ILIAS  Release_3_10_x_branch Revision 61812
 All Data Structures Namespaces Files Functions Variables Groups Pages
Public Member Functions | Protected Member Functions | Private Member Functions | Private Attributes
ilAuthLDAP Class Reference

Auth LDAP overwrites PEAR Auth to perform LDAP authentication with specific ILIAS options. More...

+ Inheritance diagram for ilAuthLDAP:
+ Collaboration diagram for ilAuthLDAP:

Public Member Functions

 ilAuthLDAP ($options= '')
 forceCreation ($a_status)
 Force creation of user accounts.

Protected Member Functions

 loginObserver ($a_username)
 Called from base class after successful login.
 failedLoginObserver ()
 Called from base class after failed login.
 extractUserName ($a_user_data)
 updateRequired ($a_username)
 Check if an update is required.

Private Member Functions

 initLDAPAttributeToUser ()
 Init LDAP attribute mapping.
 initServer ()
 initContainer ()
 Init overwritten.
 setCallbacks ()
 Set callback function for PEAR Auth.
 initLogObserver ()
 Init Log observer.

Private Attributes

 $ldap_server = null
 $ldap_container = null
 $ldap_attr_to_user = null
 $log = null
 $logCache = ''
 $force_creation = false

Detailed Description

Auth LDAP overwrites PEAR Auth to perform LDAP authentication with specific ILIAS options.

FIXME - Cass ilAuthContainerLDAP contains duplicates of the code of this class in the functions loginObserver, failedLoginObserver, and initLDAPAttributeToUser. If you do changes in these functions, you MUST do corresponding changes in ilAuthContainerLDAP. In a future revision of ILIAS, the class ilAuthLDAP should be removed.

Author
Stefan Meyer smeye.nosp@m.r@da.nosp@m.tabay.nosp@m..de
Version
$Id$

Definition at line 41 of file class.ilAuthLDAP.php.

Member Function Documentation

ilAuthLDAP::extractUserName (   $a_user_data)
protected
Parameters
arrayarray of user data
Returns
string ldap username

Definition at line 268 of file class.ilAuthLDAP.php.

References ilObjUser\_checkExternalAuthAccount().

Referenced by loginObserver().

{
$a_username = isset($a_user_data[strtolower($this->ldap_server->getUserAttribute())]) ?
$a_user_data[strtolower($this->ldap_server->getUserAttribute())] :
trim($a_user_data);
// Support for multiple user attributes
if(!is_array($a_username))
{
return $a_username;
}
foreach($a_username as $name)
{
// User found with authentication method 'ldap'
if(ilObjUser::_checkExternalAuthAccount("ldap",$name))
{
return trim($name);
}
}
// No existing user found => return first name
return $a_username[0];
}

+ Here is the call graph for this function:

+ Here is the caller graph for this function:

ilAuthLDAP::failedLoginObserver ( )
protected

Called from base class after failed login.

Parameters
stringusername

Definition at line 174 of file class.ilAuthLDAP.php.

References $ilLog.

{
global $ilLog;
$ilLog->write(__METHOD__.': login failed'.
', remote:'.$_SERVER['REMOTE_ADDR'].':'.$_SERVER['REMOTE_PORT'].
', server:'.$_SERVER['SERVER_ADDR'].':'.$_SERVER['SERVER_PORT']
);
if(!$this->ldap_container->enabledOptionalGroupCheck() and $this->ldap_server->isMembershipOptional())
{
$this->logout();
$this->ldap_container->enableOptionalGroupCheck();
$this->start();
}
}
ilAuthLDAP::forceCreation (   $a_status)

Force creation of user accounts.

public

Parameters
boolforce_creation

Definition at line 87 of file class.ilAuthLDAP.php.

{
$this->force_creation = true;
}
ilAuthLDAP::ilAuthLDAP (   $options = '')

Definition at line 52 of file class.ilAuthLDAP.php.

References $ilLog, initContainer(), initLogObserver(), initServer(), and setCallbacks().

{
global $ilLog;
$this->log = $ilLog;
// Read setting of LDAP server
$this->initServer();
$this->initContainer();
// BEGIN WebDAV: Constructor with parameters
if (is_array($options))
{
$options = array_merge($this->ldap_server->toPearAuthArray(), $options);
}
else
{
$options = $this->ldap_server->toPearAuthArray();
}
parent::Auth($this->ldap_container,$options,'',false);
// END WebDAV
$this->initLogObserver();
// Set callbacks
$this->setCallbacks();
}

+ Here is the call graph for this function:

ilAuthLDAP::initContainer ( )
private

Init overwritten.

private

Parameters

Definition at line 216 of file class.ilAuthLDAP.php.

Referenced by ilAuthLDAP().

{
include_once('Services/LDAP/classes/class.ilAuthContainerLDAP.php');
$this->ldap_container = new ilAuthContainerLDAP($this->ldap_server,$this->ldap_server->toPearAuthArray());
}

+ Here is the caller graph for this function:

ilAuthLDAP::initLDAPAttributeToUser ( )
private

Init LDAP attribute mapping.

private

Definition at line 196 of file class.ilAuthLDAP.php.

Referenced by loginObserver().

{
include_once('Services/LDAP/classes/class.ilLDAPAttributeToUser.php');
$this->ldap_attr_to_user = new ilLDAPAttributeToUser($this->ldap_server);
}

+ Here is the caller graph for this function:

ilAuthLDAP::initLogObserver ( )
private

Init Log observer.

private

Parameters

Definition at line 239 of file class.ilAuthLDAP.php.

References $ilLog.

Referenced by ilAuthLDAP().

{
global $ilLog;
if(!method_exists($this,'attachLogObserver'))
{
$ilLog->write(__METHOD__.': PEAR Auth < 1.5 => disabling logging.');
return false;
}
if(@include_once('Log.php'))
{
if(@include_once('Log/observer.php'))
{
$ilLog->write(__METHOD__.': Attached Logging observer.');
include_once('Services/LDAP/classes/class.ilAuthLDAPLogObserver.php');
$this->attachLogObserver(new ilAuthLDAPLogObserver(AUTH_LOG_DEBUG));
return true;
}
}
$ilLog->write(__METHOD__.': PEAR Log not installed. Logging disabled');
}

+ Here is the caller graph for this function:

ilAuthLDAP::initServer ( )
private

Definition at line 202 of file class.ilAuthLDAP.php.

References ilLDAPServer\_getFirstActiveServer().

Referenced by ilAuthLDAP().

{
include_once 'Services/LDAP/classes/class.ilLDAPServer.php';
$this->ldap_server = new ilLDAPServer(ilLDAPServer::_getFirstActiveServer());
$this->ldap_server->doConnectionCheck();
}

+ Here is the call graph for this function:

+ Here is the caller graph for this function:

ilAuthLDAP::loginObserver (   $a_username)
protected

Called from base class after successful login.

Parameters
stringusername

Definition at line 97 of file class.ilAuthLDAP.php.

References $_SESSION, $force_creation, $ilBench, $ilLog, ilObjUser\_checkExternalAuthAccount(), ilLDAPRoleAssignments\_getInstanceByServer(), AUTH_LDAP_NO_ILIAS_USER, extractUserName(), initLDAPAttributeToUser(), ilUtil\redirect(), and updateRequired().

