Changed LDAP searches to NOATTRS in order to avoid returning unecessary

data in searches where only getDn() is done on results Original commit: elastic/x-pack-elasticsearch@5ce64235a1
2016-04-18 15:18:39 -04:00 · 2016-04-18 15:18:39 -04:00 · 962729bd3b
parent e6bce6b36e
commit 962729bd3b
4 changed files with 5 additions and 4 deletions
--- a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/authc/activedirectory/ActiveDirectoryGroupsResolver.java
+++ b/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/authc/activedirectory/ActiveDirectoryGroupsResolver.java
@ -45,7 +45,7 @@ public class ActiveDirectoryGroupsResolver implements GroupsResolver {
        Filter groupSearchFilter = buildGroupQuery(connection, userDn, timeout, logger);
        logger.debug("group SID to DN search filter: [{}]", groupSearchFilter);

-        SearchRequest searchRequest = new SearchRequest(baseDn, scope.scope(), groupSearchFilter, Strings.EMPTY_ARRAY);
+        SearchRequest searchRequest = new SearchRequest(baseDn, scope.scope(), groupSearchFilter, SearchRequest.NO_ATTRIBUTES);
        searchRequest.setTimeLimitSeconds(Math.toIntExact(timeout.seconds()));
        SearchResult results;
        try {
--- a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/authc/activedirectory/ActiveDirectorySessionFactory.java
+++ b/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/authc/activedirectory/ActiveDirectorySessionFactory.java
@ -89,7 +89,7 @@ public class ActiveDirectorySessionFactory extends SessionFactory {
        try {
            connection.bind(userPrincipal, new String(password.internalChars()));
            SearchRequest searchRequest = new SearchRequest(userSearchDN, userSearchScope.scope(),
-                    createFilter(userSearchFilter, userName), Strings.EMPTY_ARRAY);
+                    createFilter(userSearchFilter, userName), SearchRequest.NO_ATTRIBUTES);
            searchRequest.setTimeLimitSeconds(Math.toIntExact(timeout.seconds()));
            SearchResult results = search(connection, searchRequest, logger);
            int numResults = results.getEntryCount();
--- a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/authc/ldap/LdapUserSearchSessionFactory.java
+++ b/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/authc/ldap/LdapUserSearchSessionFactory.java
@ -152,7 +152,7 @@ public class LdapUserSearchSessionFactory extends SessionFactory {

    private String findUserDN(String user) throws Exception {
        SearchRequest request = new SearchRequest(userSearchBaseDn, scope.scope(), createEqualityFilter(userAttribute, encodeValue(user))
-                , Strings.EMPTY_ARRAY);
+                , SearchRequest.NO_ATTRIBUTES);
        request.setTimeLimitSeconds(Math.toIntExact(timeout.seconds()));
        LDAPConnectionPool connectionPool = connectionPool();
        SearchResultEntry entry = searchForEntry(connectionPool, request, logger);
--- a/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/authc/ldap/SearchGroupsResolver.java
+++ b/elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/authc/ldap/SearchGroupsResolver.java
@ -58,7 +58,8 @@ class SearchGroupsResolver implements GroupsResolver {

        String userId = userAttribute != null ? readUserAttribute(connection, userDn, timeout, logger) : userDn;
        try {
-            SearchRequest searchRequest = new SearchRequest(baseDn, scope.scope(), createFilter(filter, userId), Strings.EMPTY_ARRAY);
+            SearchRequest searchRequest = new SearchRequest(baseDn, scope.scope(), createFilter(filter, userId), 
+                    SearchRequest.NO_ATTRIBUTES);
            searchRequest.setTimeLimitSeconds(Math.toIntExact(timeout.seconds()));
            SearchResult results = search(connection, searchRequest, logger);
            for (SearchResultEntry entry : results.getSearchEntries()) {