ILIAS  Release_3_10_x_branch Revision 61812
 All Data Structures Namespaces Files Functions Variables Groups Pages
class.ilLDAPServer.php
Go to the documentation of this file.
1 <?php
2 
3 /*
4  +-----------------------------------------------------------------------------+
5  | ILIAS open source |
6  +-----------------------------------------------------------------------------+
7  | Copyright (c) 1998-2006 ILIAS open source, University of Cologne |
8  | |
9  | This program is free software; you can redistribute it and/or |
10  | modify it under the terms of the GNU General Public License |
11  | as published by the Free Software Foundation; either version 2 |
12  | of the License, or (at your option) any later version. |
13  | |
14  | This program is distributed in the hope that it will be useful, |
15  | but WITHOUT ANY WARRANTY; without even the implied warranty of |
16  | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
17  | GNU General Public License for more details. |
18  | |
19  | You should have received a copy of the GNU General Public License |
20  | along with this program; if not, write to the Free Software |
21  | Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. |
22  +-----------------------------------------------------------------------------+
23 */
24 
25 define('IL_LDAP_BIND_ANONYMOUS',0);
26 define('IL_LDAP_BIND_USER',1);
27 
28 define('IL_LDAP_SCOPE_SUB',0);
29 define('IL_LDAP_SCOPE_ONE',1);
30 define('IL_LDAP_SCOPE_BASE',2);
31 
44 class ilLDAPServer
45 {
46  const DEBUG = false;
47  const DEFAULT_VERSION = 3;
48 
49  private $server_id = null;
50  private $fallback_urls = array();
51 
52  public function __construct($a_server_id = 0)
53  {
54  global $ilDB,$lng;
55 
56  $this->db = $ilDB;
57  $this->lng = $lng;
58  $this->server_id = $a_server_id;
59 
60  $this->read();
61  }
62 
68  public static function _getActiveServerList()
69  {
70  global $ilDB;
71 
72  $query = "SELECT server_id FROM ldap_server_settings ".
73  "WHERE active = 1 ".
74  "ORDER BY name ";
75  $res = $ilDB->query($query);
76  while($row = $res->fetchRow(DB_FETCHMODE_OBJECT))
77  {
78  $server_ids[] = $row->server_id;
79  }
80  return $server_ids ? $server_ids : array();
81  }
82 
88  public static function _getCronServerIds()
89  {
90  global $ilDB;
91 
92  $query = "SELECT server_id FROM ldap_server_settings ".
93  "WHERE active = 1 ".
94  "AND sync_per_cron = 1 ".
95  "ORDER BY name";
96 
97  $res = $ilDB->query($query);
98  while($row = $res->fetchRow(DB_FETCHMODE_OBJECT))
99  {
100  $server_ids[] = $row->server_id;
101  }
102  return $server_ids ? $server_ids : array();
103  }
104 
112  public static function _getRoleSyncServerIds()
113  {
114  global $ilDB;
115 
116  $query = "SELECT server_id FROM ldap_server_settings ".
117  "WHERE active = 1 ".
118  "AND role_sync_active = 1 ";
119  $res = $ilDB->query($query);
120  while($row = $res->fetchRow(DB_FETCHMODE_OBJECT))
121  {
122  $server_ids[] = $row->server_id;
123  }
124  return $server_ids ? $server_ids : array();
125  }
126 
134  public static function _getPasswordServers()
135  {
136  return ilLDAPServer::_getActiveServerList();
137  }
138 
139 
145  public static function _getFirstActiveServer()
146  {
147  $servers = ilLDAPServer::_getActiveServerList();
148  if(count($servers))
149  {
150  return $servers[0];
151  }
152  return 0;
153  }
154 
160  public static function _getServerList()
161  {
162  global $ilDB;
163 
164  $query = "SELECT server_id FROM ldap_server_settings ORDER BY name";
165  $res = $ilDB->query($query);
166  while($row = $res->fetchRow(DB_FETCHMODE_OBJECT))
167  {
168  $server_ids[] = $row->server_id;
169  }
170  return $server_ids ? $server_ids : array();
171  }
172 
173  /*
174  * Get first server id
175  *
176  * @return integer server_id
177  */
178  public static function _getFirstServer()
179  {
180  $servers = ilLDAPServer::_getServerList();
181 
182  if(count($servers))
183  {
184  return $servers[0];
185  }
186  return 0;
187  }
188 
189  // Set/Get
190  public function getServerId()
191  {
192  return $this->server_id;
193  }
194 
195 
196  public function toggleActive($a_status)
197  {
198  $this->active = $a_status;
199  }
200  public function isActive()
201  {
202  return $this->active;
203  }
204  public function getUrl()
205  {
206  return $this->url;
207  }
208  public function setUrl($a_url)
209  {
210  $this->url_string = $a_url;
211 
212  // Maybe there are more than one url's (comma seperated).
213  $urls = explode(',',$a_url);
214 
215  $counter = 0;
216  foreach($urls as $url)
217  {
218  $url = trim($url);
219  if(!$counter++)
220  {
221  $this->url = $url;
222  }
223  else
224  {
225  $this->fallback_urls[] = $url;
226  }
227  }
228  }
229  public function getUrlString()
230  {
231  return $this->url_string;
232  }
233 
241  public function doConnectionCheck()
242  {
243  global $ilLog;
244 
245  include_once('Services/LDAP/classes/class.ilLDAPQuery.php');
246 
247  foreach(array_merge(array(0 => $this->url),$this->fallback_urls) as $url)
248  {
249  try
250  {
251  // Need to do a full bind, since openldap return valid connection links for invalid hosts
252  $query = new ilLDAPQuery($this,$url);
253  $query->bind();
254  $this->url = $url;
255  $ilLog->write(__METHOD__.': Using url: '.$url.'.');
256  return true;
257  }
258  catch(ilLDAPQueryException $exc)
259  {
260  $ilLog->write(__METHOD__.': Cannot connect to LDAP server: '.$url.'. Trying fallback...');
261  }
262  }
263  $ilLog->write(__METHOD__.': No valid LDAP server found.');
264  return false;
265  }
266 
267 
268  public function getName()
269  {
270  return $this->name;
271  }
272  public function setName($a_name)
273  {
274  $this->name = $a_name;
275  }
276  public function getVersion()
277  {
278  return $this->version ? $this->version : self::DEFAULT_VERSION;
279  }
280  public function setVersion($a_version)
281  {
282  $this->version = $a_version;
283  }
284  public function getBaseDN()
285  {
286  return $this->base_dn;
287  }
288  public function setBaseDN($a_base_dn)
289  {
290  $this->base_dn = $a_base_dn;
291  }
292  public function isActiveReferrer()
293  {
294  return $this->referrals ? true : false;
295  }
296  public function toggleReferrer($a_status)
297  {
298  $this->referrals = $a_status;
299  }
300  public function isActiveTLS()
301  {
302  return $this->tls ? true : false;
303  }
304  public function toggleTLS($a_status)
305  {
306  $this->tls = $a_status;
307  }
308  public function getBindingType()
309  {
310  return $this->binding_type;
311  }
312  public function setBindingType($a_type)