{
global $ilBench,$ilLog;
$ilLog->write(__METHOD__.': logged in as '.$a_username.
', remote:'.$_SERVER['REMOTE_ADDR'].':'.$_SERVER['REMOTE_PORT'].
', server:'.$_SERVER['SERVER_ADDR'].':'.$_SERVER['SERVER_PORT']
);
$ilBench->start('Auth','LDAPLoginObserver');
$user_data = array_change_key_case($this->getAuthData(),CASE_LOWER);
$a_username = $this->extractUserName($user_data);
$user_data['ilInternalAccount'] = ilObjUser::_checkExternalAuthAccount("ldap",$a_username);
$users[$a_username] = $user_data;
if($this->ldap_server->enabledSyncOnLogin())
{
if(!$user_data['ilInternalAccount'] and $this->ldap_server->isAccountMigrationEnabled() and !$this->force_creation)
{
$this->logout();
$_SESSION['tmp_auth_mode'] = 'ldap';
$_SESSION['tmp_external_account'] = $a_username;
$_SESSION['tmp_pass'] = $_POST['password'];
include_once('./Services/LDAP/classes/class.ilLDAPRoleAssignments.php');
$role_ass = ilLDAPRoleAssignments::_getInstanceByServer($this->ldap_server);
$role_inf = $role_ass->assignedRoles($a_username,$user_data);
$_SESSION['tmp_roles'] = array();
foreach($role_inf as $info)
{
$_SESSION['tmp_roles'][] = $info['id'];
}
$ilBench->stop('Auth','LDAPLoginObserver');
ilUtil::redirect('ilias.php?baseClass=ilStartUpGUI&cmdClass=ilstartupgui&cmd=showAccountMigration');
}
// Refresh or create user data
$ilBench->start('Auth','LDAPUserSynchronization');
if($this->updateRequired($a_username))
{
#$GLOBALS['ilLog']->write(__METHOD__.': Starting update');
$this->initLDAPAttributeToUser();
$this->ldap_attr_to_user->setUserData($users);
$this->ldap_attr_to_user->refresh();
$user_data['ilInternalAccount'] = ilObjUser::_checkExternalAuthAccount("ldap",$a_username);
}
else
{
// User exists and no update required
$user_data['ilInternalAccount'] = ilObjUser::_checkExternalAuthAccount("ldap",$a_username);
}
$ilBench->stop('Auth','LDAPUserSynchronization');
}
if(!$user_data['ilInternalAccount'])
{
// No syncronisation allowed => create Error
$this->status = AUTH_LDAP_NO_ILIAS_USER;
$this->logout();
$ilBench->stop('Auth','LDAPLoginObserver');
return;
}
// Finally setAuth
$this->setAuth($user_data['ilInternalAccount']);
$ilBench->stop('Auth','LDAPLoginObserver');
return;
}

+ Here is the call graph for this function:

ilAuthLDAP::setCallbacks ( )
private

Set callback function for PEAR Auth.

Definition at line 226 of file class.ilAuthLDAP.php.

Referenced by ilAuthLDAP().

{
$this->setLoginCallback(array($this,'loginObserver'));
$this->setFailedLoginCallback(array($this,'failedLoginObserver'));
}

+ Here is the caller graph for this function:

ilAuthLDAP::updateRequired (   $a_username)
protected

Check if an update is required.

Returns
Parameters
string$a_username

Definition at line 296 of file class.ilAuthLDAP.php.

References ilObjUser\_checkExternalAuthAccount(), and ilLDAPAttributeMapping\hasRulesForUpdate().

Referenced by loginObserver().

{
if(!ilObjUser::_checkExternalAuthAccount("ldap",$a_username))
{
return true;
}
// Check attribute mapping on login
include_once './Services/LDAP/classes/class.ilLDAPAttributeMapping.php';
if(ilLDAPAttributeMapping::hasRulesForUpdate($this->ldap_server->getServerId()))
{
return true;
}
return false;
}

+ Here is the call graph for this function:

+ Here is the caller graph for this function:

Field Documentation

ilAuthLDAP::$force_creation = false
private

Definition at line 49 of file class.ilAuthLDAP.php.

Referenced by loginObserver().

ilAuthLDAP::$ldap_attr_to_user = null
private

Definition at line 45 of file class.ilAuthLDAP.php.

ilAuthLDAP::$ldap_container = null
private

Definition at line 44 of file class.ilAuthLDAP.php.

ilAuthLDAP::$ldap_server = null
private

Definition at line 43 of file class.ilAuthLDAP.php.

ilAuthLDAP::$log = null
private

Definition at line 46 of file class.ilAuthLDAP.php.

ilAuthLDAP::$logCache = ''
private

Definition at line 47 of file class.ilAuthLDAP.php.

The documentation for this class was generated from the following file: