ILIAS  Release_3_10_x_branch Revision 61812
 All Data Structures Namespaces Files Functions Variables Groups Pages
class.ilLDAPSettingsGUI.php
Go to the documentation of this file.
1 <?php
2 /*
3  +-----------------------------------------------------------------------------+
4  | ILIAS open source |
5  +-----------------------------------------------------------------------------+
6  | Copyright (c) 1998-2006 ILIAS open source, University of Cologne |
7  | |
8  | This program is free software; you can redistribute it and/or |
9  | modify it under the terms of the GNU General Public License |
10  | as published by the Free Software Foundation; either version 2 |
11  | of the License, or (at your option) any later version. |
12  | |
13  | This program is distributed in the hope that it will be useful, |
14  | but WITHOUT ANY WARRANTY; without even the implied warranty of |
15  | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
16  | GNU General Public License for more details. |
17  | |
18  | You should have received a copy of the GNU General Public License |
19  | along with this program; if not, write to the Free Software |
20  | Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. |
21  +-----------------------------------------------------------------------------+
22 */
23 
33 class ilLDAPSettingsGUI
34 {
35  private $ref_id = null;
36 
37  public function __construct($a_auth_ref_id)
38  {
39  global $lng,$ilCtrl,$tpl,$ilTabs;
40 
41  $this->ctrl = $ilCtrl;
42  $this->tabs_gui = $ilTabs;
43  $this->lng = $lng;
44  $this->lng->loadLanguageModule('ldap');
45 
46  $this->tpl = $tpl;
47 
48  $this->ctrl->saveParameter($this,'ldap_server_id');
49  $this->ref_id = $a_auth_ref_id;
50 
51 
52  $this->initServer();
53  }
54 
55  public function executeCommand()
56  {
57  global $ilAccess,$ilErr;
58 
59  if(!$ilAccess->checkAccess('write','',$this->ref_id))
60  {
61  $ilErr->raiseError($this->lng->txt('msg_no_perm_write'),$ilErr->WARNING);
62  }
63 
64  $next_class = $this->ctrl->getNextClass($this);
65  $cmd = $this->ctrl->getCmd();
66 
67  switch($next_class)
68  {
69  default:
70  if(!$cmd)
71  {
72  $cmd = "serverList";
73  }
74  $this->$cmd();
75  break;
76  }
77  return true;
78  }
79 
86  public function roleAssignments()
87  {
88  global $rbacreview;
89 
90  $this->setSubTabs();
91  $this->tabs_gui->setSubTabActive('ldap_role_assignments');
92 
93  $this->tpl->addBlockFile('ADM_CONTENT','adm_content','tpl.ldap_role_assignments.html','Services/LDAP');
94 
95  include_once('Services/LDAP/classes/class.ilLDAPRoleAssignmentRule.php');
96  $this->initFormRoleAssignments('create',$this->role_mapping_rule = ilLDAPRoleAssignmentRule::_getInstanceByRuleId(0));
97  $this->tpl->setVariable('NEW_ASSIGNMENT_TBL',$this->form->getHTML());
98 
99 
100  if(count($rules = ilLDAPRoleAssignmentRule::_getRules()))
101  {
102  include_once("./Services/LDAP/classes/class.ilLDAPRoleAssignmentTableGUI.php");
103  $table_gui = new ilLDAPRoleAssignmentTableGUI($this,'roleAssignments');
104  $table_gui->setTitle($this->lng->txt("ldap_tbl_role_ass"));
105  $table_gui->parse($rules);
106  $table_gui->addMultiCommand("confirmDeleteRules", $this->lng->txt("delete"));
107  $table_gui->setSelectAllCheckbox("rule_id");
108  $this->tpl->setVariable('RULES_TBL',$table_gui->getHTML());
109  }
110  }
111 
118  public function editRoleAssignment()
119  {
120  if(!$_GET['rule_id'])
121  {
122  ilUtil::sendinfo($this->lng->txt('select_one'));
123  $this->roleAssignments();
124  return false;
125  }
126  $this->setSubTabs();
127  $this->tabs_gui->setSubTabActive('ldap_role_assignments');
128 
129  $this->ctrl->saveParameter($this,'rule_id',(int) $_GET['rule_id']);
130  include_once('Services/LDAP/classes/class.ilLDAPRoleAssignmentRule.php');
131  $this->initFormRoleAssignments('edit',
132  $this->role_mapping_rule = ilLDAPRoleAssignmentRule::_getInstanceByRuleId((int) $_GET['rule_id']));
133  $this->tpl->setContent($this->form->getHTML());
134  }
135 
142  public function updateRoleAssignment()
143  {
144  global $ilErr;
145 
146  if(!$_GET['rule_id'])
147  {
148  ilUtil::sendInfo($this->lng->txt('select_one'));
149  $this->roleAssignments();
150  return false;
151  }
152  include_once('Services/LDAP/classes/class.ilLDAPRoleAssignmentRule.php');
153  $role_assignment = ilLDAPRoleAssignmentRule::_getInstanceByRuleId((int) $_GET['rule_id']);
154  $role_assignment->setDN(ilUtil::stripSlashes($_POST['dn']));
155  $role_assignment->setMemberAttribute(ilUtil::stripSlashes($_POST['at']));
156  $role_assignment->setMemberIsDN((int) $_POST['isdn']);
157  $role_assignment->setAttributeName(ilUtil::stripSlashes($_POST['name']));
158  $role_assignment->setAttributeValue(ilUtil::stripSlashes($_POST['value']));
159  $role_assignment->setRoleId((int) $_POST['role']);
160  $role_assignment->setType((int) $_POST['type']);
161 
162  if(!$role_assignment->validate())
163  {
164  ilUtil::sendInfo($this->lng->txt($ilErr->getMessage()));
165  $this->editRoleAssignment();
166  return false;
167  }
168 
