00001 <?php
00002
00003
00004
00005
00006
00007
00008
00009
00010
00011
00012
00013
00014
00015
00016
00017
00018
00019
00020
00021
00022
00023
00024
00025 define('IL_LDAP_BIND_ANONYMOUS',0);
00026 define('IL_LDAP_BIND_USER',1);
00027
00028 define('IL_LDAP_SCOPE_SUB',0);
00029 define('IL_LDAP_SCOPE_ONE',1);
00030 define('IL_LDAP_SCOPE_BASE',2);
00031
00044 class ilLDAPServer
00045 {
00046 const DEBUG = false;
00047 const DEFAULT_VERSION = 3;
00048
00049 private $server_id = null;
00050 private $fallback_urls = array();
00051
00052 public function __construct($a_server_id = 0)
00053 {
00054 global $ilDB,$lng;
00055
00056 $this->db = $ilDB;
00057 $this->lng = $lng;
00058 $this->server_id = $a_server_id;
00059
00060 $this->read();
00061 }
00062
00068 public static function _getActiveServerList()
00069 {
00070 global $ilDB;
00071
00072 $query = "SELECT server_id FROM ldap_server_settings ".
00073 "WHERE active = 1 ".
00074 "ORDER BY name ";
00075 $res = $ilDB->query($query);
00076 while($row = $res->fetchRow(DB_FETCHMODE_OBJECT))
00077 {
00078 $server_ids[] = $row->server_id;
00079 }
00080 return $server_ids ? $server_ids : array();
00081 }
00082
00088 public static function _getCronServerIds()
00089 {
00090 global $ilDB;
00091
00092 $query = "SELECT server_id FROM ldap_server_settings ".
00093 "WHERE active = 1 ".
00094 "AND sync_per_cron = 1 ".
00095 "ORDER BY name";
00096
00097 $res = $ilDB->query($query);
00098 while($row = $res->fetchRow(DB_FETCHMODE_OBJECT))
00099 {
00100 $server_ids[] = $row->server_id;
00101 }
00102 return $server_ids ? $server_ids : array();
00103 }
00104
00112 public static function _getRoleSyncServerIds()
00113 {
00114 global $ilDB;
00115
00116 $query = "SELECT server_id FROM ldap_server_settings ".
00117 "WHERE active = 1 ".
00118 "AND role_sync_active = 1 ";
00119 $res = $ilDB->query($query);
00120 while($row = $res->fetchRow(DB_FETCHMODE_OBJECT))
00121 {
00122 $server_ids[] = $row->server_id;
00123 }
00124 return $server_ids ? $server_ids : array();
00125 }
00126
00134 public static function _getPasswordServers()
00135 {
00136 return ilLDAPServer::_getActiveServerList();
00137 }
00138
00139
00145 public static function _getFirstActiveServer()
00146 {
00147 $servers = ilLDAPServer::_getActiveServerList();
00148 if(count($servers))
00149 {
00150 return $servers[0];
00151 }
00152 return 0;
00153 }
00154
00160 public static function _getServerList()
00161 {
00162 global $ilDB;
00163
00164 $query = "SELECT server_id FROM ldap_server_settings ORDER BY name";
00165 $res = $ilDB->query($query);
00166 while($row = $res->fetchRow(DB_FETCHMODE_OBJECT))
00167 {
00168 $server_ids[] = $row->server_id;
00169 }
00170 return $server_ids ? $server_ids : array();
00171 }
00172
00173
00174
00175
00176
00177
00178 public static function _getFirstServer()
00179 {
00180 $servers = ilLDAPServer::_getServerList();
00181
00182 if(count($servers))
00183 {
00184 return $servers[0];
00185 }
00186 return 0;
00187 }
00188
00189
00190 public function getServerId()
00191 {
00192 return $this->server_id;
00193 }
00194
00195
00196 public function toggleActive($a_status)
00197 {
00198 $this->active = $a_status;
00199 }
00200 public function isActive()
00201 {
00202 return $this->active;
00203 }
00204 public function getUrl()
00205 {
00206 return $this->url;
00207 }
00208 public function setUrl($a_url)
00209 {
00210 $this->url_string = $a_url;
00211
00212
