de3fb579a1cd12b500d / .
commitcc3a3a49d61641991e742de3fb579a1cd12b500d[log] [tgz]
authorShawn Pearce <sop@google.com>Mon Oct 22 09:55:55 2012 -0700
committerGerrit Code Review <noreply-gerritcodereview@google.com>Mon Oct 22 09:55:55 2012 -0700
treef6a03bc4aec2ca5c92f232f8dad093620eb9c8d6
parentd04d31cf207286f23649be7f3feaf85dc56d2414 [diff]
parentb5d994bffa92c6b9c980ed0b161a9243129d3084 [diff]
Merge "LDAP-cache to minimize nbr of queries when unnesting groups." into stable-2.5
diff --git a/Documentation/config-gerrit.txt b/Documentation/config-gerrit.txt
index 5e2cc18..1959995 100644
--- a/Documentation/config-gerrit.txt
+++ b/Documentation/config-gerrit.txt

@@ -530,6 +530,10 @@
 low maxAge setting, to ensure LDAP modifications are picked up in
 a timely fashion.
 
+cache `"ldap_groups_byinclude"`::
++
+Caches the hierarchical structure of LDAP groups.
+
 cache `"ldap_usernames"`::
 +
 Caches a mapping of LDAP username to Gerrit account identity.  The

diff --git a/gerrit-server/src/main/java/com/google/gerrit/server/auth/ldap/Helper.java b/gerrit-server/src/main/java/com/google/gerrit/server/auth/ldap/Helper.java
index 2265bc2..644f5df 100644
--- a/gerrit-server/src/main/java/com/google/gerrit/server/auth/ldap/Helper.java
+++ b/gerrit-server/src/main/java/com/google/gerrit/server/auth/ldap/Helper.java

@@ -14,6 +14,8 @@
 
 package com.google.gerrit.server.auth.ldap;
 
+import com.google.common.cache.Cache;
+import com.google.common.collect.ImmutableSet;
 import com.google.gerrit.common.data.ParameterizedString;
 import com.google.gerrit.reviewdb.client.AccountGroup;
 import com.google.gerrit.server.account.AccountException;
@@ -22,6 +24,7 @@
 import com.google.gerrit.util.ssl.BlindSSLSocketFactory;
 import com.google.inject.Inject;
 import com.google.inject.Singleton;
+import com.google.inject.name.Named;
 
 import org.eclipse.jgit.lib.Config;
 
@@ -48,6 +51,7 @@
 @Singleton class Helper {
   static final String LDAP_UUID = "ldap:";
 
+  private final Cache<String, ImmutableSet<String>> groupsByInclude;
   private final Config config;
   private final String server;
   private final String username;
@@ -58,7 +62,9 @@
   private final String readTimeOutMillis;
 
   @Inject
-  Helper(@GerritServerConfig final Config config) {
+  Helper(@GerritServerConfig final Config config,
+      @Named(LdapModule.GROUPS_BYINCLUDE_CACHE)
+      Cache<String, ImmutableSet<String>> groupsByInclude) {
     this.config = config;
     this.server = LdapRealm.required(config, "server");
     this.username = LdapRealm.optional(config, "username");
@@ -73,6 +79,7 @@
     } else {
       readTimeOutMillis = null;
     }
+    this.groupsByInclude = groupsByInclude;
   }
 
   private Properties createContextProperties() {
@@ -207,24 +214,31 @@
   private void recursivelyExpandGroups(final Set<String> groupDNs,
       final LdapSchema schema, final DirContext ctx, final String groupDN) {
     if (groupDNs.add(groupDN) && schema.accountMemberField != null) {
-      // Recursively identify the groups it is a member of.
-      //
-      try {
-        final Name compositeGroupName = new CompositeName().add(groupDN);
-        final Attribute in =
-            ctx.getAttributes(compositeGroupName).get(schema.accountMemberField);
-        if (in != null) {
-          final NamingEnumeration<?> groups = in.getAll();
-          try {
-            while (groups.hasMore()) {
-              final String nextDN = (String) groups.next();
-              recursivelyExpandGroups(groupDNs, schema, ctx, nextDN);
+      ImmutableSet<String> cachedGroupDNs = groupsByInclude.getIfPresent(groupDN);
+      if (cachedGroupDNs == null) {
+        // Recursively identify the groups it is a member of.
+        ImmutableSet.Builder<String> dns = ImmutableSet.builder();
+        try {
+          final Name compositeGroupName = new CompositeName().add(groupDN);
+          final Attribute in =
+              ctx.getAttributes(compositeGroupName).get(schema.accountMemberField);
+          if (in != null) {
+            final NamingEnumeration<?> groups = in.getAll();
+            try {
+              while (groups.hasMore()) {
+                dns.add((String) groups.next());
+              }
+            } catch (PartialResultException e) {
             }
-          } catch (PartialResultException e) {
           }
+        } catch (NamingException e) {
+          LdapRealm.log.warn("Could not find group " + groupDN, e);
         }
-      } catch (NamingException e) {
-        LdapRealm.log.warn("Could not find group " + groupDN, e);
+        cachedGroupDNs = dns.build();
+        groupsByInclude.put(groupDN, cachedGroupDNs);
+      }
+      for (String dn : cachedGroupDNs) {
+        recursivelyExpandGroups(groupDNs, schema, ctx, dn);
       }
     }
   }

diff --git a/gerrit-server/src/main/java/com/google/gerrit/server/auth/ldap/LdapModule.java b/gerrit-server/src/main/java/com/google/gerrit/server/auth/ldap/LdapModule.java
index 29533b9..f1b15f9 100644
--- a/gerrit-server/src/main/java/com/google/gerrit/server/auth/ldap/LdapModule.java
+++ b/gerrit-server/src/main/java/com/google/gerrit/server/auth/ldap/LdapModule.java

@@ -17,6 +17,7 @@
 import static java.util.concurrent.TimeUnit.HOURS;
 
 import com.google.common.base.Optional;
+import com.google.common.collect.ImmutableSet;
 import com.google.gerrit.extensions.registration.DynamicSet;
 import com.google.gerrit.reviewdb.client.Account;
 import com.google.gerrit.reviewdb.client.AccountGroup;
@@ -32,6 +33,7 @@
   static final String USERNAME_CACHE = "ldap_usernames";
   static final String GROUP_CACHE = "ldap_groups";
   static final String GROUP_EXIST_CACHE = "ldap_group_existence";
+  static final String GROUPS_BYINCLUDE_CACHE = "ldap_groups_byinclude";
 
 
   @Override
@@ -53,6 +55,11 @@
       .expireAfterWrite(1, HOURS)
       .loader(LdapRealm.ExistenceLoader.class);
 
+    cache(GROUPS_BYINCLUDE_CACHE,
+        String.class,
+        new TypeLiteral<ImmutableSet<String>>() {})
+      .expireAfterWrite(1, HOURS);
+
     bind(Realm.class).to(LdapRealm.class).in(Scopes.SINGLETON);
     bind(Helper.class);