ILIAS  Release_3_10_x_branch Revision 61812
 All Data Structures Namespaces Files Functions Variables Groups Pages
class.ilObjAuthSettingsGUI.php
Go to the documentation of this file.
1 <?php
2 /*
3  +-----------------------------------------------------------------------------+
4  | ILIAS open source |
5  +-----------------------------------------------------------------------------+
6  | Copyright (c) 1998-2006 ILIAS open source, University of Cologne |
7  | |
8  | This program is free software; you can redistribute it and/or |
9  | modify it under the terms of the GNU General Public License |
10  | as published by the Free Software Foundation; either version 2 |
11  | of the License, or (at your option) any later version. |
12  | |
13  | This program is distributed in the hope that it will be useful, |
14  | but WITHOUT ANY WARRANTY; without even the implied warranty of |
15  | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
16  | GNU General Public License for more details. |
17  | |
18  | You should have received a copy of the GNU General Public License |
19  | along with this program; if not, write to the Free Software |
20  | Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. |
21  +-----------------------------------------------------------------------------+
22 */
23 
36 require_once "./classes/class.ilObjectGUI.php";
37 
38 class ilObjAuthSettingsGUI extends ilObjectGUI
39 {
44  function ilObjAuthSettingsGUI($a_data,$a_id,$a_call_by_reference,$a_prepare_output = true)
45  {
46  $this->type = "auth";
47  $this->ilObjectGUI($a_data,$a_id,$a_call_by_reference,$a_prepare_output);
48 
49  $this->lng->loadLanguageModule('registration');
50 
51  define('LDAP_DEFAULT_PORT',389);
52  define('RADIUS_DEFAULT_PORT',1812);
53  }
54 
55  function viewObject()
56  {
57  // load ilRegistrationSettingsGUI
58 
59  include_once './Services/Registration/classes/class.ilRegistrationSettingsGUI.php';
60 
61  // Enable tabs
62  $this->tabs_gui->setTabActive('registration_settings');
63 
64  $registration_gui =& new ilRegistrationSettingsGUI();
65  $this->ctrl->setCmdClass('ilregistrationsettingsgui');
66  $this->ctrl->forwardCommand($registration_gui);
67  }
68 
69 
75  function authSettingsObject()
76  {
77  global $rbacsystem, $ilSetting;
78 
79  if (!$rbacsystem->checkAccess("visible,read",$this->object->getRefId()))
80  {
81  $this->ilias->raiseError($this->lng->txt("permission_denied"),$this->ilias->error_obj->MESSAGE);
82  }
83 
84  $this->tabs_gui->setTabActive('authentication_settings');
85  $this->setSubTabs('authSettings');
86  $this->tabs_gui->setSubTabActive("auth_settings");
87 
88  $this->getTemplateFile("general");
89 
90  $this->tpl->setVariable("FORMACTION", $this->ctrl->getFormAction($this));
91  $this->tpl->setVariable("TXT_AUTH_TITLE", $this->lng->txt("auth_select"));
92 
93  $this->tpl->setVariable("TXT_AUTH_MODE", $this->lng->txt("auth_mode"));
94  $this->tpl->setVariable("TXT_AUTH_DEFAULT", $this->lng->txt("default"));
95  $this->tpl->setVariable("TXT_AUTH_ACTIVE", $this->lng->txt("active"));
96  $this->tpl->setVariable("TXT_AUTH_NUM_USERS", $this->lng->txt("num_users"));
97 
98  $this->tpl->setVariable("TXT_LOCAL", $this->lng->txt("auth_local"));
99  $this->tpl->setVariable("TXT_LDAP", $this->lng->txt("auth_ldap"));
100  $this->tpl->setVariable("TXT_SHIB", $this->lng->txt("auth_shib"));
101 
102  $this->tpl->setVariable("TXT_CAS", $this->lng->txt("auth_cas"));
103 
104  $this->tpl->setVariable("TXT_RADIUS", $this->lng->txt("auth_radius"));
105  $this->tpl->setVariable("TXT_SCRIPT", $this->lng->txt("auth_script"));
106 
107  $auth_cnt = ilObjUser::_getNumberOfUsersPerAuthMode();
108  $auth_modes = ilAuthUtils::_getAllAuthModes();
109 
110  foreach($auth_modes as $mode => $mode_name)
111  {
112 //echo "-".$ilSetting->get('auth_mode')."-".$mode."-";
113  if ($ilSetting->get('auth_mode') == $mode)
114  {
115  $this->tpl->setVariable("NUM_".strtoupper($mode_name),
116  ((int) $auth_cnt[$mode_name] + $auth_cnt["default"])." (".$this->lng->txt("auth_per_default").
117  ": ".$auth_cnt["default"].")");
118  }
119  else
120  {
121  $this->tpl->setVariable("NUM_".strtoupper($mode_name),
122  (int) $auth_cnt[$mode_name]);
123  }
124  }
125 
126  $this->tpl->setVariable("TXT_CONFIGURE", $this->lng->txt("auth_configure"));
127  $this->tpl->setVariable("TXT_AUTH_REMARK", $this->lng->txt("auth_remark_non_local_auth"));
128  $this->tpl->setVariable("TXT_CANCEL", $this->lng->txt("cancel"));
129  $this->tpl->setVariable("TXT_SUBMIT", $this->lng->txt("save"));
130  $this->tpl->setVariable("CMD_SUBMIT", "setAuthMode");
131 
132  // local vars
133  $checked = "checked=\"checked\"";
134  $disabled = "disabled=\"disabled\"";
135  $style_disabled = "_disabled";
136 
137  // icon handlers
138  $icon_ok = "<img src=\"".ilUtil::getImagePath("icon_ok.gif")."\" alt=\"".$this->lng->txt("enabled")."\" title=\"".$this->lng->txt("enabled")."\" border=\"0\" vspace=\"0\"/>";
139  $icon_not_ok = "<img src=\"".ilUtil::getImagePath("icon_not_ok.gif")."\" alt=\"".$this->lng->txt("disabled")."\" title=\"".$this->lng->txt("disabled")."\" border=\"0\" vspace=\"0\"/>";
140 
141  $this->tpl->setVariable("AUTH_LOCAL_ACTIVE", $icon_ok);
142 
143  include_once('Services/LDAP/classes/class.ilLDAPServer.php');
144  $this->tpl->setVariable('AUTH_LDAP_ACTIVE',count(ilLDAPServer::_getActiveServerList()) ? $icon_ok : $icon_not_ok);
145  #$this->tpl->setVariable("AUTH_LDAP_ACTIVE", $this->ilias->getSetting('ldap_active') ? $icon_ok : $icon_not_ok);
146  $this->tpl->setVariable("AUTH_RADIUS_ACTIVE", $this->ilias->getSetting('radius_active') ? $icon_ok : $icon_not_ok);
147  $this->tpl->setVariable("AUTH_SHIB_ACTIVE", $this->ilias->getSetting('shib_active') ? $icon_ok : $icon_not_ok);
148  $this->tpl->setVariable("AUTH_SCRIPT_ACTIVE", $this->ilias->getSetting('script_active') ? $icon_ok : $icon_not_ok);
149  $this->tpl->setVariable("AUTH_CAS_ACTIVE", $this->ilias->getSetting('cas_active') ? $icon_ok : $icon_not_ok);
150 
151  // alter style and disable buttons depending on current selection
152  switch ($this->ilias->getSetting('auth_mode'))
153  {
154  case AUTH_LOCAL: // default
155  $this->tpl->setVariable("CHK_LOCAL", $checked);
156  break;
157 
158  case AUTH_LDAP: // LDAP
159  $this->tpl->setVariable("CHK_LDAP", $checked);
160  break;
161 
162  case AUTH_SHIBBOLETH: // SHIB
163  $this->tpl->setVariable("CHK_SHIB", $checked);
164  break;
165 
166  case AUTH_RADIUS: // RADIUS
167  $this->tpl->setVariable("CHK_RADIUS", $checked);
168  break;
169 
170  case AUTH_CAS: // CAS
171  $this->tpl->setVariable("CHK_CAS", $checked);
172  break;
173 
174  case AUTH_SCRIPT: // script
175  $this->tpl->setVariable("CHK_SCRIPT", $checked);
176  break;
177  }
178 
179  // auth mode determinitation
180  if($this->initAuthModeDetermination())
181  {
182  $this->tpl->setVariable('TABLE_AUTH_DETERMINATION',$this->form->getHTML());
183  }
184 
185  // roles table
186  $this->tpl->setVariable("FORMACTION_ROLES",
187  $this->ctrl->getFormAction($this));
188  $this->tpl->setVariable("TXT_AUTH_ROLES", $this->lng->txt("auth_active_roles"));
189  $this->tpl->setVariable("TXT_ROLE", $this->lng->txt("obj_role"));
190  $this->tpl->setVariable("TXT_ROLE_AUTH_MODE", $this->lng->txt("auth_role_auth_mode"));
191  $this->tpl->setVariable("CMD_SUBMIT_ROLES", "updateAuthRoles");
192 
193  include_once("./Services/AccessControl/classes/class.ilObjRole.php");
194  $reg_roles = ilObjRole::_lookupRegisterAllowed();
195 
196  // auth mode selection
197  include_once('./Services/Authentication/classes/class.ilAuthUtils.php');
198  $active_auth_modes = ilAuthUtils::_getActiveAuthModes();
199 
200  foreach ($reg_roles as $role)
201  {
202  foreach ($active_auth_modes as $auth_name => $auth_key)
203  {
204  // do not list auth modes with external login screen
205  // even not default, because it can easily be set to
206  // a non-working auth mode
207  if ($auth_name == "default" || $auth_name == "cas"
208  || $auth_name == "shibboleth" || $auth_name == 'ldap')
209  {
210  continue;
211  }
212 
213  $this->tpl->setCurrentBlock("auth_mode_selection");
214 
215  if ($auth_name == 'default')
216  {
217  $name = $this->lng->txt('auth_'.$auth_name)." (".$this->lng->txt('auth_'.ilAuthUtils::_getAuthModeName($auth_key)).")";
218  }
219  else
220  {
221  $name = $this->lng->txt('auth_'.$auth_name);
222  }
223 
224  $this->tpl->setVariable("AUTH_MODE_NAME", $name);
225 
226  $this->tpl->setVariable("AUTH_MODE", $auth_name);
227 
228  if ($role['auth_mode'] == $auth_name)
229  {
230  $this->tpl->setVariable("SELECTED_AUTH_MODE", "selected=\"selected\"");
231  }
232 
233  $this->tpl->parseCurrentBlock();
234  } // END auth_mode selection
235 
236  $this->tpl->setCurrentBlock("roles");
237  $this->tpl->setVariable("ROLE", $role['title']);
238  $this->tpl->setVariable("ROLE_ID", $role['id']);
239  $this->tpl->parseCurrentBlock();
240  }
241  }
242 
250  public function saveLoginInfoObject()
251  {
252  global $rbacsystem, $lng,$ilSetting;
253 
254  if (!$rbacsystem->checkAccess("write",$this->object->getRefId()))
255  {
256  $this->ilias->raiseError($this->lng->txt("permission_denied"),$this->ilias->error_obj->MESSAGE);
257  }
258  if (is_array($_POST["loginMessage"]))
259  {
260  $this->loginSettings = new ilSetting("login_settings");
261 
262  foreach ($_POST["loginMessage"] as $key => $val)
263  {
264  $this->loginSettings->set("login_message_".$key, $val);
265  }
266  }
267 
268  if($_POST['default_auth_mode'])
269  {
270  $ilSetting->set('default_auth_mode',(int) $_POST['default_auth_mode']);
271  }
272 
273  ilUtil::sendInfo($this->lng->txt("login_information_settings_saved"));
274 
275  $this->loginInfoObject();
276  }
277 
284  public function loginInfoObject()
285  {
286  global $rbacsystem, $lng,$ilSetting;
287 
288  if (!$rbacsystem->checkAccess("visible,read", $this->object->getRefId()))
289  {
290  $this->ilias->raiseError($this->lng->txt("permission_denied"), $this->ilias->error_obj->MESSAGE);
291  }
292 
293  $this->tabs_gui->setTabActive("authentication_settings");
294  $this->setSubTabs("authSettings");
295  $this->tabs_gui->setSubTabActive("login_information");
296 
297  $lng->loadLanguageModule("meta");
298 
299 
300  include_once("./Services/Form/classes/class.ilPropertyFormGUI.php");
301 
302  $this->tpl->addBlockFile("ADM_CONTENT", "adm_content", "tpl.auth_login_messages.html");
303  $form = new ilPropertyFormGUI();
304  $form->setFormAction($this->ctrl->getFormAction($this));
305  $form->setTitle($this->lng->txt('login_information'));
306  #$form->setInfo($this->lng->txt('login_information_desc'));
307 
308  $form->addCommandButton('saveLoginInfo',$this->lng->txt('save'));
309  $form->addCommandButton('cancel',$this->lng->txt('cancel'));
310 
311  include_once('Services/LDAP/classes/class.ilLDAPServer.php');
312  include_once('Services/Radius/classes/class.ilRadiusSettings.php');
313  $rad_settings = ilRadiusSettings::_getInstance();
314  if($ldap_id = ilLDAPServer::_getFirstActiveServer() or $rad_settings->isActive())
315  {
316  $select = new ilSelectInputGUI($this->lng->txt('default_auth_mode'),'default_auth_mode');
317  $select->setValue($ilSetting->get('default_auth_mode',AUTH_LOCAL));
318  $select->setInfo($this->lng->txt('default_auth_mode_info'));
319  $options[AUTH_LOCAL] = $this->lng->txt('auth_local');
320  if($ldap_id)
321  {
322  $options[AUTH_LDAP] = $this->lng->txt('auth_ldap');
323  }
324  if($rad_settings->isActive())
325  {
326  $options [AUTH_RADIUS] = $this->lng->txt('auth_radius');
327  }
328  $select->setOptions($options);
329  $form->addItem($select);
330  }
331 
332  $this->tpl->setVariable("FORMACTION", $this->ctrl->getFormAction($this));
333  $this->tpl->setVariable("TXT_HEADLINE", $this->lng->txt("login_information"));
334  $this->tpl->setVariable("TXT_DESCRIPTION", $this->lng->txt("login_information_desc"));
335  $this->tpl->setVariable("TXT_SUBMIT", $this->lng->txt("save"));
336 
337  if (!is_object($this->loginSettings))
338  {
339  $this->loginSettings = new ilSetting("login_settings");
340  }
341 
342  $login_settings = $this->loginSettings->getAll();
343  $languages = $lng->getInstalledLanguages();
344  $def_language = $lng->getDefaultLanguage();
345 
346  foreach ($this->setDefLangFirst($def_language, $languages) as $lang_key)
347  {
348  $add = "";
349  if ($lang_key == $def_language)
350  {
351  $add = " (".$lng->txt("default").")";
352  }
353 
354  $textarea = new ilTextAreaInputGUI($lng->txt("meta_l_".$lang_key).$add,
355  'loginMessage['.$lang_key.']');
356  $textarea->setRows(10);
357  $textarea->setValue($login_settings["login_message_".$lang_key]);
358  $textarea->setUseRte(true);
359  $form->addItem($textarea);
360 
361  unset($login_settings["login_message_".$lang_key]);
362  }
363 
364  foreach ($login_settings as $key => $message)
365  {
366  $lang_key = substr($key, strrpos($key, "_") + 1, strlen($key) - strrpos($key, "_"));
367 
368  $textarea = new ilTextAreaInputGUI($lng->txt("meta_l_".$lang_key).$add,
369  'loginMessage['.$lang_key.']');
370  $textarea->setRows(10);
371  $textarea->setValue($message);
372  $textarea->setUseRte(true);
373 
374  if(!in_array($lang_key,$languages))
375  {
376  $textarea->setAlert($lng->txt("not_installed"));
377  }
378  $form->addItem($textarea);
379  }
380  $this->tpl->setVariable('LOGIN_INFO',$form->getHTML());
381  }
382 
394  public function setDefLangFirst($a_def_language, $a_languages)
395  {
396  if (is_array($a_languages) && $a_def_language != "")
397  {
398  $languages = array();
399  $languages[] = $a_def_language;
400 
401  foreach ($a_languages as $val)
402  {
403  if (!in_array($val, $languages))
404  {
405  $languages[] = $val;
406  }
407  }
408 
409  return $languages;
410  }
411  else
412  {
413  return array();
414  }
415  }
416 
417  function cancelObject()
418  {
419  ilUtil::sendInfo($this->lng->txt("msg_cancel"),true);
420  $this->ctrl->redirect($this, "authSettings");
421  }
422 
423  function setAuthModeObject()
424  {
425  global $rbacsystem,$ilSetting;
426 
427  if (!$rbacsystem->checkAccess("write",$this->object->getRefId()))
428  {
429  $this->ilias->raiseError($this->lng->txt("permission_denied"),$this->ilias->error_obj->MESSAGE);
430  }
431 
432  if (empty($_POST["auth_mode"]))
433  {
434  $this->ilias->raiseError($this->lng->txt("auth_err_no_mode_selected"),$this->ilias->error_obj->MESSAGE);
435  }
436 
437  if ($_POST["auth_mode"] == AUTH_DEFAULT)
438  {
439  ilUtil::sendInfo($this->lng->txt("auth_mode").": ".$this->getAuthModeTitle()." ".$this->lng->txt("auth_mode_not_changed"),true);
440  $this->ctrl->redirect($this,'authSettings');
441  }
442 
443  switch ($_POST["auth_mode"])
444  {
445  case AUTH_LDAP:
446 
447  /*
448  if ($this->object->checkAuthLDAP() !== true)