00213 $urls = explode(',',$a_url);
00214
00215 $counter = 0;
00216 foreach($urls as $url)
00217 {
00218 $url = trim($url);
00219 if(!$counter++)
00220 {
00221 $this->url = $url;
00222 }
00223 else
00224 {
00225 $this->fallback_urls[] = $url;
00226 }
00227 }
00228 }
00229 public function getUrlString()
00230 {
00231 return $this->url_string;
00232 }
00233
00241 public function doConnectionCheck()
00242 {
00243 global $ilLog;
00244
00245 include_once('Services/LDAP/classes/class.ilLDAPQuery.php');
00246
00247 foreach(array_merge(array(0 => $this->url),$this->fallback_urls) as $url)
00248 {
00249 try
00250 {
00251
00252 $query = new ilLDAPQuery($this,$url);
00253 $query->bind();
00254 $this->url = $url;
00255 $ilLog->write(__METHOD__.': Using url: '.$url.'.');
00256 return true;
00257 }
00258 catch(ilLDAPQueryException $exc)
00259 {
00260 $ilLog->write(__METHOD__.': Cannot connect to LDAP server: '.$url.'. Trying fallback...');
00261 }
00262 }
00263 $ilLog->write(__METHOD__.': No valid LDAP server found.');
00264 return false;
00265 }
00266
00267
00268 public function getName()
00269 {
00270 return $this->name;
00271 }
00272 public function setName($a_name)
00273 {
00274 $this->name = $a_name;
00275 }
00276 public function getVersion()
00277 {
00278 return $this->version ? $this->version : self::DEFAULT_VERSION;
00279 }
00280 public function setVersion($a_version)
00281 {
00282 $this->version = $a_version;
00283 }
00284 public function getBaseDN()
00285 {
00286 return $this->base_dn;
00287 }
00288 public function setBaseDN($a_base_dn)
00289 {
00290 $this->base_dn = $a_base_dn;
00291 }
00292 public function isActiveReferrer()
00293 {
00294 return $this->referrals ? true : false;
00295 }
00296 public function toggleReferrer($a_status)
00297 {
00298 $this->referrals = $a_status;
00299 }
00300 public function isActiveTLS()
00301 {
00302 return $this->tls ? true : false;
00303 }
00304 public function toggleTLS($a_status)
00305 {
00306 $this->tls = $a_status;
00307 }
00308 public function getBindingType()
00309 {
00310 return $this->binding_type;
00311 }
00312 public function setBindingType($a_type)
00313 {
00314 if($a_type == IL_LDAP_BIND_USER)
00315 {
00316 $this->binding_type = IL_LDAP_BIND_USER;
00317 }
00318 else
00319 {
00320 $this->binding_type = IL_LDAP_BIND_ANONYMOUS;
00321 }
00322 }
00323 public function getBindUser()
00324 {
00325 return $this->bind_user;
00326 }
00327 public function setBindUser($a_user)
00328 {
00329 $this->bind_user = $a_user;
00330 }
00331 public function getBindPassword()
00332 {
00333 return $this->bind_password;
00334 }
00335 public function setBindPassword($a_password)
00336 {
00337 $this->bind_password = $a_password;
00338 }
00339 public function getSearchBase()
00340 {
00341 return $this->search_base;
00342 }
00343 public function setSearchBase($a_search_base)
00344 {
00345 $this->search_base = $a_search_base;
00346 }
00347 public function getUserAttribute()
00348 {
00349 return $this->user_attribute;
00350 }
00351 public function setUserAttribute($a_user_attr)
00352 {
00353 $this->user_attribute = $a_user_attr;
00354 }
00355 public function getFilter()
00356 {
00357 return $this->prepareFilter($this->filter);
00358 }
00359 public function setFilter($a_filter)
00360 {
00361 $this->filter = $a_filter;
00362 }
00363 public function getGroupDN()
00364 {
00365 return $this->group_dn;
00366 }
00367 public function setGroupDN($a_value)
00368 {
00369 $this->group_dn = $a_value;
00370 }
00371 public function getGroupFilter()
00372 {
00373 return $this->prepareFilter($this->group_filter);
00374 }
00375 public function setGroupFilter($a_value)
00376 {
00377 $this->group_filter = $a_value;
00378 }
00379 public function getGroupMember()
00380 {
00381 return $this->group_member;
00382 }
00383 public function setGroupMember($a_value)
00384 {
00385 $this->group_member = $a_value;
00386 }
00387 public function getGroupName()
00388 {
00389 return $this->group_name;
00390 }
00391 public function setGroupName($a_value)
00392 {
00393 $this->group_name = $a_value;
00394 }
00402 public function getGroupNames()
00403 {
00404 $names = explode(',',$this->getGroupName());
00405
00406 if(!is_array($names))
00407 {
00408 return array();
00409 }
00410 foreach($names as $name)
00411 {
00412 $new_names[] = trim($name);
00413 }
00414 return $new_names;
00415 }
00416
00417
00418 public function getGroupAttribute()
00419 {
00420 return $this->group_attribute;
00421 }
00422 public function setGroupAttribute($a_value)
00423 {
00424 $this->group_attribute = $a_value;
00425 }
00426
00427 public function toggleMembershipOptional($a_status)
00428 {
00429 $this->group_optional = (bool) $a_status;
00430 }
00431 public function isMembershipOptional()
00432 {
00433 return (bool) $this->group_optional;
00434 }
00435 public function setGroupUserFilter($a_filter)
00436 {
00437 $this->group_user_filter = $a_filter;
00438 }
00439 public function getGroupUserFilter()
00440 {
00441 return $this->group_user_filter;
00442 }
00443
00444 public function enabledGroupMemberIsDN()
00445 {
00446 return (bool) $this->memberisdn;
00447 }
00448 public function enableGroupMemberIsDN($a_value)
00449 {
00450 $this->memberisdn = (bool) $a_value;
00451 }
00452 public function setGroupScope($a_value)
00453 {
00454 $this->group_scope = $a_value;
00455 }
00456 public function getGroupScope()
00457 {
00458 return $this->group_scope;
00459 }
00460 public function setUserScope($a_value)
00461 {
00462 $this->user_scope = $a_value;
00463 }
00464 public function getUserScope()
00465 {
00466 return $this->user_scope;
00467 }
00468 public function enabledSyncOnLogin()
00469 {
00470 return $this->sync_on_login;
00471 }
00472 public function enableSyncOnLogin($a_value)
00473 {
00474 $this->sync_on_login = (int) $a_value;
00475 }
00476 public function enabledSyncPerCron()
00477 {
00478 return $this->sync_per_cron;
00479 }
00480 public function enableSyncPerCron($a_value)
00481 {
00482 $this->sync_per_cron = (int) $a_value;
00483 }
00484 public function setGlobalRole($a_role)
00485 {
00486 $this->global_role = $a_role;
00487 }
00488 public function getRoleBindDN()
00489 {
00490 return $this->role_bind_dn;
00491 }
00492 public function setRoleBindDN($a_value)
00493 {
00494 $this->role_bind_dn = $a_value;
00495 }
00496 public function getRoleBindPassword()
00497 {
00498 return $this->role_bind_pass;
00499 }
00500 public function setRoleBindPassword($a_value)
00501 {
00502 $this->role_bind_pass = $a_value;
00503 }
00504 public function enabledRoleSynchronization()
00505 {
00506 return $this->role_sync_active;
00507 }
00508 public function enableRoleSynchronization($a_value)
00509 {
00510 $this->role_sync_active = $a_value;
00511 }
00512
00520 public function enableAccountMigration($a_status)
00521 {
00522 $this->account_migration = $a_status;
00523 }
00524
