I did not fix all the DB problems in search, there are too many there for me to be prepared to clean up other people's mess.
(For once, it was not me making this mistake ;-))
Both CAS and LDAP auth plugins open new connections to the LDAP server
to get the user account details. While this is the desired behaviour
for regular logins (we probably don't have an already open connection
to the LDAP server), this is a ressource hog when we are doing user
synchronization, as the closed connections remain in the TCP_WAIT
state for a while before the server can reuse them. If we are syncing
a lot of users, we can make the server run out of available TCP
ressources.
So we cache the connection the first time we establish it and return
the same connection handle everytime, unless we've closed all the
'open' connections, or the auth object is destroyed.
In addition to that, there were a few missing calls to ldap_close().
These include:
MDL-14078: redirect() doubles the specified timeout when we haven't printed
the page header and uses javascript to execute the redirect. This
is interacting badly with some versions of IE and FF (at least
3.0.x Windows version) that fireup javascript timers even if
we already left the page where we set those up. Just print
the page header (we are printing other content anyway) to
make redirect respect our timeouts.
MDL-14071: All the relevant details are in the description of the bug :)
MDL-14297: This is probably the same as MDL-14078
Merged from MOODLE_18_STABLE
If we are using auth_ldap_sync_users.php to synchronize our users, and we
have a database which is case-sensitive when doing comparisons (Postgres and
Oracle at least), and any of our users has the vale of the username attribute
in mixed-case (like 'John Smith'), we get duplicated users.
This is because we don't make sure the username attribute value is 'lowercased'
after we retrive it from the LDAP server and before we insert it into the
database.
* Added support for CHAP and MSCHAP authentication schemes
contributed by Stanislav Tsymbalov http://www.tsymbalov.net/
original code at http://sourceforge.net/projects/moodleradius/
* Tweak the detection of PHP RADIUS extension and Pear code
* Update the warning notices to use more Moodly CSS classes
lib/pear: Add RADIUS and CHAP PEAR libs
* Add PEAR Auth_RADIUS and Crypt_CHAP packages to lib/pear
Author: Jonathan Harker <jonathan@catalyst.net.nz>
Merged from MOODLE_18_STABLE.
The fix is wrong, as it breaks auth_db_sync_users.php and
auth_ldap_sync_users.php at least. No new users are added to Moodle, as the
username is missing from the new user info record.
The fix needs to go into update_user_record() in lib/moodlelib.php to make it
skip the 'username' key, as we really need get_userinfo() to return the
username as part of the user info array.
It doesn't make sense at all (username is not part of the externally mapped
fields) and produces a notice that breaks HTTP headers with debugging enabled.