449  {
450  ilUtil::sendInfo($this->lng->txt("auth_ldap_not_configured"),true);
451  ilUtil::redirect($this->getReturnLocation("authSettings",$this->ctrl->getLinkTarget($this,"editLDAP")));
452  }
453  */
454  break;
455 
456  case AUTH_SHIB:
457  if ($this->object->checkAuthSHIB() !== true)
458  {
459  ilUtil::sendInfo($this->lng->txt("auth_shib_not_configured"),true);
460  ilUtil::redirect($this->getReturnLocation("authSettings",$this->ctrl->getLinkTarget($this,"editSHIB")));
461  }
462  break;
463 
464  case AUTH_RADIUS:
465  if ($this->object->checkAuthRADIUS() !== true)
466  {
467  ilUtil::sendInfo($this->lng->txt("auth_radius_not_configured"),true);
468  $this->ctrl->redirect($this,'editRADIUS');
469  }
470  break;
471 
472  case AUTH_SCRIPT:
473  if ($this->object->checkAuthScript() !== true)
474  {
475  ilUtil::sendInfo($this->lng->txt("auth_script_not_configured"),true);
476  ilUtil::redirect($this->getReturnLocation("authSettings",$this->ctrl->getLinkTarget($this,"editScript")));
477  }
478  break;
479  }
480 
481  $this->ilias->setSetting("auth_mode",$_POST["auth_mode"]);
482 
483  ilUtil::sendInfo($this->lng->txt("auth_default_mode_changed_to")." ".$this->getAuthModeTitle(),true);
484  $this->ctrl->redirect($this,'authSettings');
485  }
486 
492  function editLDAPObject()
493  {
494  global $rbacsystem;
495 
496  if (!$rbacsystem->checkAccess("write",$this->object->getRefId()))
497  {
498  $this->ilias->raiseError($this->lng->txt("permission_denied"),$this->ilias->error_obj->MESSAGE);
499  }
500 
501  $this->tabs_gui->setTabActive('auth_ldap');
502 
503  if ($_SESSION["error_post_vars"])
504  {
505  if ($_SESSION["error_post_vars"]["ldap"]["active"] == "1")
506  {
507  $this->tpl->setVariable("CHK_LDAP_ACTIVE", "checked=\"checked\"");
508  }
509 
510  if ($_SESSION["error_post_vars"]["ldap"]["tls"] == "1")
511  {
512  $this->tpl->setVariable("LDAP_TLS_CHK", "checked=\"checked\"");
513  }
514 
515  if ($_SESSION["error_post_vars"]["ldap"]["version"] == "3")
516  {
517  $this->tpl->setVariable("LDAP_VERSION3_CHK", "checked=\"checked\"");
518  }
519  else
520  {
521  $this->tpl->setVariable("LDAP_VERSION2_CHK", "checked=\"checked\"");
522  }
523 
524  $this->tpl->setVariable("LDAP_SERVER", $_SESSION["error_post_vars"]["ldap"]["server"]);
525  $this->tpl->setVariable("LDAP_BASEDN", $_SESSION["error_post_vars"]["ldap"]["basedn"]);
526  $this->tpl->setVariable("LDAP_SEARCH_BASE", $_SESSION["error_post_vars"]["ldap"]["search_base"]);
527  $this->tpl->setVariable("LDAP_PORT", $_SESSION["error_post_vars"]["ldap"]["port"]);
528  $this->tpl->setVariable("LDAP_LOGIN_KEY", $_SESSION["error_post_vars"]["ldap"]["login_key"]);
529  $this->tpl->setVariable("LDAP_OBJECTCLASS", $_SESSION["error_post_vars"]["ldap"]["objectclass"]);
530  }
531  else
532  {
533  // set already saved data or default value for port
534  $settings = $this->ilias->getAllSettings();
535 
536  if ($settings["ldap_active"] == "1")
537  {
538  $this->tpl->setVariable("CHK_LDAP_ACTIVE", "checked=\"checked\"");
539  }
540 
541  if ($settings["ldap_tls"] == "1")
542  {
543  $this->tpl->setVariable("LDAP_TLS_CHK", "checked=\"checked\"");
544  }
545 
546  $this->tpl->setVariable("LDAP_SERVER", $settings["ldap_server"]);
547  $this->tpl->setVariable("LDAP_BASEDN", $settings["ldap_basedn"]);
548  $this->tpl->setVariable("LDAP_SEARCH_BASE", $settings["ldap_search_base"]);
549 
550  if (empty($settings["ldap_port"]))
551  {
552  $this->tpl->setVariable("LDAP_PORT", LDAP_DEFAULT_PORT);
553  }
554  else
555  {
556  $this->tpl->setVariable("LDAP_PORT", $settings["ldap_port"]);
557  }
558 
559  if (empty($settings["ldap_login_key"]))
560  {
561  $this->tpl->setVariable("LDAP_LOGIN_KEY", "uid");
562  }
563  else
564  {
565  $this->tpl->setVariable("LDAP_LOGIN_KEY", $settings["ldap_login_key"]);
566  }
567 
568  if (empty($settings["ldap_objectclass"]))
569  {
570  $this->tpl->setVariable("LDAP_OBJECTCLASS", "posixAccount");
571  }
572  else
573  {
574  $this->tpl->setVariable("LDAP_OBJECTCLASS", $settings["ldap_objectclass"]);
575  }
576 
577  if (empty($settings["ldap_version"]) or $settings["ldap_version"] == "2")
578  {
579  $this->tpl->setVariable("LDAP_VERSION2_CHK", "checked=\"checked\"");
580  }
581  else
582  {
583  $this->tpl->setVariable("LDAP_VERSION3_CHK", "checked=\"checked\"");
584  }
585  }
586 
587  $this->getTemplateFile("ldap");
588 
589  $this->tpl->setVariable("FORMACTION", $this->ctrl->getFormAction($this));
590  $this->tpl->setVariable("COLSPAN", 3);
591  $this->tpl->setVariable("TXT_LDAP_TITLE", $this->lng->txt("ldap_configure"));
592  $this->tpl->setVariable("TXT_OPTIONS", $this->lng->txt("options"));
593  $this->tpl->setVariable("TXT_LDAP_ACTIVE", $this->lng->txt("auth_ldap_enable"));
594  $this->tpl->setVariable("TXT_LDAP_TLS", $this->lng->txt("ldap_tls"));
595  $this->tpl->setVariable("TXT_LDAP_SERVER", $this->lng->txt("ldap_server"));
596  $this->tpl->setVariable("TXT_LDAP_BASEDN", $this->lng->txt("ldap_basedn"));
597  $this->tpl->setVariable("TXT_LDAP_SEARCH_BASE", $this->lng->txt("ldap_search_base"));
598  $this->tpl->setVariable("TXT_LDAP_PORT", $this->lng->txt("ldap_port"));
599  $this->tpl->setVariable("TXT_LDAP_TLS", $this->lng->txt("ldap_tls"));
600 
601  $this->tpl->setVariable("TXT_LDAP_VERSION", $this->lng->txt("ldap_version"));
602  $this->tpl->setVariable("TXT_LDAP_VERSION2", $this->lng->txt("ldap_v2"));
603  $this->tpl->setVariable("TXT_LDAP_VERSION3", $this->lng->txt("ldap_v3"));
604 
605  $this->tpl->setVariable("TXT_LDAP_LOGIN_KEY", $this->lng->txt("ldap_login_key"));
606  $this->tpl->setVariable("TXT_LDAP_OBJECTCLASS", $this->lng->txt("ldap_objectclass"));
607 
608  $this->tpl->setVariable("TXT_LDAP_PASSWD", $this->lng->txt("ldap_passwd"));
609 
610  $this->tpl->setVariable("TXT_REQUIRED_FLD", $this->lng->txt("required_field"));
611  $this->tpl->setVariable("TXT_CANCEL", $this->lng->txt("cancel"));
612  $this->tpl->setVariable("TXT_SUBMIT", $this->lng->txt("save"));
613  $this->tpl->setVariable("CMD_SUBMIT", "saveLDAP");
614  }
615 
616 
622  function saveLDAPObject()
623  {
624  global $ilUser;
625 
626  // validate required data
627  if (!$_POST["ldap"]["server"] or !$_POST["ldap"]["basedn"] or !$_POST["ldap"]["port"] or !$_POST["ldap"]["login_key"] or !$_POST["ldap"]["objectclass"])
628  {
629  $this->ilias->raiseError($this->lng->txt("fill_out_all_required_fields"),$this->ilias->error_obj->MESSAGE);
630  }
631 
632  // validate password
633  if (!$_POST["ldap"]["passwd"])
634  {
635  $this->ilias->raiseError($this->lng->txt("err_enter_current_passwd"),$this->ilias->error_obj->MESSAGE);
636  }
637 
638  // validate port
639  if ((preg_match("/^[0-9]{0,5}$/",$_POST["ldap"]["port"])) == false)
640  {
641  $this->ilias->raiseError($this->lng->txt("err_invalid_port"),$this->ilias->error_obj->MESSAGE);
642  }
643 
644  // TODO: implement TLS support
645  if ($_POST["ldap"]["tls"] != "1")
646  {
647  $_POST["ldap"]["tls"] = "0";
648  }
649 
650  // check connection to ldap server
651  //include_once('classes/class.ilLDAPAuthentication.php');
652 
653  $ldap_host = $_POST["ldap"]["server"];
654  $ldap_port = $_POST["ldap"]["port"];
655  $ldap_pass = $_POST["ldap"]["passwd"];
656 
657  $ldap_userattr = $_POST["ldap"]["login_key"];
658  $ldap_useroc = $_POST["ldap"]["objectclass"];
659 
660  $ldap_dn = $ldap_userattr."=".$this->ilias->account->getLogin().",";
661 
662  // create base_dn
663  if ($_POST["ldap"]["search_base"])
664  {
665  $ldap_searchbase .= $_POST["ldap"]["search_base"].",";
666  }
667 
668  $ldap_searchbase .= $_POST["ldap"]["basedn"];
669 
670  $ldap_dn .= $ldap_searchbase;
671 
672  // test connection
673  $ldap_conn = ldap_connect($ldap_host,$ldap_port);
674 
675  @ldap_set_option($ldap_conn, LDAP_OPT_PROTOCOL_VERSION, $_POST["ldap"]["version"]);
676 
677  // bind anonymously
678  if (($ldap_bind = ldap_bind($ldap_conn)) == false)
679  {
680  $this->ilias->raiseError($this->lng->txt("err_ldap_connect_failed"),$this->ilias->error_obj->MESSAGE);
681  }
682 
683  // make user search
684  $filter = sprintf('(&(objectClass=%s)(%s=%s))', $ldap_useroc, $ldap_userattr, $ilUser->getLogin());
685 
686  // make functions params array
687  $func_params = array($ldap_conn, $ldap_searchbase, $filter, array($ldap_userattr));
688 
689  // search
690  if (($result_id = @call_user_func_array('ldap_search', $func_params)) == false)
691  {
692  $this->ilias->raiseError($this->lng->txt("err_ldap_search_failed"),$this->ilias->error_obj->MESSAGE);
693  }
694 
695  if (ldap_count_entries($ldap_conn, $result_id) != 1)
696  {
697  $this->ilias->raiseError($this->lng->txt("err_ldap_user_not_found"),$this->ilias->error_obj->MESSAGE);
698  }
699 
700  // then get the user dn
701  $entry_id = ldap_first_entry($ldap_conn, $result_id);
702  $user_dn = ldap_get_dn($ldap_conn, $entry_id);
703 
704  ldap_free_result($result_id);
705 
706  // bind with password
707  if (@ldap_bind($ldap_conn, $user_dn, $ldap_pass) == false)
708  {
709  $this->ilias->raiseError($this->lng->txt("err_ldap_auth_failed"),$this->ilias->error_obj->MESSAGE);
710  }
711 
712  // close connection
713  @ldap_unbind($ldap_conn);
714 
715  // all ok. save settings
716  $this->ilias->setSetting("ldap_tls", $_POST["ldap"]["tls"]);
717  $this->ilias->setSetting("ldap_server", $_POST["ldap"]["server"]);
718  $this->ilias->setSetting("ldap_basedn", $_POST["ldap"]["basedn"]);
719  $this->ilias->setSetting("ldap_search_base", $_POST["ldap"]["search_base"]);
720  $this->ilias->setSetting("ldap_port", $_POST["ldap"]["port"]);
721  $this->ilias->setSetting("ldap_version", $_POST["ldap"]["version"]);
722  $this->ilias->setSetting("ldap_login_key", $_POST["ldap"]["login_key"]);
723  $this->ilias->setSetting("ldap_objectclass", $_POST["ldap"]["objectclass"]);
724  $this->ilias->setSetting("ldap_active", $_POST["ldap"]["active"]);
725 
726  ilUtil::sendInfo($this->lng->txt("auth_ldap_settings_saved"),true);
727  $this->ctrl->redirect($this,'editLDAP');;
728  }
729 
735  function editSHIBObject()
736  {
737  global $rbacsystem, $rbacreview;
738 
739  if (!$rbacsystem->checkAccess("write",$this->object->getRefId()))
740  {
741  $this->ilias->raiseError($this->lng->txt("permission_denied"),$this->ilias->error_obj->MESSAGE);
742  }
743 
744  $this->tabs_gui->setTabActive('auth_shib');
745 
746  // set already saved data or default value for port
747  $settings = $this->ilias->getAllSettings();
748 
749  // Compose role list
750  $role_list = $rbacreview->getRolesByFilter(2,$this->object->getId());
751  $selectElement = '<select name="shib[user_default_role]">';
752 
753  if (!isset($settings["shib_user_default_role"]))
754  {
755  $settings["shib_user_default_role"] = 4;
756  }
757 
758  foreach ($role_list as $role)
759  {
760  $selectElement .= '<option value="'.$role['obj_id'].'"';
761  if ($settings["shib_user_default_role"] == $role['obj_id'])
762  $selectElement .= 'selected="selected"';
763 
764  $selectElement .= '>'.$role['title'].'</option>';
765  }
766  $selectElement .= '</select>';
767 
768 
769  // Set text field content
770  $shib_settings = array(
771  'shib_login',
772  'shib_title',
773  'shib_firstname',
774  'shib_lastname',
775  'shib_email',
776  'shib_gender',
777  'shib_institution',
778  'shib_department',
779  'shib_zipcode',
780  'shib_city',
781  'shib_country',
782  'shib_street',
783  'shib_phone_office',
784  'shib_phone_home',
785  'shib_phone_mobile',
786  'shib_language'
787  );
788 
789  $this->getTemplateFile("shib");
790 
791  foreach ($shib_settings as $setting)
792  {
793  $field = ereg_replace('shib_','',$setting);
794  $this->tpl->setVariable(strtoupper($setting), $settings[$setting]);
795  $this->tpl->setVariable('SHIB_UPDATE_'.strtoupper($field), $settings["shib_update_".$field]);
796 
797  if ($settings["shib_update_".$field])
798  {
799  $this->tpl->setVariable('chk_shib_update_'.strtolower($field), 'checked="checked"');
800  }
801  }
802 
803  // Set some default values
804 
805  if (!isset($settings["shib_login_button"]) || $settings["shib_login_button"] == ''){
806  $this->tpl->setVariable("SHIB_LOGIN_BUTTON", "templates/default/images/shib_login_button.gif");
807  }
808 
809  if (isset($settings["shib_active"]) && $settings["shib_active"])
810  {
811  $this->tpl->setVariable("chk_shib_active", 'checked="checked"');
812  }
813  if ($settings['shib_auth_allow_local'] == '1')
814  {
815  $this->tpl->setVariable('CHK_SHIB_AUTH_ALLOW_LOCAL', 'checked="checked"');
816  }
817 
818  if (
819  !isset($settings["shib_hos_type"])
820  || $settings["shib_hos_type"] == ''
821  || $settings["shib_hos_type"] != 'external_wayf'
822  )
823  {
824  $this->tpl->setVariable("CHK_SHIB_LOGIN_INTERNAL_WAYF", 'checked="checked"');
825  $this->tpl->setVariable("CHK_SHIB_LOGIN_EXTERNAL_WAYF", '');
826  } else {
827  $this->tpl->setVariable("CHK_SHIB_LOGIN_INTERNAL_WAYF", '');
828  $this->tpl->setVariable("CHK_SHIB_LOGIN_EXTERNAL_WAYF", 'checked="checked"');
829  }
830 
831  if (!isset($settings["shib_idp_list"]) || $settings["shib_idp_list"] == '')
832  {
833  $this->tpl->setVariable("SHIB_IDP_LIST", "urn:mace:organization1:providerID, Example Organization 1\nurn:mace:organization2:providerID, Example Organization 2, /Shibboleth.sso/WAYF/SWITCHaai");
834  } else {
835  $this->tpl->setVariable("SHIB_IDP_LIST", stripslashes($settings["shib_idp_list"]));
836  }
837 
838  $this->tpl->setVariable("SHIB_USER_DEFAULT_ROLE", $selectElement);
839  $this->tpl->setVariable("SHIB_LOGIN_BUTTON", $settings["shib_login_button"]);
840  $this->tpl->setVariable("SHIB_LOGIN_INSTRUCTIONS", stripslashes($settings["shib_login_instructions"]));
841  $this->tpl->setVariable("SHIB_FEDERATION_NAME", stripslashes($settings["shib_federation_name"]));
842  $this->tpl->setVariable("SHIB_DATA_CONV", $settings["shib_data_conv"]);
843 
844  $this->tpl->setVariable("FORMACTION", $this->ctrl->getFormAction($this));
845  $this->tpl->setVariable("COLSPAN", 3);
846  $this->tpl->setVariable("TXT_SHIB_INSTRUCTIONS",
847  $this->lng->txt("auth_shib_instructions"));
848  $this->tpl->setVariable("LINK_SHIB_INSTRUCTIONS",
849  "./Services/AuthShibboleth/README.SHIBBOLETH.txt");
850  $this->tpl->setVariable("TXT_SHIB", $this->lng->txt("shib"));
851  $this->tpl->setVariable("TXT_OPTIONS", $this->lng->txt("options"));
852  $this->tpl->setVariable("TXT_SHIB_UPDATE", $this->lng->txt("shib_update"));
853  $this->tpl->setVariable("TXT_SHIB_ACTIVE", $this->lng->txt("shib_active"));
854  $this->tpl->setVariable("TXT_SHIB_USER_DEFAULT_ROLE", $this->lng->txt("shib_user_default_role"));
855  $this->tpl->setVariable("TXT_SHIB_LOGIN_BUTTON", $this->lng->txt("shib_login_button"));
856  $this->tpl->setVariable("TXT_SHIB_LOGIN_TYPE", $this->lng->txt("shib_login_type"));
