Reduce number of LDAP queries when having multiple accountBases

When searching for an account in LDAP we used to first execute one query for each account base and, after that, check if the account was found. For an LDAP configuration with N accountBases this always executed N LDAP queries. In most cases this was not necessary as the account was often found in the first configured accountBase. Check if the account is found after each query and return as soon as it is found. When most users are found in the first configured accountBase this should reduce the number of LDAP queries by a factor of N. Change-Id: I6eced365506ac9a2716cef643b5760b68fc3966d
2015-01-21 17:22:27 +01:00
parent f1cbbe8739
commit 126c225b65
1 changed files with 5 additions and 11 deletions
--- a/gerrit-server/src/main/java/com/google/gerrit/server/auth/ldap/Helper.java
+++ b/gerrit-server/src/main/java/com/google/gerrit/server/auth/ldap/Helper.java
@@ -191,21 +191,15 @@ import javax.security.auth.login.LoginException;
    final HashMap<String, String> params = new HashMap<>();
    params.put(LdapRealm.USERNAME, username);

-    final List<LdapQuery.Result> res = new ArrayList<>();
    for (LdapQuery accountQuery : schema.accountQueryList) {
-      res.addAll(accountQuery.query(ctx, params));
-    }
-
-    switch (res.size()) {
-      case 0:
-        throw new NoSuchUserException(username);
-
-      case 1:
+      List<LdapQuery.Result> res = accountQuery.query(ctx, params);
+      if (res.size() == 1) {
        return res.get(0);
-
-      default:
+      } else if (res.size() > 1) {
        throw new AccountException("Duplicate users: " + username);
+      }
    }
+    throw new NoSuchUserException(username);
  }

  Set<AccountGroup.UUID> queryForGroups(final DirContext ctx,