313  {
314  if($a_type == IL_LDAP_BIND_USER)
315  {
316  $this->binding_type = IL_LDAP_BIND_USER;
317  }
318  else
319  {
320  $this->binding_type = IL_LDAP_BIND_ANONYMOUS;
321  }
322  }
323  public function getBindUser()
324  {
325  return $this->bind_user;
326  }
327  public function setBindUser($a_user)
328  {
329  $this->bind_user = $a_user;
330  }
331  public function getBindPassword()
332  {
333  return $this->bind_password;
334  }
335  public function setBindPassword($a_password)
336  {
337  $this->bind_password = $a_password;
338  }
339  public function getSearchBase()
340  {
341  return $this->search_base;
342  }
343  public function setSearchBase($a_search_base)
344  {
345  $this->search_base = $a_search_base;
346  }
347  public function getUserAttribute()
348  {
349  return $this->user_attribute;
350  }
351  public function setUserAttribute($a_user_attr)
352  {
353  $this->user_attribute = $a_user_attr;
354  }
355  public function getFilter()
356  {
357  return $this->prepareFilter($this->filter);
358  }
359  public function setFilter($a_filter)
360  {
361  $this->filter = $a_filter;
362  }
363  public function getGroupDN()
364  {
365  return $this->group_dn;
366  }
367  public function setGroupDN($a_value)
368  {
369  $this->group_dn = $a_value;
370  }
371  public function getGroupFilter()
372  {
373  return $this->prepareFilter($this->group_filter);
374  }
375  public function setGroupFilter($a_value)
376  {
377  $this->group_filter = $a_value;
378  }
379  public function getGroupMember()
380  {
381  return $this->group_member;
382  }
383  public function setGroupMember($a_value)
384  {
385  $this->group_member = $a_value;
386  }
387  public function getGroupName()
388  {
389  return $this->group_name;
390  }
391  public function setGroupName($a_value)
392  {
393  $this->group_name = $a_value;
394  }
402  public function getGroupNames()
403  {
404  $names = explode(',',$this->getGroupName());
405 
406  if(!is_array($names))
407  {
408  return array();
409  }
410  foreach($names as $name)
411  {
412  $new_names[] = trim($name);
413  }
414  return $new_names;
415  }
416 
417 
418  public function getGroupAttribute()
419  {
420  return $this->group_attribute;
421  }
422  public function setGroupAttribute($a_value)
423  {
424  $this->group_attribute = $a_value;
425  }
426 
427  public function toggleMembershipOptional($a_status)
428  {
429  $this->group_optional = (bool) $a_status;
430  }
431  public function isMembershipOptional()
432  {
433  return (bool) $this->group_optional;
434  }
435  public function setGroupUserFilter($a_filter)
436  {
437  $this->group_user_filter = $a_filter;
438  }
439  public function getGroupUserFilter()
440  {
441  return $this->group_user_filter;
442  }
443 
444  public function enabledGroupMemberIsDN()
445  {
446  return (bool) $this->memberisdn;
447  }
448  public function enableGroupMemberIsDN($a_value)
449  {
450  $this->memberisdn = (bool) $a_value;
451  }
452  public function setGroupScope($a_value)
453  {
454  $this->group_scope = $a_value;
455  }
456  public function getGroupScope()
457  {
458  return $this->group_scope;
459  }
460  public function setUserScope($a_value)
461  {
462  $this->user_scope = $a_value;
463  }
464  public function getUserScope()
465  {
466  return $this->user_scope;
467  }
468  public function enabledSyncOnLogin()
469  {
470  return $this->sync_on_login;
471  }
472  public function enableSyncOnLogin($a_value)
473  {
474  $this->sync_on_login = (int) $a_value;
475  }
476  public function enabledSyncPerCron()
477  {
478  return $this->sync_per_cron;
479  }
480  public function enableSyncPerCron($a_value)
481  {
482  $this->sync_per_cron = (int) $a_value;
483  }
484  public function setGlobalRole($a_role)
485  {
486  $this->global_role = $a_role;
487  }
488  public function getRoleBindDN()
489  {
490  return $this->role_bind_dn;
491  }
492  public function setRoleBindDN($a_value)
493  {
494  $this->role_bind_dn = $a_value;
495  }
496  public function getRoleBindPassword()
497  {
498  return $this->role_bind_pass;
499  }
500  public function setRoleBindPassword($a_value)
501  {
502  $this->role_bind_pass = $a_value;
503  }
504  public function enabledRoleSynchronization()
505  {
506  return $this->role_sync_active;
507  }
508  public function enableRoleSynchronization($a_value)
509  {
510  $this->role_sync_active = $a_value;
511  }
512 
520  public function enableAccountMigration($a_status)
521  {
522  $this->account_migration = $a_status;
523  }
524 
531  public function isAccountMigrationEnabled()
532  {
533  return $this->account_migration ? true : false;
534  }
535 
536 
542  public function validate()
543  {
544  global $ilErr;
545 
546  $ilErr->setMessage('');
547  if(!strlen($this->getName()) ||
548  !strlen($this->getUrl()) ||
549  !strlen($this->getBaseDN()) ||
550  !strlen($this->getUserAttribute()))
551  {
552  $ilErr->setMessage($this->lng->txt('fill_out_all_required_fields'));
553  }
554 
555  if($this->getBindingType() == IL_LDAP_BIND_USER
556  && (!strlen($this->getBindUser()) || !strlen($this->getBindPassword())))
557  {
558  $ilErr->appendMessage($this->lng->txt('ldap_missing_bind_user'));
559  }
560 
561  if(($this->enabledSyncPerCron() or $this->enabledSyncOnLogin()) and !$this->global_role)
562  {
563  $ilErr->appendMessage($this->lng->txt('ldap_missing_role_assignment'));
564  }
565  if($this->getVersion() == 2 and $this->isActiveTLS())
566  {
567  $ilErr->appendMessage($this->lng->txt('ldap_tls_conflict'));
568  }
569 
570  return strlen($ilErr->getMessage()) ? false : true;
571  }
572 
573  public function create()
574  {
575  $query = "INSERT INTO ldap_server_settings SET ".
576  "active = ".$this->db->quote($this->isActive()).", ".
577  "name = ".$this->db->quote($this->getName()).", ".
578  "url = ".$this->db->quote($this->getUrlString()).", ".
579  "version = ".$this->db->quote($this->getVersion()).", ".
580  "base_dn = ".$this->db->quote($this->getBaseDN()).", ".
581  "referrals = ".$this->db->quote($this->isActiveReferrer()).", ".
582  "tls = ".$this->db->quote($this->isActiveTLS()).", ".
583  "bind_type = ".$this->db->quote($this->getBindingType()).", ".
584  "bind_user = ".$this->db->quote($this->getBindUser()).", ".
585  "bind_pass = ".$this->db->quote($this->getBindPassword()).", ".
586  "search_base = ".$this->db->quote($this->getSearchBase()).", ".
587  "user_scope = ".$this->db->quote($this->getUserScope()).", ".
588  "user_attribute = ".$this->db->quote($this->getUserAttribute()).", ".
589  "filter = ".$this->db->quote($this->getFilter())." ";
590  "group_dn = ".$this->db->quote($this->getGroupDN()).", ".
591  "group_scope = ".$this->db->quote($this->getGroupScope()).", ".
592  "group_filter = ".$this->db->quote($this->getGroupFilter()).", ".
593  "group_member = ".$this->db->quote($this->getGroupMember()).", ".
594  "group_memberisdn =".$this->db->quote((int) $this->enabledGroupMemberIsDN()).", ".
595  "group_name = ".$this->db->quote($this->getGroupName()).", ".
596  "group_attribute = ".$this->db->quote($this->getGroupAttribute()).", ".
597  "group_optional = ".$this->db->quote((int) $this->isMembershipOptional()).", ".
598  "group_user_filter = ".$this->db->quote($this->getGroupUserFilter()).", ".
599  "sync_on_login = ".$this->db->quote($this->enabledSyncOnLogin() ? 1 : 0).", ".
600  "sync_per_cron = ".$this->db->quote($this->enabledSyncPerCron() ? 1 : 0).", ".
601  "role_sync_active = ".$this->db->quote($this->enabledRoleSynchronization()).", ".
602  "role_bind_dn = ".$this->db->quote($this->getRoleBindDN()).", ".