857  $this->tpl->setVariable("TXT_SHIB_LOGIN_INTERNAL_WAYF", $this->lng->txt("shib_login_internal_wayf"));
858  $this->tpl->setVariable("TXT_SHIB_LOGIN_EXTERNAL_WAYF", $this->lng->txt("shib_login_external_wayf"));
859  $this->tpl->setVariable("TXT_SHIB_IDP_LIST", $this->lng->txt("shib_idp_list"));
860  $this->tpl->setVariable("TXT_SHIB_FEDERATION_NAME", $this->lng->txt("shib_federation_name"));
861  $this->tpl->setVariable("TXT_SHIB_LOGIN_INSTRUCTIONS", $this->lng->txt("auth_login_instructions"));
862  $this->tpl->setVariable("TXT_SHIB_DATA_CONV", $this->lng->txt("shib_data_conv"));
863  $this->tpl->setVariable("TXT_SHIB_AUTH_ALLOW_LOCAL", $this->lng->txt("auth_allow_local"));
864  foreach ($shib_settings as $setting)
865  {
866  $this->tpl->setVariable("TXT_".strtoupper($setting), $this->lng->txt($setting));
867  }
868 
869  $this->tpl->setVariable("TXT_REQUIRED_FLD", $this->lng->txt("required_field"));
870  $this->tpl->setVariable("TXT_CANCEL", $this->lng->txt("cancel"));
871  $this->tpl->setVariable("TXT_SUBMIT", $this->lng->txt("save"));
872  $this->tpl->setVariable("CMD_SUBMIT", "saveSHIB");
873 
874  }
875 
881  function saveSHIBObject()
882  {
883  global $ilUser;
884 
885  // validate required data
886  if (
887  !$_POST["shib"]["login"]
888  or !$_POST["shib"]["hos_type"]
889  or !$_POST["shib"]["firstname"]
890  or !$_POST["shib"]["lastname"]
891  or !$_POST["shib"]["email"]
892  or !$_POST["shib"]["user_default_role"]
893  or !$_POST["shib"]["federation_name"]
894  )
895  {
896  $this->ilias->raiseError($this->lng->txt("fill_out_all_required_fields"),$this->ilias->error_obj->MESSAGE);
897  }
898 
899  // validate api
900  if (
901  $_POST["shib"]["data_conv"]
902  and $_POST["shib"]["data_conv"] != ''
903  and !is_readable($_POST["shib"]["data_conv"]) )
904  {
905  $this->ilias->raiseError($this->lng->txt("shib_data_conv_warning"),$this->ilias->error_obj->MESSAGE);
906  }
907 
908  // all ok. save settings
909  $shib_settings = array(
910  'shib_login',
911  'shib_title',
912  'shib_firstname',
913  'shib_lastname',
914  'shib_email',
915  'shib_gender',
916  'shib_institution',
917  'shib_department',
918  'shib_zipcode',
919  'shib_city',
920  'shib_country',
921  'shib_street',
922  'shib_phone_office',
923  'shib_phone_home',
924  'shib_phone_mobile',
925  'shib_language'
926  );
927 
928  foreach ($shib_settings as $setting)
929  {
930  $field = ereg_replace('shib_','',$setting);
931  if ($_POST["shib"]["update_".$field] != "1")
932  $_POST["shib"]["update_".$field] = "0";
933  $this->ilias->setSetting($setting, trim($_POST["shib"][$field]));
934  $this->ilias->setSetting("shib_update_".$field, $_POST["shib"]["update_".$field]);
935  }
936 
937  if ($_POST["shib"]["active"] != "1")
938  {
939  $this->ilias->setSetting("shib_active", "0");
940  }
941  else
942  {
943  $this->ilias->setSetting("shib_active", "1");
944  }
945 
946  $this->ilias->setSetting("shib_user_default_role", $_POST["shib"]["user_default_role"]);
947  $this->ilias->setSetting("shib_hos_type", $_POST["shib"]["hos_type"]);
948  $this->ilias->setSetting("shib_federation_name", $_POST["shib"]["federation_name"]);
949  $this->ilias->setSetting("shib_idp_list", $_POST["shib"]["idp_list"]);
950  $this->ilias->setSetting("shib_login_instructions", $_POST["shib"]["login_instructions"]);
951  $this->ilias->setSetting("shib_login_button", $_POST["shib"]["login_button"]);
952  $this->ilias->setSetting("shib_data_conv", $_POST["shib"]["data_conv"]);
953  $this->ilias->setSetting("shib_auth_allow_local", ($_POST['shib']['auth_allow_local']=='1') ? '1' : '0');
954 
955  ilUtil::sendInfo($this->lng->txt("shib_settings_saved"),true);
956 
957  $this->ctrl->redirect($this,'editSHIB');
958  }
959 
965  function editCASObject()
966  {
967  global $rbacsystem, $rbacreview, $ilSetting;
968 
969  if (!$rbacsystem->checkAccess("write",$this->object->getRefId()))
970  {
971  $this->ilias->raiseError($this->lng->txt("permission_denied"),$this->ilias->error_obj->MESSAGE);
972  }
973 
974  $this->tabs_gui->setTabActive('auth_cas');
975 
976  // get template
977  $this->getTemplateFile("cas");
978 
979  // get all settings
980  $settings = $ilSetting->getAll();
981 
982  // get values in error case
983  if ($_SESSION["error_post_vars"])
984  {
985  if ($_SESSION["error_post_vars"]["cas"]["active"] == "1")
986  {
987  $this->tpl->setVariable("CHK_CAS_ACTIVE", "checked=\"checked\"");
988  }
989  if ($_SESSION["error_post_vars"]["cas"]["create_users"] == "1")
990  {
991  $this->tpl->setVariable("CHK_CREATE_USERS", "checked=\"checked\"");
992  }
993  if ($_SESSION["error_post_vars"]["cas"]["allow_local"] == "1")
994  {
995  $this->tpl->setVariable("CHK_ALLOW_LOCAL", "checked=\"checked\"");
996  }
997 
998  $this->tpl->setVariable("CAS_SERVER", $_SESSION["error_post_vars"]["cas"]["server"]);
999  $this->tpl->setVariable("CAS_PORT", $_SESSION["error_post_vars"]["cas"]["port"]);
1000  $this->tpl->setVariable("CAS_URI", $_SESSION["error_post_vars"]["cas"]["uri"]);
1001  $this->tpl->setVariable("CAS_LOGIN_INSTRUCTIONS", $_SESSION["error_post_vars"]["cas"]["login_instructions"]);
1002  $current_default_role = $_SESSION["error_post_vars"]["cas"]["user_default_role"];
1003  }
1004  else
1005  {
1006  if ($settings["cas_active"] == "1")
1007  {
1008  $this->tpl->setVariable("CHK_CAS_ACTIVE", "checked=\"checked\"");
1009  }
1010  if ($settings["cas_create_users"] == "1")
1011  {
1012  $this->tpl->setVariable("CHK_CREATE_USERS", "checked=\"checked\"");
1013  }
1014  if ($settings["cas_allow_local"] == "1")
1015  {
1016  $this->tpl->setVariable("CHK_ALLOW_LOCAL", "checked=\"checked\"");
1017  }
1018 
1019  $this->tpl->setVariable("CAS_SERVER", $settings["cas_server"]);
1020  $this->tpl->setVariable("CAS_PORT", $settings["cas_port"]);
1021  $this->tpl->setVariable("CAS_URI", $settings["cas_uri"]);
1022  $this->tpl->setVariable("CAS_LOGIN_INSTRUCTIONS", $settings["cas_login_instructions"]);
1023  $current_default_role = $settings["cas_user_default_role"];
1024  }
1025 
1026  // compose role list
1027  $role_list = $rbacreview->getRolesByFilter(2,$this->object->getId());
1028  if (!$current_default_role)
1029  {
1030  $current_default_role = 4;
1031  }
1032  $roles = array();
1033  foreach ($role_list as $role)
1034  {
1035  $roles[$role['obj_id']] = $role['title'];
1036  }
1037  $selectElement = ilUtil::formSelect($current_default_role,
1038  "cas[user_default_role]", $roles, false, true);
1039 
1040  $this->tpl->setVariable("CAS_USER_DEFAULT_ROLE", $selectElement);
1041  $this->tpl->setVariable("FORMACTION", $this->ctrl->getFormAction($this));
1042  $this->tpl->setVariable("COLSPAN", 3);
1043  $this->tpl->setVariable("TXT_CAS_TITLE", $this->lng->txt("auth_cas_auth"));
1044  $this->tpl->setVariable("TXT_CAS_DESC", $this->lng->txt("auth_cas_auth_desc"));
1045  $this->tpl->setVariable("TXT_OPTIONS", $this->lng->txt("options"));
1046  $this->tpl->setVariable("TXT_CAS_ACTIVE", $this->lng->txt("active"));
1047  $this->tpl->setVariable("TXT_CAS_SERVER", $this->lng->txt("server"));
1048  $this->tpl->setVariable("TXT_CAS_SERVER_DESC", $this->lng->txt("auth_cas_server_desc"));
1049  $this->tpl->setVariable("TXT_CAS_PORT", $this->lng->txt("port"));
1050  $this->tpl->setVariable("TXT_CAS_PORT_DESC", $this->lng->txt("auth_cas_port_desc"));
1051  $this->tpl->setVariable("TXT_CAS_URI", $this->lng->txt("uri"));
1052  $this->tpl->setVariable("TXT_CAS_URI_DESC", $this->lng->txt("auth_cas_uri_desc"));
1053  $this->tpl->setVariable("TXT_CAS_LOGIN_INSTRUCTIONS", $this->lng->txt("auth_login_instructions"));
1054  $this->tpl->setVariable("TXT_CREATE_USERS", $this->lng->txt("auth_create_users"));
1055  $this->tpl->setVariable("TXT_CREATE_USERS_DESC", $this->lng->txt("auth_cas_create_users_desc"));
1056  $this->tpl->setVariable("TXT_CAS_USER_DEFAULT_ROLE", $this->lng->txt("auth_user_default_role"));
1057  $this->tpl->setVariable("TXT_CAS_USER_DEFAULT_ROLE_DESC",
1058  $this->lng->txt("auth_cas_user_default_role_desc"));
1059  $this->tpl->setVariable("TXT_ALLOW_LOCAL", $this->lng->txt("auth_allow_local"));
1060  $this->tpl->setVariable("TXT_ALLOW_LOCAL_DESC", $this->lng->txt("auth_cas_allow_local_desc"));
1061  $this->tpl->setVariable("TXT_REQUIRED_FLD", $this->lng->txt("required_field"));
1062  $this->tpl->setVariable("TXT_CANCEL", $this->lng->txt("cancel"));
1063  $this->tpl->setVariable("TXT_SUBMIT", $this->lng->txt("save"));
1064  $this->tpl->setVariable("CMD_SUBMIT", "saveCAS");
1065  }
1066 
1072  function saveCASObject()
1073  {
1074  global $ilUser, $ilSetting;
1075 
1076  // validate required data
1077  if (!$_POST["cas"]["server"] or !$_POST["cas"]["port"])
1078  {
1079  $this->ilias->raiseError($this->lng->txt("fill_out_all_required_fields"),$this->ilias->error_obj->MESSAGE);
1080  }
1081 
1082  // validate port
1083  if ((preg_match("/^[0-9]{0,5}$/",$_POST["cas"]["port"])) == false)
1084  {
1085  $this->ilias->raiseError($this->lng->txt("err_invalid_port"),$this->ilias->error_obj->MESSAGE);
1086  }
1087 
1088  $ilSetting->set("cas_server", $_POST["cas"]["server"]);
1089  $ilSetting->set("cas_port", $_POST["cas"]["port"]);
1090  $ilSetting->set("cas_uri", $_POST["cas"]["uri"]);
1091  $ilSetting->set("cas_login_instructions", $_POST["cas"]["login_instructions"]);
1092  $ilSetting->set("cas_active", $_POST["cas"]["active"]);
1093  $ilSetting->set("cas_create_users", $_POST["cas"]["create_users"]);
1094  $ilSetting->set("cas_allow_local", $_POST["cas"]["allow_local"]);
1095  $ilSetting->set("cas_active", $_POST["cas"]["active"]);
1096  $ilSetting->set("cas_user_default_role", $_POST["cas"]["user_default_role"]);
1097  ilUtil::sendInfo($this->lng->txt("auth_cas_settings_saved"),true);
1098 
1099  $this->ctrl->redirect($this,'editCAS');
1100  }
1101 
1107  function editSOAPObject()
1108  {
1109  global $rbacsystem, $rbacreview, $ilSetting, $ilCtrl, $lng;
1110 
1111  if (!$rbacsystem->checkAccess("write",$this->object->getRefId()))
1112  {
1113  $this->ilias->raiseError($this->lng->txt("permission_denied"),$this->ilias->error_obj->MESSAGE);
1114  }
1115 
1116  $this->tabs_gui->setTabActive('auth_soap');
1117 
1118  // get template
1119  $stpl = new ilTemplate("tpl.auth_soap.html", true, true, "");
1120 
1121  //$this->getTemplateFile("soap");
1122 
1123  // get all settings
1124  $settings = $ilSetting->getAll();
1125 
1126  // get values in error case
1127  if ($_SESSION["error_post_vars"])
1128  {
1129  if ($_SESSION["error_post_vars"]["soap"]["active"] == "1")
1130  {
1131  $stpl->setVariable("CHK_SOAP_ACTIVE", "checked=\"checked\"");
1132  }
1133  if ($_SESSION["error_post_vars"]["soap"]["use_https"] == "1")
1134  {
1135  $stpl->setVariable("CHK_USE_HTTPS", "checked=\"checked\"");
1136  }
1137  if ($_SESSION["error_post_vars"]["soap"]["create_users"] == "1")
1138  {
1139  $stpl->setVariable("CHK_CREATE_USERS", "checked=\"checked\"");
1140  }
1141  if ($_SESSION["error_post_vars"]["soap"]["allow_local"] == "1")
1142  {
1143  $stpl->setVariable("CHK_ALLOW_LOCAL", "checked=\"checked\"");
1144  }
1145  if ($_SESSION["error_post_vars"]["soap"]["account_mail"] == "1")
1146  {
1147  $stpl->setVariable("CHK_ACCOUNT_MAIL", "checked=\"checked\"");
1148  }
1149  if ($_SESSION["error_post_vars"]["soap"]["use_dotnet"] == "1")
1150  {
1151  $stpl->setVariable("CHK_USEDOTNET", "checked=\"checked\"");
1152  }
1153 
1154  $stpl->setVariable("SOAP_SERVER", $_SESSION["error_post_vars"]["soap"]["server"]);
1155  $stpl->setVariable("SOAP_PORT", $_SESSION["error_post_vars"]["soap"]["port"]);
1156  $stpl->setVariable("SOAP_URI", $_SESSION["error_post_vars"]["soap"]["uri"]);
1157  $stpl->setVariable("SOAP_NAMESPACE", $_SESSION["error_post_vars"]["soap"]["namespace"]);
1158  $current_default_role = $_SESSION["error_post_vars"]["soap"]["user_default_role"];
1159  }
1160  else
1161  {
1162  if ($settings["soap_auth_active"] == "1")
1163  {
1164  $stpl->setVariable("CHK_SOAP_ACTIVE", "checked=\"checked\"");
1165  }
1166  if ($settings["soap_auth_use_https"] == "1")
1167  {
1168  $stpl->setVariable("CHK_USE_HTTPS", "checked=\"checked\"");
1169  }
1170  if ($settings["soap_auth_create_users"] == "1")
1171  {
1172  $stpl->setVariable("CHK_CREATE_USERS", "checked=\"checked\"");
1173  }
1174  if ($settings["soap_auth_allow_local"] == "1")
1175  {
1176  $stpl->setVariable("CHK_ALLOW_LOCAL", "checked=\"checked\"");
1177  }
1178  if ($settings["soap_auth_account_mail"] == "1")
1179  {
1180  $stpl->setVariable("CHK_ACCOUNT_MAIL", "checked=\"checked\"");
1181  }
1182  if ($settings["soap_auth_use_dotnet"] == "1")
1183  {
1184  $stpl->setVariable("CHK_USE_DOTNET", "checked=\"checked\"");
1185  }
1186 
1187  $stpl->setVariable("SOAP_SERVER", $settings["soap_auth_server"]);
1188  $stpl->setVariable("SOAP_PORT", $settings["soap_auth_port"]);
1189  $stpl->setVariable("SOAP_URI", $settings["soap_auth_uri"]);
1190  $stpl->setVariable("SOAP_NAMESPACE", $settings["soap_auth_namespace"]);
1191  $current_default_role = $settings["soap_auth_user_default_role"];
1192  }
1193 
1194  // compose role list
1195  $role_list = $rbacreview->getRolesByFilter(2,$this->object->getId());
1196  if (!$current_default_role)
1197  {
1198  $current_default_role = 4;
1199  }
1200  $roles = array();
1201  foreach ($role_list as $role)
1202  {
1203  $roles[$role['obj_id']] = $role['title'];
1204  }
1205  $selectElement = ilUtil::formSelect($current_default_role,
1206  "soap[user_default_role]", $roles, false, true);
1207 
1208  $stpl->setVariable("SOAP_USER_DEFAULT_ROLE", $selectElement);
1209  $stpl->setVariable("FORMACTION", $this->ctrl->getFormAction($this));
1210  $stpl->setVariable("COLSPAN", 3);
1211  $stpl->setVariable("TXT_SOAP_TITLE", $this->lng->txt("auth_soap_auth"));
1212  $stpl->setVariable("TXT_SOAP_DESC", $this->lng->txt("auth_soap_auth_desc"));
1213  $stpl->setVariable("TXT_OPTIONS", $this->lng->txt("options"));
1214  $stpl->setVariable("TXT_SOAP_ACTIVE", $this->lng->txt("active"));
1215  $stpl->setVariable("TXT_SOAP_SERVER", $this->lng->txt("server"));
1216  $stpl->setVariable("TXT_SOAP_SERVER_DESC", $this->lng->txt("auth_soap_server_desc"));
1217  $stpl->setVariable("TXT_SOAP_PORT", $this->lng->txt("port"));
1218  $stpl->setVariable("TXT_SOAP_PORT_DESC", $this->lng->txt("auth_soap_port_desc"));
1219  $stpl->setVariable("TXT_SOAP_URI", $this->lng->txt("uri"));
1220  $stpl->setVariable("TXT_SOAP_URI_DESC", $this->lng->txt("auth_soap_uri_desc"));
1221  $stpl->setVariable("TXT_SOAP_NAMESPACE", $this->lng->txt("auth_soap_namespace"));
1222  $stpl->setVariable("TXT_SOAP_NAMESPACE_DESC", $this->lng->txt("auth_soap_namespace_desc"));
1223  $stpl->setVariable("TXT_USE_DOTNET", $this->lng->txt("auth_soap_use_dotnet"));
1224  $stpl->setVariable("TXT_USE_HTTPS", $this->lng->txt("auth_soap_use_https"));
1225  $stpl->setVariable("TXT_CREATE_USERS", $this->lng->txt("auth_create_users"));
