From e192df1880c7ae3d2cd55cd028945decfe610737 Mon Sep 17 00:00:00 2001
From: Daniel Berteaud <daniel@firewall-services.com>
Date: Fri, 18 May 2012 15:12:47 +0200
Subject: [PATCH] optimize udpate-reverse-group

---
 .../e-smith/events/actions/update-reverse-group    | 44 +++++++++++-----------
 1 file changed, 23 insertions(+), 21 deletions(-)

diff --git a/root/etc/e-smith/events/actions/update-reverse-group b/root/etc/e-smith/events/actions/update-reverse-group
index b83870a..28a1aa6 100644
--- a/root/etc/e-smith/events/actions/update-reverse-group
+++ b/root/etc/e-smith/events/actions/update-reverse-group
@@ -39,14 +39,12 @@ my $i = $c->get('ipasserelle');
 my $ip = $i->prop('status') || 'disabled';
 my $reverse = $i->prop('LdapReverseGroups') || 'disabled';
 
-if (($ip eq 'disabled') || ($reverse eq 'disabled')){
-    exit (0);
-}
+exit (0) if (($ip eq 'disabled') || ($reverse eq 'disabled')){
+
 
 my $l = $c->get('ldap');
 my $status = $l->prop('status') || "disabled";
-unless ($status eq "enabled" )
-{
+unless ($status eq "enabled" ){
     warn "Not running action script $0, LDAP service not enabled!\n";
     exit(0);
 }
@@ -64,18 +62,15 @@ my $account;
 my $event = shift || die "Event name must be specified";
 if ($event eq 'ldap-update' or
     $event eq 'bootstrap-ldap-save' or
-    $event =~ m/group\-(create|modify|delete)/)
-{
+    $event =~ m/group\-(create|modify|delete)/){
     @accounts = ($a->users);
     push(@accounts, $a->get('admin'));
 }
-else
-{
+else{
     my @name = @ARGV;
     die "Account name argument missing." unless scalar (@name) >= 1;
 
-    foreach my $name (@name)
-    {
+    foreach my $name (@name){
         $account = $a->get($name);
         die "Account $name not found.\n" unless defined $account;
         my $type = $account->prop('type') || "unknown";
@@ -89,8 +84,7 @@ else
 my $base = esmith::util::ldapBase ($domain);
 my $pw = esmith::util::LdapPassword();
 
-my $ldap = Net::LDAP->new('localhost')
-    or die "$@";
+my $ldap = Net::LDAP->new('localhost') or die "$@";
 
 $ldap->bind(
     dn => "cn=root,$base",
@@ -98,8 +92,7 @@ $ldap->bind(
 );
 
 my $result;
-foreach my $acct (@accounts)
-{
+foreach my $acct (@accounts){   
     my $key = $acct->key;
 
     # Ensure this account has the iPasserelleUser objectclass
@@ -110,30 +103,39 @@ foreach my $acct (@accounts)
                              );
     $result->code && warn "Error looking for entry uid=$key,ou=Users,$base: ", $result->error;
     my @oc = ();
+    my @oldgroups = ();
     foreach my $entry ($result->all_entries()){
         push @oc, $entry->get_value('objectClass');
+        push @oldgroups, $entry->get_value('posixMemberOf');
     }
 
-    push @oc, 'iPasserelleUser' unless (grep { $_ =~ /iPasserelleUser/i } @oc);
+    unless (grep { $_ =~ /iPasserelleUser/i } @oc){
+        push @oc, 'iPasserelleUser';
 
-    $result = $ldap->modify(
+        $result = $ldap->modify(
                      "uid=$key,ou=Users,$base",
                          replace => {
                              objectClass => \@oc
                          }
               );
-    $result->code && warn "failed to modify entry uid=$key,ou=Users,$base: ", $result->error;
-
+        $result->code && warn "failed to modify entry uid=$key,ou=Users,$base: ", $result->error;
+    }
 
     my @groups = $a->user_group_list($key);
+    @oldgroups = sort @oldgroups;
+    @groups = sort @groups;
+    my $oldgroups = join('\0', @oldgroups);
+    my $groups = join('\0', @groups);
 
-    $result = $ldap->modify(
+    unless ($oldgroups eq $groups){
+        $result = $ldap->modify(
                      "uid=$key,ou=Users,$base",
                          replace => {
                              posixMemberOf => \@groups
                          }
               );
-    $result->code && warn "failed to modify entry uid=$key,ou=Users,$base: ", $result->error;
+        $result->code && warn "failed to modify entry uid=$key,ou=Users,$base: ", $result->error;
+    }
 }
 
 $ldap->unbind;