603  "role_bind_pass = ".$this->db->quote($this->getRoleBindPassword())." ";
604 
605 
606 
607 
608  $this->db->query($query);
609  return $this->db->getLastInsertId();
610  }
611 
612  public function update()
613  {
614  $query = "UPDATE ldap_server_settings SET ".
615  "active = ".$this->db->quote($this->isActive()).", ".
616  "name = ".$this->db->quote($this->getName()).", ".
617  "url = ".$this->db->quote($this->getUrlString()).", ".
618  "version = ".$this->db->quote($this->getVersion()).", ".
619  "base_dn = ".$this->db->quote($this->getBaseDN()).", ".
620  "referrals = ".$this->db->quote($this->isActiveReferrer()).", ".
621  "tls = ".$this->db->quote($this->isActiveTLS()).", ".
622  "bind_type = ".$this->db->quote($this->getBindingType()).", ".
623  "bind_user = ".$this->db->quote($this->getBindUser()).", ".
624  "bind_pass = ".$this->db->quote($this->getBindPassword()).", ".
625  "search_base = ".$this->db->quote($this->getSearchBase()).", ".
626  "user_scope = ".$this->db->quote($this->getUserScope()).", ".
627  "user_attribute = ".$this->db->quote($this->getUserAttribute()).", ".
628  "filter = ".$this->db->quote($this->getFilter()).", ".
629  "group_dn = ".$this->db->quote($this->getGroupDN()).", ".
630  "group_scope = ".$this->db->quote($this->getGroupScope()).", ".
631  "group_filter = ".$this->db->quote($this->getGroupFilter()).", ".
632  "group_member = ".$this->db->quote($this->getGroupMember()).", ".
633  "group_memberisdn =".$this->db->quote((int) $this->enabledGroupMemberIsDN()).", ".
634  "group_name = ".$this->db->quote($this->getGroupName()).", ".
635  "group_attribute = ".$this->db->quote($this->getGroupAttribute()).", ".
636  "group_optional = ".$this->db->quote((int) $this->isMembershipOptional()).", ".
637  "group_user_filter = ".$this->db->quote($this->getGroupUserFilter()).", ".
638  "sync_on_login = ".$this->db->quote($this->enabledSyncOnLogin() ? 1 : 0).", ".
639  "sync_per_cron = ".$this->db->quote($this->enabledSyncPerCron() ? 1 : 0).", ".
640  "role_sync_active = ".$this->db->quote($this->enabledRoleSynchronization()).", ".
641  "role_bind_dn = ".$this->db->quote($this->getRoleBindDN()).", ".
642  "role_bind_pass = ".$this->db->quote($this->getRoleBindPassword())." ".
643  "WHERE server_id = ".$this->db->quote($this->getServerId());
644 
645  $this->db->query($query);
646  return true;
647  }
648 
654  public function toPearAuthArray()
655  {
656  $options = array(
657  'url' => $this->getUrl(),
658  'version' => (int) $this->getVersion(),
659  'referrals' => (bool) $this->isActiveReferrer());
660 
661  if($this->getBindingType() == IL_LDAP_BIND_USER)
662  {
663  $options['binddn'] = $this->getBindUser();
664  $options['bindpw'] = $this->getBindPassword();
665  }
666  $options['basedn'] = $this->getBaseDN();
667  $options['start_tls'] = (bool) $this->isActiveTLS();
668  $options['userdn'] = $this->getSearchBase();
669  switch($this->getUserScope())
670  {
671  case IL_LDAP_SCOPE_ONE:
672  $options['userscope'] = 'one';
673  break;
674  default:
675  $options['userscope'] = 'sub';
676  break;
677  }
678 
679  $options['userattr'] = $this->getUserAttribute();
680  $options['userfilter'] = $this->getFilter();
681  $options['attributes'] = $this->getPearAtributeArray();
682  $options['debug'] = self::DEBUG;
683 
684  if(@include_once('Log.php'))
685  {
686  if(@include_once('Log/observer.php'))
687  {
688  $options['enableLogging'] = true;
689  }
690  }
691  switch($this->getGroupScope())
692  {
693  case IL_LDAP_SCOPE_BASE:
694  $options['groupscope'] = 'base';
695  break;
696  case IL_LDAP_SCOPE_ONE:
697  $options['groupscope'] = 'one';
698  break;
699  default:
700  $options['groupscope'] = 'sub';
701  break;
702  }
703  $options['groupdn'] = $this->getGroupDN();
704  $options['groupattr'] = $this->getGroupAttribute();
705  $options['groupfilter'] = $this->getGroupFilter();
706  $options['memberattr'] = $this->getGroupMember();
707  $options['memberisdn'] = $this->enabledGroupMemberIsDN();
708  $options['group'] = $this->getGroupName();
709 
710 
711  return $options;
712  }
713 
721  private function prepareFilter($a_filter)
722  {
723  $filter = trim($a_filter);
724 
725  if(!strlen($filter))
726  {
727  return $filter;
728  }
729 
730  if(strpos($filter,'(') !== 0)
731  {
732  $filter = ('('.$filter);
733  }
734  if(substr($filter,-1) != ')')
735  {
736  $filter = ($filter.')');
737  }
738  return $filter;
739  }
740 
748  private function getPearAtributeArray()
749  {
750  if($this->enabledSyncOnLogin())
751  {
752  include_once('Services/LDAP/classes/class.ilLDAPAttributeMapping.php');
753  include_once('Services/LDAP/classes/class.ilLDAPRoleAssignments.php');
754  $mapping = ilLDAPAttributeMapping::_getInstanceByServerId($this->getServerId());
755  return array_merge(array($this->getUserAttribute()),
756  $mapping->getFields(),
757  array('dn'),
758  ilLDAPRoleAssignments::_getDistinctAttributeNamesByServerId($this->getServerId()));
759  }
760  else
761  {
762  return array($this->getUserAttribute());
763  }
764  }
765 
766 
767 
772  private function read()
773  {
774  if(!$this->server_id)
775  {
776  return true;
777  }
778  $query = "SELECT * FROM ldap_server_settings WHERE server_id = ".$this->db->quote($this->server_id)."";
779 # var_dump("<pre>",$query,"</pre>");
780 
781  $res = $this->db->query($query);
782  while($row = $res->fetchRow(DB_FETCHMODE_OBJECT))
783  {
784  $this->toggleActive($row->active);
785  $this->setName($row->name);
786  $this->setUrl($row->url);
787  $this->setVersion($row->version);
788  $this->setBaseDN($row->base_dn);
789  $this->toggleReferrer($row->referrals);
790  $this->toggleTLS($row->tls);
791  $this->setBindingType($row->bind_type);
792  $this->setBindUser($row->bind_user);
793  $this->setBindPassword($row->bind_pass);
794  $this->setSearchBase($row->search_base);
795  $this->setUserScope($row->user_scope);
796  $this->setUserAttribute($row->user_attribute);
797  $this->setFilter($row->filter);
798  $this->setGroupDN($row->group_dn);
799  $this->setGroupScope($row->group_scope);
800  $this->setGroupFilter($row->group_filter);
801  $this->setGroupMember($row->group_member);
802  $this->setGroupAttribute($row->group_attribute);
803  $this->toggleMembershipOptional($row->group_optional);
804  $this->setGroupUserFilter($row->group_user_filter);
805  $this->enableGroupMemberIsDN($row->group_memberisdn);
806  $this->setGroupName($row->group_name);
807  $this->enableSyncOnLogin($row->sync_on_login);
808  $this->enableSyncPerCron($row->sync_per_cron);
809  $this->enableRoleSynchronization($row->role_sync_active);
810  $this->setRoleBindDN($row->role_bind_dn);
811  $this->setRoleBindPassword($row->role_bind_pass);
812  }
813  }
814 }
815 ?>