1226  $stpl->setVariable("TXT_CREATE_USERS_DESC", $this->lng->txt("auth_soap_create_users_desc"));
1227  $stpl->setVariable("TXT_ACCOUNT_MAIL", $this->lng->txt("user_send_new_account_mail"));
1228  $stpl->setVariable("TXT_ACCOUNT_MAIL_DESC", $this->lng->txt("auth_new_account_mail_desc"));
1229  $stpl->setVariable("TXT_SOAP_USER_DEFAULT_ROLE", $this->lng->txt("auth_user_default_role"));
1230  $stpl->setVariable("TXT_SOAP_USER_DEFAULT_ROLE_DESC",
1231  $this->lng->txt("auth_soap_user_default_role_desc"));
1232  $stpl->setVariable("TXT_ALLOW_LOCAL", $this->lng->txt("auth_allow_local"));
1233  $stpl->setVariable("TXT_ALLOW_LOCAL_DESC", $this->lng->txt("auth_soap_allow_local_desc"));
1234  $stpl->setVariable("TXT_REQUIRED_FLD", $this->lng->txt("required_field"));
1235  $stpl->setVariable("TXT_CANCEL", $this->lng->txt("cancel"));
1236  $stpl->setVariable("TXT_SUBMIT", $this->lng->txt("save"));
1237  $stpl->setVariable("CMD_SUBMIT", "saveSOAP");
1238 
1239  // test form
1240  include_once("./Services/Form/classes/class.ilPropertyFormGUI.php");
1241  $form = new ilPropertyFormGUI();
1242  $form->setFormAction($ilCtrl->getFormAction($this));
1243  $form->setTitle("Test Request");
1244  $text_prop = new ilTextInputGUI("ext_uid", "ext_uid");
1245  $form->addItem($text_prop);
1246  $text_prop2 = new ilTextInputGUI("soap_pw", "soap_pw");
1247  $form->addItem($text_prop2);
1248  $cb = new ilCheckboxInputGUI("new_user", "new_user");
1249  $form->addItem($cb);
1250 
1251  $form->addCommandButton("testSoapAuthConnection",
1252  "Send");
1253 
1254  if ($ilCtrl->getCmd() == "testSoapAuthConnection")
1255  {
1256  include_once("./Services/SOAPAuth/classes/class.ilSOAPAuth.php");
1257  $ret = "<br />".ilSOAPAuth::testConnection(
1258  ilUtil::stripSlashes($_POST["ext_uid"]),
1259  ilUtil::stripSlashes($_POST["soap_pw"]),
1260  (boolean) $_POST["new_user"]
1261  );
1262  }
1263 
1264  $stpl->setVariable("TEST_FORM", $form->getHtml().$ret);
1265  $this->tpl->setContent($stpl->get());
1266  }
1267 
1268  function testSoapAuthConnectionObject()
1269  {
1270  $this->editSOAPObject();
1271  }
1272 
1278  function saveSOAPObject()
1279  {
1280  global $ilUser, $ilSetting;
1281 
1282  // validate required data
1283  if (!$_POST["soap"]["server"])
1284  {
1285  $this->ilias->raiseError($this->lng->txt("fill_out_all_required_fields"),$this->ilias->error_obj->MESSAGE);
1286  }
1287 
1288  // validate port
1289  if ($_POST["soap"]["server"] != "" && (preg_match("/^[0-9]{0,5}$/",$_POST["soap"]["port"])) == false)
1290  {
1291  $this->ilias->raiseError($this->lng->txt("err_invalid_port"),$this->ilias->error_obj->MESSAGE);
1292  }
1293 
1294  $ilSetting->set("soap_auth_server", $_POST["soap"]["server"]);
1295  $ilSetting->set("soap_auth_port", $_POST["soap"]["port"]);
1296  $ilSetting->set("soap_auth_active", $_POST["soap"]["active"]);
1297  $ilSetting->set("soap_auth_uri", $_POST["soap"]["uri"]);
1298  $ilSetting->set("soap_auth_namespace", $_POST["soap"]["namespace"]);
1299  $ilSetting->set("soap_auth_create_users", $_POST["soap"]["create_users"]);
1300  $ilSetting->set("soap_auth_allow_local", $_POST["soap"]["allow_local"]);
1301  $ilSetting->set("soap_auth_account_mail", $_POST["soap"]["account_mail"]);
1302  $ilSetting->set("soap_auth_use_https", $_POST["soap"]["use_https"]);
1303  $ilSetting->set("soap_auth_use_dotnet", $_POST["soap"]["use_dotnet"]);
1304  $ilSetting->set("soap_auth_user_default_role", $_POST["soap"]["user_default_role"]);
1305  ilUtil::sendInfo($this->lng->txt("auth_soap_settings_saved"),true);
1306 
1307  $this->ctrl->redirect($this,'editSOAP');
1308  }
1309 
1315  function editScriptObject()
1316  {
1317  global $rbacsystem;
1318 
1319  if (!$rbacsystem->checkAccess("write",$this->object->getRefId()))
1320  {
1321  $this->ilias->raiseError($this->lng->txt("permission_denied"),$this->ilias->error_obj->MESSAGE);
1322  }
1323 
1324  if ($_SESSION["error_post_vars"])
1325  {
1326  $this->tpl->setVariable("AUTH_SCRIPT_NAME", $_SESSION["error_post_vars"]["auth_script"]["name"]);
1327  }
1328  else
1329  {
1330  // set already saved data
1331  $settings = $this->ilias->getAllSettings();
1332 
1333  $this->tpl->setVariable("AUTH_SCRIPT_NAME", $settings["auth_script_name"]);
1334  }
1335 
1336  $this->tabs_gui->setTabActive('auth_script');
1337 
1338  $this->getTemplateFile("script");
1339 
1340  $this->tpl->setVariable("FORMACTION", $this->ctrl->getFormAction($this));
1341  $this->tpl->setVariable("COLSPAN", 3);
1342  $this->tpl->setVariable("TXT_AUTH_SCRIPT_TITLE", $this->lng->txt("auth_script_configure"));
1343  $this->tpl->setVariable("TXT_OPTIONS", $this->lng->txt("options"));
1344  $this->tpl->setVariable("TXT_AUTH_SCRIPT_NAME", $this->lng->txt("auth_script_name"));
1345 
1346  $this->tpl->setVariable("TXT_REQUIRED_FLD", $this->lng->txt("required_field"));
1347  $this->tpl->setVariable("TXT_CANCEL", $this->lng->txt("cancel"));
1348  $this->tpl->setVariable("TXT_SUBMIT", $this->lng->txt("save"));
1349  $this->tpl->setVariable("CMD_SUBMIT", "saveScript");
1350  }
1351 
1357  function saveScriptObject()
1358  {
1359  // validate required data
1360  if (!$_POST["auth_script"]["name"])
1361  {
1362  $this->ilias->raiseError($this->lng->txt("fill_out_all_required_fields"),$this->ilias->error_obj->MESSAGE);
1363  }
1364 
1365  // validate script url
1366  /*
1367  if (( TODO ,$_POST["ldap"]["server"])) == false)
1368  {
1369  $this->ilias->raiseError($this->lng->txt("err_invalid_server"),$this->ilias->error_obj->MESSAGE);
1370  }*/
1371 
1372  // TODO: check connection to server
1373 
1374  // all ok. save settings and activate auth by external script
1375  $this->ilias->setSetting("auth_script_name", $_POST["auth_script"]["name"]);
1376  $this->ilias->setSetting("auth_mode", AUTH_SCRIPT);
1377 
1378  ilUtil::sendInfo($this->lng->txt("auth_mode_changed_to")." ".$this->getAuthModeTitle(),true);
1379  $this->ctrl->redirect($this,'editScript');
1380  }
1381 
1382 
1389  function getAuthModeTitle()
1390  {
1391  switch ($this->ilias->getSetting("auth_mode"))
1392  {
1393  case AUTH_LOCAL:
1394  return $this->lng->txt("auth_local");
1395  break;
1396 
1397  case AUTH_LDAP:
1398  return $this->lng->txt("auth_ldap");
1399  break;
1400 
1401  case AUTH_SHIBBOLETH:
1402  return $this->lng->txt("auth_shib");
1403  break;
1404 
1405  case AUTH_RADIUS:
1406  return $this->lng->txt("auth_radius");
1407  break;
1408 
1409  case AUTH_SCRIPT:
1410  return $this->lng->txt("auth_script");
1411  break;
1412 
1413  default:
1414  return $this->lng->txt("unknown");
1415  break;
1416  }
1417  }
1418 
1419  function updateAuthRolesObject()
1420  {
1421  global $rbacsystem;
1422 
1423  if (!$rbacsystem->checkAccess("write",$this->object->getRefId()))
1424  {
1425  $this->ilias->raiseError($this->lng->txt("permission_denied"),$this->ilias->error_obj->MESSAGE);
1426  }
1427 
1428  include_once('./Services/AccessControl/classes/class.ilObjRole.php');
1429  ilObjRole::_updateAuthMode($_POST['Fobject']);
1430 
1431  ilUtil::sendInfo($this->lng->txt("auth_mode_roles_changed"),true);
1432  $this->ctrl->redirect($this,'authSettings');
1433  }
1434 
1440  protected function initAuthModeDetermination()
1441  {
1442  if(is_object($this->form))
1443  {
1444  return true;
1445  }
1446  // Are there any authentication methods that support automatic determination ?
1447 
1448  include_once('Services/Authentication/classes/class.ilAuthModeDetermination.php');
1449  $det = ilAuthModeDetermination::_getInstance();
1450  if($det->getCountActiveAuthModes() <= 1)
1451  {
1452  return false;
1453  }
1454 
1455  include_once('./Services/Form/classes/class.ilPropertyFormGUI.php');
1456  $this->form = new ilPropertyFormGUI();
1457  $this->form->setFormAction($this->ctrl->getFormAction($this));
1458  $this->form->setTableWidth('100%');
1459  $this->form->setTitle($this->lng->txt('auth_auth_mode_determination'));
1460  $this->form->addCommandButton('updateAuthModeDetermination',$this->lng->txt('save'));
1461  $this->form->addCommandButton('authSettings',$this->lng->txt('cancel'));
1462 
1463  $kind = new ilRadioGroupInputGUI($this->lng->txt('auth_kind_determination'),'kind');
1464  $kind->setInfo($this->lng->txt('auth_mode_determination_info'));
1465  $kind->setValue($det->getKind());
1466  $kind->setRequired(true);
1467 
1468  $option_user = new ilRadioOption($this->lng->txt('auth_by_user'),0);
1469  $kind->addOption($option_user);
1470 
1471  $option_determination = new ilRadioOption($this->lng->txt('auth_automatic'),1);
1472 
1473  include_once('Services/Authentication/classes/class.ilAuthUtils.php');
1474 
1475  $auth_sequenced = $det->getAuthModeSequence();
1476  $counter = 1;
1477  foreach($auth_sequenced as $auth_mode)
1478  {
1479  switch($auth_mode)
1480  {
1481  case AUTH_LDAP:
1482  $text = $this->lng->txt('auth_ldap');
1483  break;
1484  case AUTH_RADIUS:
1485  $text = $this->lng->txt('auth_radius');
1486  break;
1487  case AUTH_LOCAL:
1488  $text = $this->lng->txt('auth_local');
1489  break;
1490  }
1491 
1492 
1493  $pos = new ilTextInputGUI($text,'position['.$auth_mode.']');
1494  $pos->setValue($counter++);
1495  $pos->setSize(1);
1496  $pos->setMaxLength(1);
1497  $option_determination->addSubItem($pos);
1498  }
1499  $kind->addOption($option_determination);
1500  $this->form->addItem($kind);
1501  return true;
1502  }
1503 
1510  public function updateAuthModeDeterminationObject()
1511  {
1512  include_once('Services/Authentication/classes/class.ilAuthModeDetermination.php');
1513  $det = ilAuthModeDetermination::_getInstance();
1514 
1515  $det->setKind((int) $_POST['kind']);
1516 
1517  $pos = $_POST['position'] ? $_POST['position'] : array();
1518  asort($pos,SORT_NUMERIC);
1519 
1520  $counter = 0;
1521  foreach($pos as $auth_mode => $dummy)
1522  {
1523  $position[$counter++] = $auth_mode;
1524  }
1525  $det->setAuthModeSequence($position ? $position : array());
1526  $det->save();
1527 
1528  ilUtil::sendInfo($this->lng->txt('settings_saved'));
1529  $this->authSettingsObject();
1530  }
1531 
1532 
1533  function &executeCommand()
1534  {
1535  global $ilAccess,$ilErr;
1536 
1537  $next_class = $this->ctrl->getNextClass($this);
1538  $cmd = $this->ctrl->getCmd();
1539  $this->prepareOutput();
1540 
1541 
1542  if(!$ilAccess->checkAccess('read','',$this->object->getRefId()))
1543  {
1544  $ilErr->raiseError($this->lng->txt('msg_no_perm_read'),$ilErr->WARNING);
1545  }
1546 
1547  switch($next_class)
1548  {
1549  case 'ilregistrationsettingsgui':
1550 
1551  include_once './Services/Registration/classes/class.ilRegistrationSettingsGUI.php';
1552 
1553  // Enable tabs
1554  $this->tabs_gui->setTabActive('registration_settings');
1555  $registration_gui =& new ilRegistrationSettingsGUI();
1556  $this->ctrl->forwardCommand($registration_gui);
1557  break;
1558 
1559  case 'ilpermissiongui':
1560 
1561  // Enable tabs
1562  $this->tabs_gui->setTabActive('perm_settings');
1563 
1564  include_once("./classes/class.ilPermissionGUI.php");
1565  $perm_gui =& new ilPermissionGUI($this);
1566  $ret =& $this->ctrl->forwardCommand($perm_gui);
1567  break;
1568 
1569  case 'illdapsettingsgui':
1570 
1571  // Enable Tabs
1572  $this->tabs_gui->setTabActive('auth_ldap');
1573 
1574  include_once './Services/LDAP/classes/class.ilLDAPSettingsGUI.php';
1575  $ldap_settings_gui = new ilLDAPSettingsGUI($this->object->getRefId());
1576  $this->ctrl->forwardCommand($ldap_settings_gui);
1577  break;
1578 
1579  case 'ilradiussettingsgui':
1580 
1581  $this->tabs_gui->setTabActive('auth_radius');
1582  include_once './Services/Radius/classes/class.ilRadiusSettingsGUI.php';
1583  $radius_settings_gui = new ilRadiusSettingsGUI($this->object->getRefId());
1584  $this->ctrl->forwardCommand($radius_settings_gui);
1585  break;
1586 
1587 
1588  default:
1589  if(!$cmd)
1590  {
1591  $cmd = "authSettings";
1592  }
1593  $cmd .= "Object";
1594  $this->$cmd();
1595 
1596  break;
1597  }
1598  return true;
1599  }
1600 
1601  function getAdminTabs(&$tabs_gui)
1602  {
1603  $this->getTabs($tabs_gui);
1604  }
1605 
1611  function getTabs(&$tabs_gui)
1612  {
1613  global $rbacsystem;
1614 
1615  $this->ctrl->setParameter($this,"ref_id",$this->object->getRefId());
1616 
1617  if ($rbacsystem->checkAccess("visible,read",$this->object->getRefId()))
1618  {
1619 
1620  $tabs_gui->addTarget('registration_settings',
1621  $this->ctrl->getLinkTargetByClass('ilregistrationsettingsgui','view'));
1622 
1623  $tabs_gui->addTarget("authentication_settings", $this->ctrl->getLinkTarget($this, "authSettings"),
1624  "", "", "");
1625 
1626  $tabs_gui->addTarget("auth_ldap", $this->ctrl->getLinkTargetByClass('illdapsettingsgui','serverList'),
1627  "", "", "");
1628 
1629 
1630  #$tabs_gui->addTarget("auth_ldap", $this->ctrl->getLinkTarget($this, "editLDAP"),
1631  # "", "", "");
1632 
1633  $tabs_gui->addTarget("auth_shib", $this->ctrl->getLinkTarget($this, "editSHIB"),
1634  "", "", "");
1635 
1636  $tabs_gui->addTarget("auth_cas", $this->ctrl->getLinkTarget($this, "editCAS"),
1637  "", "", "");
1638 
1639  $tabs_gui->addTarget("auth_radius", $this->ctrl->getLinkTargetByClass('ilradiussettingsgui', "settings"),
1640  "", "", "");
1641 
1642  $tabs_gui->addTarget("auth_soap", $this->ctrl->getLinkTarget($this, "editSOAP"),
1643  "", "", "");
1644 
1645  }
1646 
1647  if ($rbacsystem->checkAccess('edit_permission',$this->object->getRefId()))
1648  {
1649  $tabs_gui->addTarget("perm_settings",
1650  $this->ctrl->getLinkTargetByClass(array(get_class($this),'ilpermissiongui'), "perm"),
1651  array("perm","info","owner"), 'ilpermissiongui');
1652  }
1653  }
1654 
1658  function setSubTabs($a_tab)
1659  {
1660  global $rbacsystem,$ilUser,$ilAccess;
1661 
1662  switch ($a_tab)
1663  {
1664  case 'authSettings':
1665  if($ilAccess->checkAccess('write','',$this->object->getRefId()))
1666  {
1667  $this->tabs_gui->addSubTabTarget("auth_settings",
1668  $this->ctrl->getLinkTarget($this,'authSettings'),
1669  "");
1670  }
1671 
1672  if($ilAccess->checkAccess('write','',$this->object->getRefId()))
1673  {
1674  $this->tabs_gui->addSubTabTarget("login_information",
1675  $this->ctrl->getLinkTarget($this,'loginInfo'),
1676  "");
1677  }
1678  break;
1679  }
1680  }
1681 } // END class.ilObjAuthSettingsGUI
1682 ?>