ILIAS  Release_3_10_x_branch Revision 61812
 All Data Structures Namespaces Files Functions Variables Groups Pages
Public Member Functions | Protected Member Functions | Private Member Functions | Private Attributes
ilAuthContainerLDAP Class Reference
Services/LDAP

Overwritten Pear class AuthContainerLDAP This class is overwritten to support nested groups. More...

+ Inheritance diagram for ilAuthContainerLDAP:
+ Collaboration diagram for ilAuthContainerLDAP:

Public Member Functions

 __construct (ilLDAPServer $server, $a_params)
 Constructor.
 fetchData ($username, $password, $isChallengeResponse=false)
 Fetch data from storage container.
 enableOptionalGroupCheck ()
 enable optional group check
 enabledOptionalGroupCheck ()
 Check if optional group check is enabled.
 checkGroup ($a_name)
 check group overwritten base class
 _debug ($a_message= '', $a_line=0)
 Overwritten debug method Writes infos to log file.
 setObserversEnabled ($boolean)
 Enables/disables the observers of this container.
 isObserversEnabled ()
 Returns true, if the observers of this container are enabled.
 loginObserver ($a_username)
 Called from fetchData after successful login.
 failedLoginObserver ()
 Called from fetchData after failed login.

Protected Member Functions

 extractUserName ($a_user_data)
 updateRequired ($a_username)
 Check if an update is required.

Private Member Functions

 updateUserFilter ()
 Update user filter.
 initLDAPAttributeToUser ()
 Init LDAP attribute mapping.

Private Attributes

 $optional_check = false
 $log = null
 $server = null
 $ldap_attr_to_user = null
 $isObserversEnabled

Detailed Description

Overwritten Pear class AuthContainerLDAP This class is overwritten to support nested groups.

Usage note: If you use an ilAuthContainerLDAP object as the container for an Auth object OTHER THAN ilAuthLDAP, you MUST call setEnableObservers(true) on the ilAuthContainerLDAP object. The observers are used to perform actions depending on the success or failure of a login attempt.

FIXME - Class ilAuthLDAP contains duplicates of the code of this class in the functions loginObserver, and failedLoginObserver. If you do changes in these functions, you MUST do corresponding changes in ilAuthLDAP as well. In a future revision of ILIAS, the class ilAuthLDAP should be removed.

Author
Stefan Meyer smeye.nosp@m.r@da.nosp@m.tabay.nosp@m..de
Version
$Id$

Definition at line 49 of file class.ilAuthContainerLDAP.php.

Constructor & Destructor Documentation

ilAuthContainerLDAP::__construct ( ilLDAPServer  $server,
  $a_params 
)

Constructor.

public

Parameters
arrayarray of pear parameters

Definition at line 73 of file class.ilAuthContainerLDAP.php.

References $ilLog, and $server.

{
global $ilLog;
$this->server = $server;
parent::__construct($a_params);
$this->log = $ilLog;
}

Member Function Documentation

ilAuthContainerLDAP::_debug (   $a_message = '',
  $a_line = 0 
)

Overwritten debug method Writes infos to log file.

public

Parameters
stringmessage
intline

Definition at line 174 of file class.ilAuthContainerLDAP.php.

{
if(is_object($this->log))
{
$this->log->write('LDAP PEAR: '.$a_message);
}
parent::_debug($a_message,$a_line);
}
ilAuthContainerLDAP::checkGroup (   $a_name)

check group overwritten base class

public

Parameters
stringuser name (DN or external account name)

Definition at line 136 of file class.ilAuthContainerLDAP.php.

References $optional_check.

{
$this->log->write(__METHOD__.': checking group restrictions...');
// if there are multiple groups define check all of them for membership
$groups = $this->server->getGroupNames();
if(!count($groups))
{
$this->log->write(__METHOD__.': No group restrictions found.');
return true;
}
elseif($this->server->isMembershipOptional() and !$this->optional_check)
{
$this->log->write(__METHOD__.': Group membership is optional.');
return true;
}
foreach($groups as $group)
{
$this->options['group'] = $group;
if(parent::checkGroup($a_name))
{
return true;
}
}
return false;
}
ilAuthContainerLDAP::enabledOptionalGroupCheck ( )

Check if optional group check is enabled.

public

Definition at line 122 of file class.ilAuthContainerLDAP.php.

References $optional_check.

Referenced by failedLoginObserver().

{
return (bool) $this->optional_check;
}

+ Here is the caller graph for this function:

ilAuthContainerLDAP::enableOptionalGroupCheck ( )

enable optional group check

public

Parameters

Definition at line 110 of file class.ilAuthContainerLDAP.php.

References updateUserFilter().

Referenced by failedLoginObserver().

{
$this->optional_check = true;
$this->updateUserFilter();
}

+ Here is the call graph for this function:

+ Here is the caller graph for this function:

ilAuthContainerLDAP::extractUserName (   $a_user_data)
protected
Parameters
@returnstring ldap username

Definition at line 324 of file class.ilAuthContainerLDAP.php.

References ilObjUser\_checkExternalAuthAccount().

Referenced by loginObserver().

{
$a_username = isset($a_user_data[strtolower($this->server->getUserAttribute())]) ?
$a_user_data[strtolower($this->server->getUserAttribute())] :
trim($a_user_data);
// Support for multiple user attributes
if(!is_array($a_username))
{
return $a_username;
}
foreach($a_username as $name)
{
// User found with authentication method 'ldap'
if(ilObjUser::_checkExternalAuthAccount("ldap",$name))
{
return trim($name);
}
}
// No existing user found => return first name
return $a_username[0];
}

+ Here is the call graph for this function:

+ Here is the caller graph for this function:

ilAuthContainerLDAP::failedLoginObserver ( )

Called from fetchData after failed login.

Parameters
stringusername

Definition at line 303 of file class.ilAuthContainerLDAP.php.

References $ilLog, enabledOptionalGroupCheck(), and enableOptionalGroupCheck().

Referenced by fetchData().

{
global $ilLog;
$ilLog->write(__METHOD__.': login failed'.
', remote:'.$_SERVER['REMOTE_ADDR'].':'.$_SERVER['REMOTE_PORT'].
', server:'.$_SERVER['SERVER_ADDR'].':'.$_SERVER['SERVER_PORT']
);
if(!$this->enabledOptionalGroupCheck() and $this->server->isMembershipOptional())
{
$this->_auth_obj->logout();
$this->enableOptionalGroupCheck();
$this->_auth_obj->start();
}
}

+ Here is the call graph for this function:

+ Here is the caller graph for this function:

ilAuthContainerLDAP::fetchData (   $username,
  $password,
  $isChallengeResponse = false 
)

Fetch data from storage container.

public

Definition at line 87 of file class.ilAuthContainerLDAP.php.

References failedLoginObserver(), isObserversEnabled(), and loginObserver().

{
$isSuccessful = parent::fetchData($username, $password, $isChallengeResponse);
if ($this->isObserversEnabled)
{
if ($isSuccessful)
{
$this->loginObserver($username);
}
else
{
$this->failedLoginObserver();
}
}
return $isSuccessful;
}

+ Here is the call graph for this function:

ilAuthContainerLDAP::initLDAPAttributeToUser ( )
private

Init LDAP attribute mapping.

private

Definition at line 292 of file class.ilAuthContainerLDAP.php.

Referenced by loginObserver().

{
include_once('Services/LDAP/classes/class.ilLDAPAttributeToUser.php');
$this->ldap_attr_to_user = new ilLDAPAttributeToUser($this->server);
}

+ Here is the caller graph for this function:

ilAuthContainerLDAP::isObserversEnabled ( )

Returns true, if the observers of this container are enabled.

Definition at line 205 of file class.ilAuthContainerLDAP.php.

References $isObserversEnabled.

Referenced by fetchData(), and setObserversEnabled().

{
$this->isObserversEnabled;
}

+ Here is the caller graph for this function:

ilAuthContainerLDAP::loginObserver (   $a_username)

Called from fetchData after successful login.

Parameters
stringusername

Definition at line 215 of file class.ilAuthContainerLDAP.php.

References $_SESSION, $ilBench, $ilLog, ilObjUser\_checkExternalAuthAccount(), ilLDAPRoleAssignments\_getInstanceByServer(), AUTH_LDAP_NO_ILIAS_USER, extractUserName(), initLDAPAttributeToUser(), ilUtil\redirect(), and updateRequired().

Referenced by fetchData().

{
global $ilBench;
global $ilLog;
$ilLog->write(__METHOD__.': logged in as '.$a_username.
', remote:'.$_SERVER['REMOTE_ADDR'].':'.$_SERVER['REMOTE_PORT'].
', server:'.$_SERVER['SERVER_ADDR'].':'.$_SERVER['SERVER_PORT']
);
$ilBench->start('Auth','LDAPLoginObserver');
$user_data = array_change_key_case($this->_auth_obj->getAuthData(),CASE_LOWER);
$a_username = $this->extractUserName($user_data);
$user_data['ilInternalAccount'] = ilObjUser::_checkExternalAuthAccount("ldap",$a_username);
$users[$a_username] = $user_data;
if($this->server->enabledSyncOnLogin())
{
if(!$user_data['ilInternalAccount'] and $this->server->isAccountMigrationEnabled() and !$this->_auth_obj->force_creation)
{
$this->_auth_obj->logout();
$_SESSION['tmp_auth_mode'] = 'ldap';
$_SESSION['tmp_external_account'] = $a_username;
$_SESSION['tmp_pass'] = $_POST['password'];
include_once('./Services/LDAP/classes/class.ilLDAPRoleAssignments.php');
$role_ass = ilLDAPRoleAssignments::_getInstanceByServer($this->server);
$role_inf = $role_ass->assignedRoles($a_username,$user_data);
$_SESSION['tmp_roles'] = array();
foreach($role_inf as $info)
{
$_SESSION['tmp_roles'][] = $info['id'];
}
$ilBench->stop('Auth','LDAPLoginObserver');
ilUtil::redirect('ilias.php?baseClass=ilStartUpGUI&cmdClass=ilstartupgui&cmd=showAccountMigration');
}
// Refresh or create user data
$ilBench->start('Auth','LDAPUserSynchronization');
if($this->updateRequired($a_username))
{
#$GLOBALS['ilLog']->write(__METHOD__.': Starting update');
$this->initLDAPAttributeToUser();
$this->ldap_attr_to_user->setUserData($users);
$this->ldap_attr_to_user->refresh();
$user_data['ilInternalAccount'] = ilObjUser::_checkExternalAuthAccount("ldap",$a_username);
}
else
{
// User exists and no update required
$user_data['ilInternalAccount'] = ilObjUser::_checkExternalAuthAccount("ldap",$a_username);
}
$ilBench->stop('Auth','LDAPUserSynchronization');
}
if(!$user_data['ilInternalAccount'])
{
// No syncronisation allowed => create Error
$this->_auth_obj->status = AUTH_LDAP_NO_ILIAS_USER;
$this->_auth_obj->logout();
$ilBench->stop('Auth','LDAPLoginObserver');
return;
}
// Finally setAuth
$this->_auth_obj->setAuth($user_data['ilInternalAccount']);
$ilBench->stop('Auth','LDAPLoginObserver');
return;
}

+ Here is the call graph for this function:

+ Here is the caller graph for this function:

ilAuthContainerLDAP::setObserversEnabled (   $boolean)

Enables/disables the observers of this container.

Definition at line 197 of file class.ilAuthContainerLDAP.php.

References isObserversEnabled().

Referenced by ilAuthUtils\_initAuth().

{
$this->isObserversEnabled = $boolean;
}

+ Here is the call graph for this function:

+ Here is the caller graph for this function:

ilAuthContainerLDAP::updateRequired (   $a_username)
protected

Check if an update is required.

Returns
Parameters
string$a_username

Definition at line 352 of file class.ilAuthContainerLDAP.php.

References ilObjUser\_checkExternalAuthAccount(), and ilLDAPAttributeMapping\hasRulesForUpdate().

Referenced by loginObserver().

{
if(!ilObjUser::_checkExternalAuthAccount("ldap",$a_username))
{
return true;
}
// Check attribute mapping on login
include_once './Services/LDAP/classes/class.ilLDAPAttributeMapping.php';
if(ilLDAPAttributeMapping::hasRulesForUpdate($this->server->getServerId()))
{
return true;
}
return false;
}

+ Here is the call graph for this function:

+ Here is the caller graph for this function:

ilAuthContainerLDAP::updateUserFilter ( )
private

Update user filter.

private

Definition at line 189 of file class.ilAuthContainerLDAP.php.

Referenced by enableOptionalGroupCheck().

{
$this->options['userfilter'] = $this->server->getGroupUserFilter();
}

+ Here is the caller graph for this function:

Field Documentation

ilAuthContainerLDAP::$isObserversEnabled
private

Definition at line 64 of file class.ilAuthContainerLDAP.php.

Referenced by isObserversEnabled().

ilAuthContainerLDAP::$ldap_attr_to_user = null
private

Definition at line 55 of file class.ilAuthContainerLDAP.php.

ilAuthContainerLDAP::$log = null
private

Definition at line 53 of file class.ilAuthContainerLDAP.php.

ilAuthContainerLDAP::$optional_check = false
private

Definition at line 51 of file class.ilAuthContainerLDAP.php.

Referenced by checkGroup(), and enabledOptionalGroupCheck().

ilAuthContainerLDAP::$server = null
private

Definition at line 54 of file class.ilAuthContainerLDAP.php.

Referenced by __construct().

The documentation for this class was generated from the following file: