ILIAS  Release_3_10_x_branch Revision 61812
 All Data Structures Namespaces Files Functions Variables Groups Pages
class.ilAuthLDAP.php
Go to the documentation of this file.
1 <?php
2 /*
3  +-----------------------------------------------------------------------------+
4  | ILIAS open source |
5  +-----------------------------------------------------------------------------+
6  | Copyright (c) 1998-2006 ILIAS open source, University of Cologne |
7  | |
8  | This program is free software; you can redistribute it and/or |
9  | modify it under the terms of the GNU General Public License |
10  | as published by the Free Software Foundation; either version 2 |
11  | of the License, or (at your option) any later version. |
12  | |
13  | This program is distributed in the hope that it will be useful, |
14  | but WITHOUT ANY WARRANTY; without even the implied warranty of |
15  | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
16  | GNU General Public License for more details. |
17  | |
18  | You should have received a copy of the GNU General Public License |
19  | along with this program; if not, write to the Free Software |
20  | Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. |
21  +-----------------------------------------------------------------------------+
22 */
23 
39 include_once('Auth/Auth.php');
40 
41 class ilAuthLDAP extends Auth
42 {
43  private $ldap_server = null;
44  private $ldap_container = null;
45  private $ldap_attr_to_user = null;
46  private $log = null;
47  private $logCache = '';
48 
49  private $force_creation = false;
50 
51 // BEGIN WebDAV Constructor with parameters
52  public function ilAuthLDAP($options = '')
53 // END WebDAV Constructor with parameters
54  {
55  global $ilLog;
56 
57  $this->log = $ilLog;
58 
59  // Read setting of LDAP server
60  $this->initServer();
61  $this->initContainer();
62  // BEGIN WebDAV: Constructor with parameters
63  if (is_array($options))
64  {
65  $options = array_merge($this->ldap_server->toPearAuthArray(), $options);
66  }
67  else
68  {
69  $options = $this->ldap_server->toPearAuthArray();
70  }
71  parent::Auth($this->ldap_container,$options,'',false);
72  // END WebDAV
73 
74  $this->initLogObserver();
75 
76  // Set callbacks
77  $this->setCallbacks();
78  }
79 
87  public function forceCreation($a_status)
88  {
89  $this->force_creation = true;
90  }
91 
97  protected function loginObserver($a_username)
98  {
99  global $ilBench,$ilLog;
100 
101  $ilLog->write(__METHOD__.': logged in as '.$a_username.
102  ', remote:'.$_SERVER['REMOTE_ADDR'].':'.$_SERVER['REMOTE_PORT'].
103  ', server:'.$_SERVER['SERVER_ADDR'].':'.$_SERVER['SERVER_PORT']
104  );
105 
106  $ilBench->start('Auth','LDAPLoginObserver');
107  $user_data = array_change_key_case($this->getAuthData(),CASE_LOWER);
108 
109  $a_username = $this->extractUserName($user_data);
110 
111  $user_data['ilInternalAccount'] = ilObjUser::_checkExternalAuthAccount("ldap",$a_username);
112  $users[$a_username] = $user_data;
113 
114 
115  if($this->ldap_server->enabledSyncOnLogin())
116  {
117  if(!$user_data['ilInternalAccount'] and $this->ldap_server->isAccountMigrationEnabled() and !$this->force_creation)
118  {
119  $this->logout();
120  $_SESSION['tmp_auth_mode'] = 'ldap';
121  $_SESSION['tmp_external_account'] = $a_username;
122  $_SESSION['tmp_pass'] = $_POST['password'];
123 
124  include_once('./Services/LDAP/classes/class.ilLDAPRoleAssignments.php');
125  $role_ass = ilLDAPRoleAssignments::_getInstanceByServer($this->ldap_server);
126  $role_inf = $role_ass->assignedRoles($a_username,$user_data);
127  $_SESSION['tmp_roles'] = array();
128  foreach($role_inf as $info)
129  {
130  $_SESSION['tmp_roles'][] = $info['id'];
131  }
132  $ilBench->stop('Auth','LDAPLoginObserver');
133  ilUtil::redirect('ilias.php?baseClass=ilStartUpGUI&cmdClass=ilstartupgui&cmd=showAccountMigration');
134  }
135 
136  // Refresh or create user data
137  $ilBench->start('Auth','LDAPUserSynchronization');
138  if($this->updateRequired($a_username))
139  {
140  #$GLOBALS['ilLog']->write(__METHOD__.': Starting update');
141  $this->initLDAPAttributeToUser();
142  $this->ldap_attr_to_user->setUserData($users);
143  $this->ldap_attr_to_user->refresh();
144  $user_data['ilInternalAccount'] = ilObjUser::_checkExternalAuthAccount("ldap",$a_username);
145  }
146  else
147  {
148  // User exists and no update required
149  $user_data['ilInternalAccount'] = ilObjUser::_checkExternalAuthAccount("ldap",$a_username);
150  }
151  $ilBench->stop('Auth','LDAPUserSynchronization');
152  }
153 
154  if(!$user_data['ilInternalAccount'])
155  {
156  // No syncronisation allowed => create Error
157  $this->status = AUTH_LDAP_NO_ILIAS_USER;
158  $this->logout();
159  $ilBench->stop('Auth','LDAPLoginObserver');
160  return;
161  }
162  // Finally setAuth
163  $this->setAuth($user_data['ilInternalAccount']);
164  $ilBench->stop('Auth','LDAPLoginObserver');
165  return;
166 
167  }
168 
174  protected function failedLoginObserver()
175  {
176  global $ilLog;
177  $ilLog->write(__METHOD__.': login failed'.
178  ', remote:'.$_SERVER['REMOTE_ADDR'].':'.$_SERVER['REMOTE_PORT'].
179  ', server:'.$_SERVER['SERVER_ADDR'].':'.$_SERVER['SERVER_PORT']
180  );
181 
182  if(!$this->ldap_container->enabledOptionalGroupCheck() and $this->ldap_server->isMembershipOptional())
183  {
184  $this->logout();
185  $this->ldap_container->enableOptionalGroupCheck();
186  $this->start();
187  }
188  }
189 
196  private function initLDAPAttributeToUser()
197  {
198  include_once('Services/LDAP/classes/class.ilLDAPAttributeToUser.php');
199  $this->ldap_attr_to_user = new ilLDAPAttributeToUser($this->ldap_server);
200  }
201 
202  private function initServer()
203  {
204  include_once 'Services/LDAP/classes/class.ilLDAPServer.php';
205  $this->ldap_server = new ilLDAPServer(ilLDAPServer::_getFirstActiveServer());
206  $this->ldap_server->doConnectionCheck();
207  }
208 
216  private function initContainer()
217  {
218  include_once('Services/LDAP/classes/class.ilAuthContainerLDAP.php');
219  $this->ldap_container = new ilAuthContainerLDAP($this->ldap_server,$this->ldap_server->toPearAuthArray());
220  }
221 
226  private function setCallbacks()
227  {
228  $this->setLoginCallback(array($this,'loginObserver'));
229  $this->setFailedLoginCallback(array($this,'failedLoginObserver'));
230  }
231 
239  private function initLogObserver()
240  {
241  global $ilLog;
242 
243  if(!method_exists($this,'attachLogObserver'))
244  {
245  $ilLog->write(__METHOD__.': PEAR Auth < 1.5 => disabling logging.');
246  return false;
247  }
248 
249  if(@include_once('Log.php'))
250  {
251  if(@include_once('Log/observer.php'))
252  {
253  $ilLog->write(__METHOD__.': Attached Logging observer.');
254  include_once('Services/LDAP/classes/class.ilAuthLDAPLogObserver.php');
255  $this->attachLogObserver(new ilAuthLDAPLogObserver(AUTH_LOG_DEBUG));
256  return true;
257  }
258  }
259  $ilLog->write(__METHOD__.': PEAR Log not installed. Logging disabled');
260 
261  }
262 
268  protected function extractUserName($a_user_data)
269  {
270  $a_username = isset($a_user_data[strtolower($this->ldap_server->getUserAttribute())]) ?
271  $a_user_data[strtolower($this->ldap_server->getUserAttribute())] :
272  trim($a_user_data);
273 
274  // Support for multiple user attributes
275  if(!is_array($a_username))
276  {
277  return $a_username;
278  }
279  foreach($a_username as $name)
280  {
281  // User found with authentication method 'ldap'
282  if(ilObjUser::_checkExternalAuthAccount("ldap",$name))
283  {
284  return trim($name);
285  }
286  }
287  // No existing user found => return first name
288  return $a_username[0];
289  }
290 
296  protected function updateRequired($a_username)
297  {
298  if(!ilObjUser::_checkExternalAuthAccount("ldap",$a_username))
299  {
300  return true;
301  }
302  // Check attribute mapping on login
303  include_once './Services/LDAP/classes/class.ilLDAPAttributeMapping.php';
304  if(ilLDAPAttributeMapping::hasRulesForUpdate($this->ldap_server->getServerId()))
305  {
306  return true;
307  }
308  return false;
309  }
310 }
311 ?>