00531 public function isAccountMigrationEnabled()
00532 {
00533 return $this->account_migration ? true : false;
00534 }
00535
00536
00542 public function validate()
00543 {
00544 global $ilErr;
00545
00546 $ilErr->setMessage('');
00547 if(!strlen($this->getName()) ||
00548 !strlen($this->getUrl()) ||
00549 !strlen($this->getBaseDN()) ||
00550 !strlen($this->getUserAttribute()))
00551 {
00552 $ilErr->setMessage($this->lng->txt('fill_out_all_required_fields'));
00553 }
00554
00555 if($this->getBindingType() == IL_LDAP_BIND_USER
00556 && (!strlen($this->getBindUser()) || !strlen($this->getBindPassword())))
00557 {
00558 $ilErr->appendMessage($this->lng->txt('ldap_missing_bind_user'));
00559 }
00560
00561 if(($this->enabledSyncPerCron() or $this->enabledSyncOnLogin()) and !$this->global_role)
00562 {
00563 $ilErr->appendMessage($this->lng->txt('ldap_missing_role_assignment'));
00564 }
00565 if($this->getVersion() == 2 and $this->isActiveTLS())
00566 {
00567 $ilErr->appendMessage($this->lng->txt('ldap_tls_conflict'));
00568 }
00569
00570 return strlen($ilErr->getMessage()) ? false : true;
00571 }
00572
00573 public function create()
00574 {
00575 $query = "INSERT INTO ldap_server_settings SET ".
00576 "active = ".$this->db->quote($this->isActive()).", ".
00577 "name = ".$this->db->quote($this->getName()).", ".
00578 "url = ".$this->db->quote($this->getUrlString()).", ".
00579 "version = ".$this->db->quote($this->getVersion()).", ".
00580 "base_dn = ".$this->db->quote($this->getBaseDN()).", ".
00581 "referrals = ".$this->db->quote($this->isActiveReferrer()).", ".
00582 "tls = ".$this->db->quote($this->isActiveTLS()).", ".
00583 "bind_type = ".$this->db->quote($this->getBindingType()).", ".
00584 "bind_user = ".$this->db->quote($this->getBindUser()).", ".
00585 "bind_pass = ".$this->db->quote($this->getBindPassword()).", ".
00586 "search_base = ".$this->db->quote($this->getSearchBase()).", ".
00587 "user_scope = ".$this->db->quote($this->getUserScope()).", ".
00588 "user_attribute = ".$this->db->quote($this->getUserAttribute()).", ".
00589 "filter = ".$this->db->quote($this->getFilter())." ";
00590 "group_dn = ".$this->db->quote($this->getGroupDN()).", ".
00591 "group_scope = ".$this->db->quote($this->getGroupScope()).", ".
00592 "group_filter = ".$this->db->quote($this->getGroupFilter()).", ".
00593 "group_member = ".$this->db->quote($this->getGroupMember()).", ".
00594 "group_memberisdn =".$this->db->quote((int) $this->enabledGroupMemberIsDN()).", ".
00595 "group_name = ".$this->db->quote($this->getGroupName()).", ".
00596 "group_attribute = ".$this->db->quote($this->getGroupAttribute()).", ".
00597 "group_optional = ".$this->db->quote((int) $this->isMembershipOptional()).", ".
00598 "group_user_filter = ".$this->db->quote($this->getGroupUserFilter()).", ".
00599 "sync_on_login = ".$this->db->quote($this->enabledSyncOnLogin() ? 1 : 0).", ".
00600 "sync_per_cron = ".$this->db->quote($this->enabledSyncPerCron() ? 1 : 0).", ".
00601 "role_sync_active = ".$this->db->quote($this->enabledRoleSynchronization()).", ".
00602 "role_bind_dn = ".$this->db->quote($this->getRoleBindDN()).", ".
00603 "role_bind_pass = ".$this->db->quote($this->getRoleBindPassword())." ";
00604
00605
00606
00607
00608 $this->db->query($query);
00609 return $this->db->getLastInsertId();
00610 }
00611
00612 public function update()
00613 {
00614 $query = "UPDATE ldap_server_settings SET ".