169  $role_assignment->update();
170  ilUtil::sendInfo($this->lng->txt('settings_saved'));
171  $this->roleAssignments();
172  }
173 
181  public function confirmDeleteRules()
182  {
183  if(!is_array($_POST['rule_ids']))
184  {
185  ilUtil::sendInfo($this->lng->txt('select_one'));
186  $this->roleAssignments();
187  return false;
188  }
189  $this->setSubTabs();
190  $this->tabs_gui->setSubTabActive('ldap_role_assignments');
191 
192  include_once("Services/Utilities/classes/class.ilConfirmationGUI.php");
193  $c_gui = new ilConfirmationGUI();
194 
195  // set confirm/cancel commands
196  $c_gui->setFormAction($this->ctrl->getFormAction($this, "deleteRules"));
197  $c_gui->setHeaderText($this->lng->txt("ldap_confirm_del_role_ass"));
198  $c_gui->setCancel($this->lng->txt("cancel"), "roleAssignments");
199  $c_gui->setConfirm($this->lng->txt("confirm"), "deleteRules");
200 
201  // add items to delete
202  include_once('Services/LDAP/classes/class.ilLDAPRoleAssignmentRule.php');
203  foreach($_POST["rule_ids"] as $rule_id)
204  {
205  $rule = ilLDAPRoleAssignmentRule::_getInstanceByRuleId($rule_id);
206  $c_gui->addItem('rule_ids[]',$rule_id,$rule->conditionToString());
207  }
208  $this->tpl->setContent($c_gui->getHTML());
209  }
210 
217  public function deleteRules()
218  {
219  if(!is_array($_POST['rule_ids']))
220  {
221  ilUtil::sendInfo($this->lng->txt('select_once'));
222  $this->roleAssignments();
223  return false;
224  }
225  include_once('Services/LDAP/classes/class.ilLDAPRoleAssignmentRule.php');
226  foreach($_POST["rule_ids"] as $rule_id)
227  {
228  $rule = ilLDAPRoleAssignmentRule::_getInstanceByRuleId($rule_id);
229  $rule->delete();
230  }
231  ilUtil::sendInfo($this->lng->txt('ldap_deleted_rule'));
232  $this->roleAssignments();
233  return true;
234  }
235 
242  public function addRoleAssignment()
243  {
244  global $ilErr;
245 
246  include_once('Services/LDAP/classes/class.ilLDAPRoleAssignmentRule.php');
247  include_once('Services/LDAP/classes/class.ilLDAPServer.php');
248 
249  $role_assignment = ilLDAPRoleAssignmentRule::_getInstanceByRuleId(0);
250  $role_assignment->setServerId(ilLDAPServer::_getFirstActiveServer());
251  $role_assignment->setDN(ilUtil::stripSlashes($_POST['dn']));
252  $role_assignment->setMemberAttribute(ilUtil::stripSlashes($_POST['at']));
253  $role_assignment->setMemberIsDN((int) $_POST['isdn']);
254  $role_assignment->setAttributeName(ilUtil::stripSlashes($_POST['name']));
255  $role_assignment->setAttributeValue(ilUtil::stripSlashes($_POST['value']));
256  $role_assignment->setRoleId((int) $_POST['role']);
257  $role_assignment->setType((int) $_POST['type']);
258 
259  if(!$role_assignment->validate())
260  {
261  ilUtil::sendInfo($this->lng->txt($ilErr->getMessage()));
262  $this->roleAssignments();
263  return false;
264  }
265 
266  $role_assignment->create();
267  ilUtil::sendInfo($this->lng->txt('settings_saved'));
268  unset($_POST);
269  $this->roleAssignments();
270  }
271 
272 
273  public function roleMapping()
274  {
275  $this->initRoleMapping();
276 
277  $this->setSubTabs();
278  $this->tabs_gui->setSubTabActive('ldap_role_mapping');
279 
280  $this->tpl->addBlockFile('ADM_CONTENT','adm_content','tpl.ldap_role_mapping.html','Services/LDAP');
281  $this->tpl->setVariable("FORMACTION",$this->ctrl->getFormAction($this,'saveRoleMapping'));
282 
283  // Role Sync
284  $this->tpl->setVariable('TXT_ROLE_SETTINGS',$this->lng->txt('ldap_role_settings'));
285  $this->tpl->setVariable('TXT_ROLE_ACTIVE',$this->lng->txt('ldap_role_active'));
286  $this->tpl->setVariable('TXT_ROLE_BIND_USER',$this->lng->txt('ldap_role_bind_user'));
287  $this->tpl->setVariable('TXT_ROLE_BIND_PASS',$this->lng->txt('ldap_role_bind_pass'));
288  $this->tpl->setVariable('TXT_ROLE_ASSIGNMENTS',$this->lng->txt('ldap_role_assignments'));
289  $this->tpl->setVariable('TXT_BINDING',$this->lng->txt('ldap_server_binding'));
290 
291  $this->tpl->setVariable('TXT_ROLE_BIND_USER_INFO',$this->lng->txt('ldap_role_bind_user_info'));
292  $this->tpl->setVariable('TXT_ROLE_ASSIGNMENTS_INFO',$this->lng->txt('ldap_role_assignments_info'));
293 
294 
295  $mapping_data = $this->role_mapping->getMappings();
296  $mapping_data = $this->loadMappingCopy($mapping_data);
297  $this->loadMappingDetails();
298 
299  // Section new assignment
300  $this->tpl->setVariable('TXT_NEW_ASSIGNMENT',$this->lng->txt('ldap_new_role_assignment'));
301  $this->tpl->setVariable('TXT_URL',$this->lng->txt('ldap_server'));
302  $this->tpl->setVariable('TXT_DN',$this->lng->txt('ldap_group_dn'));
303  $this->tpl->setVariable('TXT_MEMBER',$this->lng->txt('ldap_group_member'));
304  $this->tpl->setVariable('TXT_MEMBER_ISDN',$this->lng->txt('ldap_memberisdn'));
305  $this->tpl->setVariable('TXT_ROLE',$this->lng->txt('ldap_ilias_role'));
306  $this->tpl->setVariable('TXT_ROLE_INFO',$this->lng->txt('ldap_role_info'));
307  $this->tpl->setVariable('TXT_DN_INFO',$this->lng->txt('ldap_dn_info'));
308  $this->tpl->setVariable('TXT_MEMBER_INFO',$this->lng->txt('ldap_member_info'));
309  $this->tpl->setVariable('TXT_MEMBERISDN',$this->lng->txt('ldap_memberisdn'));
310  $this->tpl->setVariable('TXT_INFO',$this->lng->txt('ldap_info_text'));
311  $this->tpl->setVariable('TXT_INFO_INFO',$this->lng->txt('ldap_info_text_info'));
312 
313 
314  $this->tpl->setVariable('ROLE_BIND_USER',$this->server->getRoleBindDN());
315  $this->tpl->setVariable('ROLE_BIND_PASS',$this->server->getRoleBindPassword());
316  $this->tpl->setVariable('CHECK_ROLE_ACTIVE',ilUtil::formCheckbox($this->server->enabledRoleSynchronization() ? true : false,
317  'role_sync_active',
318  1));
319 
320  // Section new assignment
321  $this->tpl->setVariable('URL',$mapping_data[0]['url'] ? $mapping_data[0]['url'] : $this->server->getUrl());
322  $this->tpl->setVariable('DN',$mapping_data[0]['dn']);
323  $this->tpl->setVariable('ROLE',$mapping_data[0]['role_name']);
324  $this->tpl->setVariable('MEMBER',$mapping_data[0]['member_attribute']);
325  $this->tpl->setVariable('CHECK_MEMBERISDN',ilUtil::formCheckbox($mapping_data[0]['memberisdn'],
326  'mapping[0][memberisdn]',
327  1));
328  $this->tpl->setVariable('MAPPING_INFO',$mapping_data[0]['info']);
329 
330  $info_type_checked = isset($mapping_data[0]['info_type']) ? $mapping_data[0]['info_type'] : 1;
331 
332  $this->tpl->setVariable('TXT_MAPPING_INFO_TYPE',$this->lng->txt('ldap_mapping_info_type'));
333  $this->tpl->setVariable('CHECK_MAPPING_INFO_TYPE',ilUtil::formCheckbox($info_type_checked,
334  'mapping[0][info_type]',
335  1));
336 
337  unset($mapping_data[0]);
338 
339  // Section assignments
340  if(count($mapping_data))
341  {
342  $this->tpl->setCurrentBlock('txt_assignments');
343  $this->tpl->setVariable('TXT_ASSIGNMENTS',$this->lng->txt('ldap_role_group_assignments'));
344  $this->tpl->parseCurrentBlock();
345 
346  $this->tpl->setCurrentBlock('delete_btn');
347  $this->tpl->setVariable('SOURCE',ilUtil::getImagePath("arrow_downright.gif"));
348  $this->tpl->setVariable('TXT_DELETE',$this->lng->txt('delete'));
349  $this->tpl->parseCurrentBlock();
350  }
351 
352  $mapping_data = $this->sortMappingData($mapping_data);
353 
354  foreach($mapping_data as $data)
355  {
356  $mapping_id = $data['mapping_id'];
357  if(in_array($mapping_id,$_SESSION['ldap_mapping_details']))
358  {
359  $this->tpl->setCurrentBlock('show_mapping_details');
360  $this->tpl->setVariable('ASS_GROUP_URL',$this->lng->txt('ldap_server_short'));
361  $this->tpl->setVariable('ASS_GROUP_DN',$this->lng->txt('ldap_group_dn_short'));
362  $this->tpl->setVariable('ASS_MEMBER_ATTR',$this->lng->txt('ldap_group_member_short'));
363  $this->tpl->setVariable('ASS_ROLE',$this->lng->txt('ldap_ilias_role_short'));
364  $this->tpl->setVariable('ASS_INFO',$this->lng->txt('ldap_info_text_short'));
365  $this->tpl->setVariable('ROW_ID',$mapping_id);
366  $this->tpl->setVariable('ROW_URL',$data['url']);
367  $this->tpl->setVariable('ROW_ROLE',$data['role_name'] ? $data['role_name'] : $data['role']);
368  $this->tpl->setVariable('ROW_DN',$data['dn']);
369  $this->tpl->setVariable('ROW_MEMBER',$data['member_attribute']);
370  $this->tpl->setVariable('TXT_ROW_MEMBERISDN',$this->lng->txt('ldap_memberisdn'));
371  $this->tpl->setVariable('ROW_CHECK_MEMBERISDN',ilUtil::formCheckbox($data['member_isdn'],
372  'mapping['.$mapping_id.'][memberisdn]',
373  1));
374  $this->tpl->setVariable('ROW_INFO',ilUtil::prepareFormOutput($data['info']));
375  $this->tpl->setVariable('TXT_ROW_INFO_TYPE',$this->lng->txt('ldap_mapping_info_type'));
376  $this->tpl->setVariable('ROW_CHECK_INFO_TYPE',ilUtil::formCheckbox($data['info_type'],
377  'mapping['.$mapping_id.'][info_type]',
378  1));
379  $this->tpl->parseCurrentBlock();
380  }
381 
382  // assignment row
383  $this->tpl->setCurrentBlock('assignments');
384 
385  // Copy link
386  $this->ctrl->setParameter($this,'mapping_id',$mapping_id);
387  $this->tpl->setVariable('COPY_LINK',$this->ctrl->getLinkTarget($this,'roleMapping'));
388  $this->tpl->setVariable('TXT_COPY',$this->lng->txt('copy'));
389  $this->ctrl->clearParameters($this);
390 
391  // Details link
392  if(!in_array($mapping_id,$_SESSION['ldap_mapping_details']))
393  {
394  $this->ctrl->setParameter($this,'details_show',$mapping_id);
395  $this->tpl->setVariable('DETAILS_LINK',$this->ctrl->getLinkTarget($this,'roleMapping'));
396  $this->tpl->setVariable('TXT_DETAILS',$this->lng->txt('show_details'));
397  $this->ctrl->clearParameters($this);
398  }
399  else
400  {
401  $this->ctrl->setParameter($this,'details_hide',$mapping_id);
402  $this->tpl->setVariable('DETAILS_LINK',$this->ctrl->getLinkTarget($this,'roleMapping'));
403  $this->tpl->setVariable('TXT_DETAILS',$this->lng->txt('hide_details'));
404  $this->ctrl->clearParameters($this);
405  }
406  if(!count($_SESSION['ldap_mapping_details']))
407  {
408  $this->tpl->setVariable('WIDTH',"50%");
409  }
410  $this->tpl->setVariable('ROW_CHECK',ilUtil::formCheckbox(0,
411  'mappings[]',$mapping_id));
412  $this->tpl->setVariable('TXT_TITLE_TITLE',$this->lng->txt('title'));
413  $this->tpl->setVariable('TXT_TITLE_ROLE',$this->lng->txt('obj_role'));
414  $this->tpl->setVariable('TXT_TITLE_GROUP',$this->lng->txt('obj_grp'));
415  $this->tpl->setVariable('TITLE_GROUP',$this->role_mapping->getMappingInfoString($mapping_id));
416  $this->tpl->setVariable('TITLE_TITLE',ilUtil::shortenText($data['obj_title'],30,true));
417  $this->tpl->setVariable('TITLE_ROLE',$data['role_name']);
418 
419  $this->tpl->parseCurrentBlock();
420  }
421 
422 
423  $this->tpl->setVariable('TXT_SAVE',$this->lng->txt('save'));
424  $this->tpl->setVariable('TXT_REQUIRED_FLD',$this->lng->txt('required_field'));
425  }
426 
427 
428  public function deleteRoleMapping()
429  {
430  if(!count($_POST['mappings']))
431  {
432  ilUtil::sendInfo($this->lng->txt('select_one'));
433  $this->roleMapping();
434  return false;
435  }
436 
437  $this->initRoleMapping();
438 
439  foreach($_POST['mappings'] as $mapping_id)
440  {
441  $this->role_mapping->delete($mapping_id);
442  }
443  ilUtil::sendInfo($this->lng->txt('ldap_deleted_role_mapping'));
444  $this->roleMapping();
445  return true;
446  }
447 
448  public function reset()
449  {
450  unset($_POST['mapping_template']);
451  $this->userMapping();
452  }
453 
454  public function saveRoleMapping()
455  {
456  global $ilErr;
457 
458  $this->server->setRoleBindDN(ilUtil::stripSlashes($_POST['role_bind_user']));
459  $this->server->setRoleBindPassword(ilUtil::stripSlashes($_POST['role_bind_pass']));
460  $this->server->enableRoleSynchronization((int) $_POST['role_sync_active']);
461 
462  // Update or create
463  if($this->server->getServerId())
464  {
465  $this->server->update();
466  }
467  else
468  {
469  $_GET['ldap_server_id'] = $this->server->create();
470  }
471 
472  $this->initRoleMapping();
473  $this->role_mapping->loadFromPost($_POST['mapping']);
474  if(!$this->role_mapping->validate())
475  {
476  ilUtil::sendInfo($ilErr->getMessage());
477  $this->roleMapping();
478  return false;
479  }
480  $this->role_mapping->save();
481 
482  ilUtil::sendInfo($this->lng->txt('settings_saved'));
483  $this->roleMapping();
484  return true;
485  }
486 
487  public function userMapping($a_show_defaults = false)
488  {
489  $this->initAttributeMapping();
490 
491  $this->setSubTabs();
492  $this->tabs_gui->setSubTabActive('ldap_user_mapping');
493 
494  $this->tpl->addBlockFile('ADM_CONTENT','adm_content','tpl.ldap_user_mapping.html','Services/LDAP');
495  $this->tpl->setVariable("FORMACTION",$this->ctrl->getFormAction($this));
496 
497  $this->tpl->setVariable('TXT_LDAP_MAPPING',$this->lng->txt('ldap_mapping_table'));
498  $this->tpl->setVariable('SELECT_MAPPING',$this->prepareMappingSelect());
499 
500  if($_POST['mapping_template'])
501  {
502  $this->tpl->setCurrentBlock('reset');
503  $this->tpl->setVariable('TXT_RESET',$this->lng->txt('reset'));
504  $this->tpl->parseCurrentBlock();
505  }
506 
507  foreach($this->getMappingFields() as $mapping => $translation)
508  {
509  $this->tpl->setCurrentBlock('attribute_row');
510  $this->tpl->setVariable('TXT_NAME',$translation);
511  $this->tpl->setVariable('FIELD_NAME',$mapping.'_value');
512  $this->tpl->setVariable('FIELD_VALUE',$this->mapping->getValue($mapping));
513  $this->tpl->setVariable('CHECK_FIELD',ilUtil::formCheckbox($this->mapping->enabledUpdate($mapping),$mapping.'_update',1));
514  $this->tpl->setVariable('UPDATE_INFO',$this->lng->txt('ldap_update_field_info'));
515  $this->tpl->parseCurrentBlock();
516  }
517 
518  // Show user defined fields
519  $this->initUserDefinedFields();
520  foreach($this->udf->getDefinitions() as $definition)
521  {
522  $this->tpl->setCurrentBlock('attribute_row');
523  $this->tpl->setVariable('TXT_NAME',$definition['field_name']);
524  $this->tpl->setVariable('FIELD_NAME','udf_'.$definition['field_id'].'_value');
525  $this->tpl->setVariable('FIELD_VALUE',$this->mapping->getValue('udf_'.$definition['field_id']));
526  $this->tpl->setVariable('CHECK_FIELD',ilUtil::formCheckbox($this->mapping->enabledUpdate('udf_'.$definition['field_id']),
527  'udf_'.$definition['field_id'].'_update',1));
528  $this->tpl->setVariable('UPDATE_INFO',$this->lng->txt('ldap_update_field_info'));
529  $this->tpl->parseCurrentBlock();
530 
531  }
532 
533  $this->tpl->setVariable('TXT_SAVE',$this->lng->txt('save'));
534  $this->tpl->setVariable('TXT_SHOW',$this->lng->txt('show'));
535  }
536 
537  public function chooseMapping()
538  {
539  if(!$_POST['mapping_template'])
540  {
541  $this->userMapping();
542  return;
543  }
544 
545  $this->initAttributeMapping();
546  $this->mapping->clearRules();
547 
548  include_once('Services/LDAP/classes/class.ilLDAPAttributeMappingUtils.php');
549  foreach(ilLDAPAttributeMappingUtils::_getMappingRulesByClass($_POST['mapping_template']) as $key => $value)
550  {
551  $this->mapping->setRule($key,$value,0);
552  }
553  $this->userMapping();
554  return true;
555  }
556 
557  public function saveMapping()
558  {
559  $this->initAttributeMapping();
560  foreach($this->getMappingFields() as $key => $mapping)
561  {
562  $this->mapping->setRule($key,ilUtil::stripSlashes($_POST[$key.'_value']),(int) $_POST[$key.'_update']);
563  }
564  $this->initUserDefinedFields();
565  foreach($this->udf->getDefinitions() as $definition)
566  {
567  $key = 'udf_'.$definition['field_id'];
568  $this->mapping->setRule($key,ilUtil::stripSlashes($_POST[$key.'_value']),(int) $_POST[$key.'_update']);
569  }
570 
571  $this->mapping->save();
572  $this->userMapping();
573 
574  ilUtil::sendInfo($this->lng->txt('settings_saved'));
575  unset($_POST['mapping_template']);
576  return;
577  }
578 
579  public function serverList()
580  {
581  $this->setSubTabs();
582  $this->tabs_gui->setSubTabActive('ldap_settings');
583 
584  $this->tpl->addBlockFile('ADM_CONTENT','adm_content','tpl.ldap_server_list.html','Services/LDAP');
585  $this->tpl->setVariable("FORMACTION",$this->ctrl->getFormAction($this));
586 
587  // Text variables
588  $this->tpl->setVariable("TXT_LDAP_SERVER_SETTINGS",$this->lng->txt('ldap_configure'));
589  $this->tpl->setVariable('TXT_ACTIVE',$this->lng->txt('auth_ldap_enable'));
590  $this->tpl->setVariable('TXT_SERVER_NAME',$this->lng->txt('ldap_server_name'));
591  $this->tpl->setVariable('TXT_SERVER_URL',$this->lng->txt('ldap_server'));
592  $this->tpl->setVariable('TXT_SERVER_VERSION',$this->lng->txt('ldap_version'));
593  $this->tpl->setVariable('TXT_BASE_DN',$this->lng->txt('basedn'));
594  $this->tpl->setVariable('TXT_REFERRALS',$this->lng->txt('ldap_referrals'));
595 
596  $this->tpl->setVariable('TXT_SECURITY_SETTINGS',$this->lng->txt('ldap_server_security_settings'));
597  $this->tpl->setVariable('TXT_TLS',$this->lng->txt('ldap_tls'));
598  $this->tpl->setVariable('TXT_BINDING',$this->lng->txt('ldap_server_binding'));
599  $this->tpl->setVariable('TXT_ANONYMOUS',$this->lng->txt('ldap_bind_anonymous'));
600  $this->tpl->setVariable('TXT_USER',$this->lng->txt('ldap_bind_user'));
601  $this->tpl->setVariable('TXT_BIND_DN',$this->lng->txt('ldap_server_bind_dn'));
602  $this->tpl->setVariable('TXT_BIND_PASSWD',$this->lng->txt('ldap_server_bind_pass'));
603 
604  $this->tpl->setVariable('TXT_AUTH_SETTINGS',$this->lng->txt('ldap_authentication_settings'));
605  $this->tpl->setVariable('TXT_USER_ATTRIBUTE',$this->lng->txt('ldap_user_attribute'));
606  $this->tpl->setVariable('TXT_USER_SCOPE',$this->lng->txt('ldap_user_scope'));
607  $this->tpl->setVariable('TXT_SEARCH_BASE',$this->lng->txt('ldap_user_dn'));
608  $this->tpl->setVariable('TXT_FILTER',$this->lng->txt('ldap_search_filter'));
609  $this->tpl->setVariable('TXT_REQUIRED_FLD',$this->lng->txt('required_field'));
610 
611  // Group restrictions
612  $this->tpl->setVariable('TXT_GROUP_RESTRICTIONS',$this->lng->txt('ldap_group_restrictions'));
613  $this->tpl->setVariable('TXT_GROUP_DN',$this->lng->txt('ldap_group_search_base'));
614  $this->tpl->setVariable('TXT_GROUP_SCOPE',$this->lng->txt('ldap_group_scope'));
615  $this->tpl->setVariable('TXT_GROUP_FILTER',$this->lng->txt('ldap_group_filter'));
616  $this->tpl->setVariable('TXT_MEMBER',$this->lng->txt('ldap_group_member'));
617  $this->tpl->setVariable('TXT_MEMBERISDN',$this->lng->txt('ldap_memberisdn'));
618  $this->tpl->setVariable('TXT_GROUP',$this->lng->txt('ldap_group_name'));
619  $this->tpl->setVariable('TXT_GROUP_ATTRIBUTE',$this->lng->txt('ldap_group_attribute'));
620  $this->tpl->setVariable('TXT_GROUP_MEMBERSHIP',$this->lng->txt('ldap_group_membership'));
621  $this->tpl->setVariable('TXT_OPTIONAL',$this->lng->txt('ldap_group_member_optional'));
622  $this->tpl->setVariable('TXT_GROUP_USER_FILTER',$this->lng->txt('ldap_group_user_filter'));
623  $this->tpl->setVariable('TXT_OPTIONAL_INFO',$this->lng->txt('ldap_group_optional_info'));
624 
625  // User Sync
626  $this->tpl->setVariable('TXT_USER_SYNC',$this->lng->txt('ldap_user_sync'));
627  $this->tpl->setVariable('TXT_MOMENT',$this->lng->txt('ldap_moment_sync'));
628  $this->tpl->setVariable('TXT_LOGIN',$this->lng->txt('ldap_sync_login'));
629  $this->tpl->setVariable('TXT_CRON',$this->lng->txt('ldap_sync_cron'));
630  $this->tpl->setVariable('TXT_GLOBAL_ROLE',$this->lng->txt('ldap_global_role_assignment'));
631 
632  $this->tpl->setVariable('TXT_SAVE',$this->lng->txt('save'));
633 
634  // Info text
635  $this->tpl->setVariable('TXT_SERVER_NAME_INFO',$this->lng->txt('ldap_server_name_info'));
636  $this->tpl->setVariable('TXT_SERVER_URL_INFO',$this->lng->txt('ldap_server_url_info'));
637  $this->tpl->setVariable('TXT_SERVER_VERSION_INFO',$this->lng->txt('ldap_server_version_info'));
638  $this->tpl->setVariable('TXT_REFERRALS_INFO',$this->lng->txt('ldap_referrals_info'));
639  $this->tpl->setVariable('TXT_SEARCH_BASE_INFO',$this->lng->txt('ldap_search_base_info'));
640  $this->tpl->setVariable('TXT_FILTER_INFO',$this->lng->txt('ldap_filter_info'));
641  $this->tpl->setVariable('TXT_GROUP_DN_INFO',$this->lng->txt('ldap_group_dn_info'));
642  $this->tpl->setVariable('TXT_GROUP_FILTER_INFO',$this->lng->txt('ldap_group_filter_info'));
643  $this->tpl->setVariable('TXT_MEMBER_INFO',$this->lng->txt('ldap_group_member_info'));
644  $this->tpl->setVariable('TXT_GROUP_INFO',$this->lng->txt('ldap_group_name_info'));
645  $this->tpl->setVariable('TXT_GROUP_ATTRIBUTE_INFO',$this->lng->txt('ldap_group_attribute_info'));
646  $this->tpl->setVariable('TXT_GROUP_SCOPE_INFO',$this->lng->txt('ldap_group_scope_info'));
647  $this->tpl->setVariable('TXT_USER_SCOPE_INFO',$this->lng->txt('ldap_user_scope_info'));
648  $this->tpl->setVariable('TXT_USER_SYNC_INFO',$this->lng->txt('ldap_user_sync_info'));
649  $this->tpl->setVariable('TXT_GLOBAL_ROLE_INFO',$this->lng->txt('ldap_global_role_info'));
650 
651 
652  // Settings
653  $this->tpl->setVariable('CHECK_ACTIVE',ilUtil::formCheckbox($this->server->isActive() ? true : false,'active',1));
654  $this->tpl->setVariable('SERVER_NAME',$this->server->getName());
655  $this->tpl->setVariable('SERVER_URL',$this->server->getUrlString());
656  $this->tpl->setVariable('SELECT_VERSION',ilUtil::formSelect($this->server->getVersion(),
657  'version',array(2 => 2,3 => 3),false,true));
658  $this->tpl->setVariable('BASE_DN',$this->server->getBaseDN());
659  $this->tpl->setVariable('CHECK_REFERRALS',ilUtil::formCheckbox($this->server->isActiveReferrer() ? true : false,'referrals',1));
660  $this->tpl->setVariable('CHECK_TLS',ilUtil::formCheckbox($this->server->isActiveTLS() ? true : false,'tls',1));
661 
662  $this->tpl->setVariable('RADIO_ANONYMOUS',ilUtil::formRadioButton($this->server->getBindingType() == IL_LDAP_BIND_ANONYMOUS ? true : false,
663  'binding_type',IL_LDAP_BIND_ANONYMOUS));
664  $this->tpl->setVariable('RADIO_USER',ilUtil::formRadioButton($this->server->getBindingType() == IL_LDAP_BIND_USER ? true : false,
665  'binding_type',IL_LDAP_BIND_USER));
666  $this->tpl->setVariable('BIND_DN',$this->server->getBindUser());
667  $this->tpl->setVariable('BIND_PASS',$this->server->getBindPassword());
668 
669  $this->tpl->setVariable('SEARCH_BASE',$this->server->getSearchBase());
670  $this->tpl->setVariable('USER_ATTRIBUTE',$this->server->getUserAttribute());
671  $this->tpl->setVariable('SELECT_USER_SCOPE',ilUtil::formSelect($this->server->getUserScope(),
672  'user_scope',
673  array(IL_LDAP_SCOPE_ONE => $this->lng->txt('ldap_scope_one'),
674  IL_LDAP_SCOPE_SUB => $this->lng->txt('ldap_scope_sub')),false,true));
675  $this->tpl->setVariable('FILTER',$this->server->getFilter());
676  $this->tpl->setVariable('GROUP_DN',$this->server->getGroupDN());
677  $this->tpl->setVariable('SELECT_GROUP_SCOPE',ilUtil::formSelect($this->server->getGroupScope(),
678  'group_scope',
679  array(IL_LDAP_SCOPE_ONE => $this->lng->txt('ldap_scope_one'),
680  IL_LDAP_SCOPE_SUB => $this->lng->txt('ldap_scope_sub')),false,true));
681  $this->tpl->setVariable('GROUP_FILTER',$this->server->getGroupFilter());
682  $this->tpl->setVariable('GROUP_MEMBER',$this->server->getGroupMember());
683  $this->tpl->setVariable('CHECK_MEMBERISDN',ilUtil::formCheckbox($this->server->enabledGroupMemberIsDN() ? 1 : 0,'memberisdn',1));
684  $this->tpl->setVariable('GROUP',$this->server->getGroupName());
685  $this->tpl->setVariable('GROUP_ATTRIBUTE',$this->server->getGroupAttribute());
686  $this->tpl->setVariable('GROUP_USER_FILTER',$this->server->getGroupUserFilter());
687 
688  $this->tpl->setVariable('CHECK_OPTIONAL',ilUtil::formCheckbox($this->server->isMembershipOptional() ? 1 : 0,
689  'group_optional',
690  1));
691  // User sync
692  $this->tpl->setVariable('CHECK_LOGIN',ilUtil::formCheckbox($this->server->enabledSyncOnLogin() ? true : false,
693  'sync_on_login',
694  1));
695  $this->tpl->setVariable('CHECK_CRON',ilUtil::formCheckbox($this->server->enabledSyncPerCron() ? true : false,
696  'sync_per_cron',
697  1));
698  $this->tpl->setVariable('SELECT_GLOBAL_ROLE',$this->prepareRoleSelect());
699 
700  return true;
701  }
702 
703  /*
704  * Update Settings
705  */
706  function save()
707  {
708  global $ilErr;
709 
710  $this->server->toggleActive((int) $_POST['active']);
711  $this->server->setName(ilUtil::stripSlashes($_POST['server_name']));
712  $this->server->setUrl(ilUtil::stripSlashes($_POST['server_url']));
713  $this->server->setVersion(ilUtil::stripSlashes($_POST['version']));
714  $this->server->setBaseDN(ilUtil::stripSlashes($_POST['base_dn']));
715  $this->server->toggleReferrer(ilUtil::stripSlashes($_POST['referrals']));
716  $this->server->toggleTLS(ilUtil::stripSlashes($_POST['tls']));
717  $this->server->setBindingType((int) $_POST['binding_type']);
718  $this->server->setBindUser(ilUtil::stripSlashes($_POST['bind_dn']));
719  $this->server->setBindPassword(ilUtil::stripSlashes($_POST['bind_pass']));
720  $this->server->setSearchBase(ilUtil::stripSlashes($_POST['search_base']));
721  $this->server->setUserScope((int) $_POST['user_scope']);
722  $this->server->setUserAttribute(ilUtil::stripSlashes($_POST['user_attribute']));
723  $this->server->setFilter(ilUtil::stripSlashes($_POST['filter']));
724  $this->server->setGroupDN(ilUtil::stripSlashes($_POST['group_dn']));
725  $this->server->setGroupScope((int) $_POST['group_scope']);
726  $this->server->setGroupFilter(ilUtil::stripSlashes($_POST['group_filter']));
727  $this->server->setGroupMember(ilUtil::stripSlashes($_POST['group_member']));
728  $this->server->enableGroupMemberIsDN((int) $_POST['memberisdn']);
729  $this->server->setGroupName(ilUtil::stripSlashes($_POST['group']));
730  $this->server->setGroupAttribute(ilUtil::stripSlashes($_POST['group_attribute']));
731  $this->server->setGroupUserFilter(ilUtil::stripSlashes($_POST['group_user_filter']));
732  $this->server->toggleMembershipOptional((int) $_POST['group_optional']);
733  $this->server->enableSyncOnLogin((int) $_POST['sync_on_login']);
734  $this->server->enableSyncPerCron((int) $_POST['sync_per_cron']);
735  $this->server->setGlobalRole((int) $_POST['global_role']);
736 
737  if(!$this->server->validate())
738  {
739  ilUtil::sendInfo($ilErr->getMessage());
740  $this->serverList();
741  return false;
742  }
743 
744  // Update or create
745  if($this->server->getServerId())
746  {
747  $this->server->update();
748  }
749  else
750  {
751  $_GET['ldap_server_id'] = $this->server->create();
752  }
753 
754  // Now server_id exists => update LDAP attribute mapping
755  $this->initAttributeMapping();
756  $this->mapping->setRule('global_role',(int) $_POST['global_role'],false);
757  $this->mapping->save();
758 
759  ilUtil::sendInfo($this->lng->txt('settings_saved'));
760  $this->serverList();
761  return true;
762  }
763 
764 
765 
771  private function setSubTabs()
772  {
773  $this->tabs_gui->addSubTabTarget("ldap_settings",
774  $this->ctrl->getLinkTarget($this,'serverList'),
775  "serverList",get_class($this));
776 
777  // Disable all other tabs, if server hasn't been configured.
778  include_once('Services/LDAP/classes/class.ilLDAPServer.php');
779  if(!count(ilLDAPServer::_getServerList()))
780  {
781  return true;
782  }
783 
784  $this->tabs_gui->addSubTabTarget("ldap_user_mapping",
785  $this->ctrl->getLinkTarget($this,'userMapping'),
786  "userMapping",get_class($this));
787 
788  $this->tabs_gui->addSubTabTarget('ldap_role_assignments',
789  $this->ctrl->getLinkTarget($this,'roleAssignments'),
790  "roleAssignments",get_class($this));
791 
792  $this->tabs_gui->addSubTabTarget("ldap_role_mapping",
793  $this->ctrl->getLinkTarget($this,'roleMapping'),
794  "roleMapping",get_class($this));
795 
796  }
797 
798 
799  private function initServer()
800  {
801  include_once './Services/LDAP/classes/class.ilLDAPServer.php';
802  if(!$_GET['ldap_server_id'])
803  {
804  $_GET['ldap_server_id'] = ilLDAPServer::_getFirstServer();
805  }
806  $this->server = new ilLDAPServer((int) $_GET['ldap_server_id']);
807  }
808 
809  private function initAttributeMapping()
810  {
811  include_once './Services/LDAP/classes/class.ilLDAPAttributeMapping.php';
812  $this->mapping = ilLDAPAttributeMapping::_getInstanceByServerId((int) $_GET['ldap_server_id']);
813  }
814 
815  private function initRoleMapping()
816  {
817  include_once './Services/LDAP/classes/class.ilLDAPRoleGroupMappingSettings.php';
818  $this->role_mapping = ilLDAPRoleGroupMappingSettings::_getInstanceByServerId((int) $_GET['ldap_server_id']);
819  }
820 
821  private function prepareRoleSelect($a_as_select = true)
822  {
823  global $rbacreview,$ilObjDataCache;
824 
825  include_once('./Services/LDAP/classes/class.ilLDAPAttributeMapping.php');
826 
827  $global_roles = ilUtil::_sortIds($rbacreview->getGlobalRoles(),
828  'object_data',
829  'title',
830  'obj_id');
831 
832  $select[0] = $this->lng->txt('links_select_one');
833  foreach($global_roles as $role_id)
834  {
835  $select[$role_id] = ilObject::_lookupTitle($role_id);
836  }
837 
838  if($a_as_select)
839  {
840  return ilUtil::formSelect(ilLDAPAttributeMapping::_lookupGlobalRole($this->server->getServerId()),
841  'global_role',$select,false,true);
842  }
843  else
844  {
845  return $select;
846  }
847  }
848 
849 
850  private function getMappingFields()
851  {
852  return array('gender' => $this->lng->txt('gender'),
853  'firstname' => $this->lng->txt('firstname'),
854  'lastname' => $this->lng->txt('lastname'),
855  'title' => $this->lng->txt('person_title'),
856  'institution' => $this->lng->txt('institution'),
857  'department' => $this->lng->txt('department'),
858  'street' => $this->lng->txt('street'),
859  'city' => $this->lng->txt('city'),
860  'zipcode' => $this->lng->txt('zipcode'),
861  'country' => $this->lng->txt('country'),
862  'phone_office' => $this->lng->txt('phone_office'),
863  'phone_home' => $this->lng->txt('phone_home'),
864  'phone_mobile' => $this->lng->txt('phone_mobile'),
865  'fax' => $this->lng->txt('fax'),
866  'email' => $this->lng->txt('email'),
867  'hobby' => $this->lng->txt('hobby'),
868  'matriculation' => $this->lng->txt('matriculation'));
869  #'photo' => $this->lng->txt('photo'));
870  }
871 
872  private function initUserDefinedFields()
873  {
874  include_once("./Services/User/classes/class.ilUserDefinedFields.php");
875  $this->udf = ilUserDefinedFields::_getInstance();
876  }
877 
878  private function prepareMappingSelect()
879  {
880  return ilUtil::formSelect($_POST['mapping_template'],'mapping_template',array(0 => $this->lng->txt('ldap_mapping_template'),
881  "inetOrgPerson" => 'inetOrgPerson',
882  "organizationalPerson" => 'organizationalPerson',
883  "person" => 'person',
884  "ad_2003" => 'Active Directory (Win 2003)'),false,true);
885  }
886 
895  private function loadMappingCopy($a_mapping_data)
896  {
897  if(!isset($_GET['mapping_id']))
898  {
899  return $a_mapping_data;
900  }
901 
902  $mapping_id = $_GET['mapping_id'];
903  $a_mapping_data[0] = $a_mapping_data[$mapping_id];
904 
905  return $a_mapping_data;
906  }
907 
914  private function loadMappingDetails()
915  {
916  if(!isset($_SESSION['ldap_mapping_details']))
917  {
918  $_SESSION['ldap_mapping_details'] = array();
919  }
920  if(isset($_GET['details_show']))
921  {
922  $_SESSION['ldap_mapping_details'][$_GET['details_show']] = $_GET['details_show'];
923  }
924  if(isset($_GET['details_hide']))
925  {
926  unset($_SESSION['ldap_mapping_details'][$_GET['details_hide']]);
927  }
928  }
929 
937  private function sortMappingData($a_mapping_data)
938  {
939  global $rbacreview,$ilObjDataCache;
940 
941  $new_mapping = array();
942  $new_mapping = array();
943  foreach($a_mapping_data as $mapping_id => $data)
944  {
945  $new_mapping[$mapping_id] = $data;
946  $new_mapping[$mapping_id]['obj_id'] = $obj_id = $rbacreview->getObjectOfRole($data['role']);
947  $new_mapping[$mapping_id]['obj_title'] = $ilObjDataCache->lookupTitle($obj_id);
948  $new_mapping[$mapping_id]['mapping_id'] = $mapping_id;
949  }
950  return ilUtil::sortArray($new_mapping,'obj_title','DESC');
951 
952  }
953 
962  protected function initFormRoleAssignments($a_mode,ilLDAPRoleAssignmentRule $current_rule)
963  {
964  include_once('Services/Form/classes/class.ilPropertyFormGUI.php');
965  include_once('Services/LDAP/classes/class.ilLDAPRoleAssignmentRule.php');
966 
967  $this->form = new ilPropertyFormGUI();
968  $this->form->setFormAction($this->ctrl->getFormAction($this));
969 
970  switch($a_mode)
971  {
972  case 'edit':
973  $this->form->setTitle($this->lng->txt('ldap_edit_role_ass_rule'));
974  $this->form->addCommandButton('updateRoleAssignment',$this->lng->txt('save'));
975  $this->form->addCommandButton('roleAssignments',$this->lng->txt('cancel'));
976  break;
977  case 'create':
978  $this->form->setTitle($this->lng->txt('ldap_add_role_ass_rule'));
979  $this->form->addCommandButton('addRoleAssignment',$this->lng->txt('ldap_btn_add_role_ass'));
980  $this->form->addCommandButton('roleAssignments',$this->lng->txt('cancel'));
981  break;
982  }
983 
984  $role = new ilSelectInputGUI($this->lng->txt('ldap_ilias_role'),'role');
985  $role->setValue($current_rule->getRoleId());
986  $role->setOptions($this->prepareRoleSelect(false));
987  $role->setRequired(true);
988  $this->form->addItem($role);
989 
990  // Radio group
991  $group = new ilRadioGroupInputGUI($this->lng->txt('ldap_assignment_type'),'type');
992  $group->setValue($current_rule->getType());
993  $group->setRequired(true);
994 
995  // Radio Group
996  $radio_group = new ilRadioOption($this->lng->txt('ldap_role_by_group'),ilLDAPRoleAssignmentRule::TYPE_GROUP);
997 
998  // Group DN
999  $dn = new ilTextInputGUI($this->lng->txt('ldap_group_dn'),'dn');
1000  $dn->setValue($current_rule->getDN());
1001  $dn->setSize(32);
1002  $dn->setMaxLength(512);
1003  $dn->setInfo($this->lng->txt('ldap_role_grp_dn_info'));
1004  $radio_group->addSubItem($dn);
1005  $at = new ilTextInputGUI($this->lng->txt('ldap_role_grp_at'),'at');
1006  $at->setValue($current_rule->getMemberAttribute());
1007  $at->setSize(16);
1008  $at->setMaxLength(128);
1009  $radio_group->addSubItem($at);
1010  $isdn = new ilCheckboxInputGUI($this->lng->txt('ldap_role_grp_isdn'),'isdn');
1011  $isdn->setChecked($current_rule->isMemberAttributeDN());
1012  $isdn->setInfo($this->lng->txt('ldap_group_member_info'));
1013  $radio_group->addSubItem($isdn);
1014  $radio_group->setInfo($this->lng->txt('ldap_role_grp_info'));
1015 
1016  $group->addOption($radio_group);
1017 
1018  // Radio Attribute
1019  $radio_attribute = new ilRadioOption($this->lng->txt('ldap_role_by_attribute'),ilLDAPRoleAssignmentRule::TYPE_ATTRIBUTE);
1020  $name = new ilTextInputGUI($this->lng->txt('ldap_role_at_name'),'name');
1021  $name->setValue($current_rule->getAttributeName());
1022  $name->setSize(32);
1023  $name->setMaxLength(128);
1024  #$name->setInfo($this->lng->txt('ldap_role_at_name_info'));
1025  $radio_attribute->addSubItem($name);
1026 
1027  // Radio Attribute
1028  $val = new ilTextInputGUI($this->lng->txt('ldap_role_at_value'),'value');
1029  $val->setValue($current_rule->getAttributeValue());
1030  $val->setSize(32);
1031  $val->setMaxLength(128);
1032  #$val->setInfo($this->lng->txt('ldap_role_at_value_info'));
1033  $radio_attribute->addSubItem($val);
1034  $radio_attribute->setInfo($this->lng->txt('ldap_role_at_info'));
1035  $group->addOption($radio_attribute);
1036 
1037  $this->form->addItem($group);
1038  }
1039 }
1040 ?>