Improve LDAP synchronization efficiency (#16994)

zeripath · web-flow · commit db6b7db06df5 · 2021-09-15T10:28:37.000+01:00
The current LDAP sync routine has order n^2 efficiency. This change reduces this
to order n.log n.

Signed-off-by: Andrew Thornton &lt;art27@cantab.net&gt;
diff --git a/services/auth/source/ldap/source_search.go b/services/auth/source/ldap/source_search.go
@@ -26,6 +26,7 @@ type SearchResult struct {
 	SSHPublicKey []string // SSH Public Key
 	IsAdmin      bool     // if user is administrator
 	IsRestricted bool     // if user is restricted
+	LowerName    string   // Lowername
 }
 
 func (ls *Source) sanitizedUserQuery(username string) (string, bool) {
@@ -363,6 +364,7 @@ func (ls *Source) SearchEntry(name, passwd string, directBind bool) *SearchResul
 	}
 
 	return &SearchResult{
+		LowerName:    strings.ToLower(username),
 		Username:     username,
 		Name:         firstname,
 		Surname:      surname,
@@ -440,6 +442,8 @@ func (ls *Source) SearchEntries() ([]*SearchResult, error) {
 		if isAttributeSSHPublicKeySet {
 			result[i].SSHPublicKey = v.GetAttributeValues(ls.AttributeSSHPublicKey)
 		}
+		result[i].LowerName = strings.ToLower(result[i].Username)
+
 	}
 
 	return result, nil
diff --git a/services/auth/source/ldap/source_sync.go b/services/auth/source/ldap/source_sync.go
@@ -7,6 +7,7 @@ package ldap
 import (
 	"context"
 	"fmt"
+	"sort"
 	"strings"
 
 	"code.gitea.io/gitea/models"
@@ -17,7 +18,7 @@ import (
 func (source *Source) Sync(ctx context.Context, updateExisting bool) error {
 	log.Trace("Doing: SyncExternalUsers[%s]", source.loginSource.Name)
 
-	var existingUsers []int64
+	var existingUsers []int
 	isAttributeSSHPublicKeySet := len(strings.TrimSpace(source.AttributeSSHPublicKey)) > 0
 	var sshKeysNeedUpdate bool
 
@@ -34,6 +35,10 @@ func (source *Source) Sync(ctx context.Context, updateExisting bool) error {
 	default:
 	}
 
+	sort.Slice(users, func(i, j int) bool {
+		return users[i].LowerName < users[j].LowerName
+	})
+
 	sr, err := source.SearchEntries()
 	if err != nil {
 		log.Error("SyncExternalUsers LDAP source failure [%s], skipped", source.loginSource.Name)
@@ -48,6 +53,12 @@ func (source *Source) Sync(ctx context.Context, updateExisting bool) error {
 		log.Warn("LDAP search found no entries but did not report an error. All users will be deactivated as per settings")
 	}
 
+	sort.Slice(sr, func(i, j int) bool {
+		return sr[i].LowerName < sr[j].LowerName
+	})
+
+	userPos := 0
+
 	for _, su := range sr {
 		select {
 		case <-ctx.Done():
@@ -71,12 +82,12 @@ func (source *Source) Sync(ctx context.Context, updateExisting bool) error {
 		}
 
 		var usr *models.User
-		// Search for existing user
-		for _, du := range users {
-			if du.LowerName == strings.ToLower(su.Username) {
-				usr = du
-				break
-			}
+		for userPos < len(users) && users[userPos].LowerName < su.LowerName {
+			userPos++
+		}
+		if userPos < len(users) && users[userPos].LowerName == su.LowerName {
+			usr = users[userPos]
+			existingUsers = append(existingUsers, userPos)
 		}
 
 		fullName := composeFullName(su.Name, su.Surname, su.Username)
@@ -85,7 +96,7 @@ func (source *Source) Sync(ctx context.Context, updateExisting bool) error {
 			log.Trace("SyncExternalUsers[%s]: Creating user %s", source.loginSource.Name, su.Username)
 
 			usr = &models.User{
-				LowerName:    strings.ToLower(su.Username),
+				LowerName:    su.LowerName,
 				Name:         su.Username,
 				FullName:     fullName,
 				LoginType:    source.loginSource.Type,
@@ -108,8 +119,6 @@ func (source *Source) Sync(ctx context.Context, updateExisting bool) error {
 				}
 			}
 		} else if updateExisting {
-			existingUsers = append(existingUsers, usr.ID)
-
 			// Synchronize SSH Public Key if that attribute is set
 			if isAttributeSSHPublicKeySet && models.SynchronizePublicKeys(usr, source.loginSource, su.SSHPublicKey) {
 				sshKeysNeedUpdate = true
@@ -161,15 +170,12 @@ func (source *Source) Sync(ctx context.Context, updateExisting bool) error {
 
 	// Deactivate users not present in LDAP
 	if updateExisting {
-		for _, usr := range users {
-			found := false
-			for _, uid := range existingUsers {
-				if usr.ID == uid {
-					found = true
-					break
-				}
+		existPos := 0
+		for i, usr := range users {
+			for existPos < len(existingUsers) && i > existingUsers[existPos] {
+				existPos++
 			}
-			if !found {
+			if usr.IsActive && (existPos >= len(existingUsers) || i < existingUsers[existPos]) {
 				log.Trace("SyncExternalUsers[%s]: Deactivating user %s", source.loginSource.Name, usr.Name)
 
 				usr.IsActive = false

Original file line number	Diff line number	Diff line change
`@@ -26,6 +26,7 @@ type SearchResult struct {`
`26`	`26`	`SSHPublicKey []string // SSH Public Key`
`27`	`27`	`IsAdmin bool // if user is administrator`
`28`	`28`	`IsRestricted bool // if user is restricted`
	`29`	`+ LowerName string // Lowername`
`29`	`30`	`}`
`30`	`31`
`31`	`32`	`func (ls *Source) sanitizedUserQuery(username string) (string, bool) {`
`@@ -363,6 +364,7 @@ func (ls Source) SearchEntry(name, passwd string, directBind bool) SearchResul`
`363`	`364`	`}`
`364`	`365`
`365`	`366`	`return &SearchResult{`
	`367`	`+ LowerName: strings.ToLower(username),`
`366`	`368`	`Username: username,`
`367`	`369`	`Name: firstname,`
`368`	`370`	`Surname: surname,`
`@@ -440,6 +442,8 @@ func (ls Source) SearchEntries() ([]SearchResult, error) {`
`440`	`442`	`if isAttributeSSHPublicKeySet {`
`441`	`443`	`result[i].SSHPublicKey = v.GetAttributeValues(ls.AttributeSSHPublicKey)`
`442`	`444`	`}`
	`445`	`+ result[i].LowerName = strings.ToLower(result[i].Username)`
	`446`	`+`
`443`	`447`	`}`
`444`	`448`
`445`	`449`	`return result, nil`