00615 "active = ".$this->db->quote($this->isActive()).", ".
00616 "name = ".$this->db->quote($this->getName()).", ".
00617 "url = ".$this->db->quote($this->getUrlString()).", ".
00618 "version = ".$this->db->quote($this->getVersion()).", ".
00619 "base_dn = ".$this->db->quote($this->getBaseDN()).", ".
00620 "referrals = ".$this->db->quote($this->isActiveReferrer()).", ".
00621 "tls = ".$this->db->quote($this->isActiveTLS()).", ".
00622 "bind_type = ".$this->db->quote($this->getBindingType()).", ".
00623 "bind_user = ".$this->db->quote($this->getBindUser()).", ".
00624 "bind_pass = ".$this->db->quote($this->getBindPassword()).", ".
00625 "search_base = ".$this->db->quote($this->getSearchBase()).", ".
00626 "user_scope = ".$this->db->quote($this->getUserScope()).", ".
00627 "user_attribute = ".$this->db->quote($this->getUserAttribute()).", ".
00628 "filter = ".$this->db->quote($this->getFilter()).", ".
00629 "group_dn = ".$this->db->quote($this->getGroupDN()).", ".
00630 "group_scope = ".$this->db->quote($this->getGroupScope()).", ".
00631 "group_filter = ".$this->db->quote($this->getGroupFilter()).", ".
00632 "group_member = ".$this->db->quote($this->getGroupMember()).", ".
00633 "group_memberisdn =".$this->db->quote((int) $this->enabledGroupMemberIsDN()).", ".
00634 "group_name = ".$this->db->quote($this->getGroupName()).", ".
00635 "group_attribute = ".$this->db->quote($this->getGroupAttribute()).", ".
00636 "group_optional = ".$this->db->quote((int) $this->isMembershipOptional()).", ".
00637 "group_user_filter = ".$this->db->quote($this->getGroupUserFilter()).", ".
00638 "sync_on_login = ".$this->db->quote($this->enabledSyncOnLogin() ? 1 : 0).", ".
00639 "sync_per_cron = ".$this->db->quote($this->enabledSyncPerCron() ? 1 : 0).", ".
00640 "role_sync_active = ".$this->db->quote($this->enabledRoleSynchronization()).", ".
00641 "role_bind_dn = ".$this->db->quote($this->getRoleBindDN()).", ".
00642 "role_bind_pass = ".$this->db->quote($this->getRoleBindPassword())." ".
00643 "WHERE server_id = ".$this->db->quote($this->getServerId());
00644
00645 $this->db->query($query);
00646 return true;
00647 }
00648
00654 public function toPearAuthArray()
00655 {
00656 $options = array(
00657 'url' => $this->getUrl(),
00658 'version' => (int) $this->getVersion(),
00659 'referrals' => (bool) $this->isActiveReferrer());
00660
00661 if($this->getBindingType() == IL_LDAP_BIND_USER)
00662 {
00663 $options['binddn'] = $this->getBindUser();
00664 $options['bindpw'] = $this->getBindPassword();
00665 }
00666 $options['basedn'] = $this->getBaseDN();
00667 $options['start_tls'] = (bool) $this->isActiveTLS();
00668 $options['userdn'] = $this->getSearchBase();
00669 switch($this->getUserScope())
00670 {
00671 case IL_LDAP_SCOPE_ONE:
00672 $options['userscope'] = 'one';
00673 break;
00674 default:
00675 $options['userscope'] = 'sub';
00676 break;
00677 }
00678
00679 $options['userattr'] = $this->getUserAttribute();
00680 $options['userfilter'] = $this->getFilter();
00681 $options['attributes'] = $this->getPearAtributeArray();
00682 $options['debug'] = self::DEBUG;
00683
00684 if(@include_once('Log.php'))
00685 {
00686 if(@include_once('Log/observer.php'))
00687 {
00688 $options['enableLogging'] = true;
00689 }
00690 }
00691 switch($this->getGroupScope())
00692 {
00693 case IL_LDAP_SCOPE_BASE:
00694 $options['groupscope'] = 'base';
00695 break;
00696 case IL_LDAP_SCOPE_ONE:
00697 $options['groupscope'] = 'one';
00698 break;
00699 default:
00700 $options['groupscope'] = 'sub';
00701 break;
00702 }
00703 $options['groupdn'] = $this->getGroupDN();
00704 $options['groupattr'] = $this->getGroupAttribute();
00705 $options['groupfilter'] = $this->getGroupFilter();
00706 $options['memberattr'] = $this->getGroupMember();
00707 $options['memberisdn'] = $this->enabledGroupMemberIsDN();
00708 $options['group'] = $this->getGroupName();
00709
00710
00711 return $options;
00712 }
00713
00721 private function prepareFilter($a_filter)
00722 {
00723 $filter = trim($a_filter);
00724
00725 if(!strlen($filter))
00726 {
00727 return $filter;
00728 }
00729
00730 if(strpos($filter,'(') !== 0)
00731 {
00732 $filter = ('('.$filter);
00733 }
00734 if(substr($filter,-1) != ')')
00735 {
00736 $filter = ($filter.')');
00737 }
00738 return $filter;
00739 }
00740
00748 private function getPearAtributeArray()
00749 {
00750 if($this->enabledSyncOnLogin())
00751 {
00752 include_once('Services/LDAP/classes/class.ilLDAPAttributeMapping.php');
00753 include_once('Services/LDAP/classes/class.ilLDAPRoleAssignments.php');
00754 $mapping = ilLDAPAttributeMapping::_getInstanceByServerId($this->getServerId());
00755 return array_merge(array($this->getUserAttribute()),
00756 $mapping->getFields(),
00757 array('dn'),
00758 ilLDAPRoleAssignments::_getDistinctAttributeNamesByServerId($this->getServerId()));
00759 }
00760 else
00761 {
00762 return array($this->getUserAttribute());
00763 }
00764 }
00765
00766
00767
00772 private function read()
00773 {
00774 if(!$this->server_id)
00775 {
00776 return true;
00777 }
00778 $query = "SELECT * FROM ldap_server_settings WHERE server_id = ".$this->db->quote($this->server_id)."";
00779 # var_dump("<pre>",$query,"</pre>");
00780
00781 $res = $this->db->query($query);
00782 while($row = $res->fetchRow(DB_FETCHMODE_OBJECT))
00783 {
00784 $this->toggleActive($row->active);
00785 $this->setName($row->name);
00786 $this->setUrl($row->url);
00787 $this->setVersion($row->version);
00788 $this->setBaseDN($row->base_dn);
00789 $this->toggleReferrer($row->referrals);
00790 $this->toggleTLS($row->tls);
00791 $this->setBindingType($row->bind_type);
00792 $this->setBindUser($row->bind_user);
00793 $this->setBindPassword($row->bind_pass);
00794 $this->setSearchBase($row->search_base);
00795 $this->setUserScope($row->user_scope);
00796 $this->setUserAttribute($row->user_attribute);
00797 $this->setFilter($row->filter);
00798 $this->setGroupDN($row->group_dn);
00799 $this->setGroupScope($row->group_scope);
00800 $this->setGroupFilter($row->group_filter);
00801 $this->setGroupMember($row->group_member);
00802 $this->setGroupAttribute($row->group_attribute);
00803 $this->toggleMembershipOptional($row->group_optional);
00804 $this->setGroupUserFilter($row->group_user_filter);
00805 $this->enableGroupMemberIsDN($row->group_memberisdn);
00806 $this->setGroupName($row->group_name);
00807 $this->enableSyncOnLogin($row->sync_on_login);
00808 $this->enableSyncPerCron($row->sync_per_cron);
00809 $this->enableRoleSynchronization($row->role_sync_active);
00810 $this->setRoleBindDN($row->role_bind_dn);
00811 $this->setRoleBindPassword($row->role_bind_pass);
00812 }
00813 }
00814 }
00815 ?>
