Public Member Functions | |
| __construct (ilLDAPServer $a_server, $a_url= '') | |
| Constructur. | |
| fetchUser ($a_name) | |
| Get one user by login name. | |
| fetchUsers () | |
| Fetch all users. | |
| query ($a_search_base, $a_filter, $a_scope, $a_attributes) | |
| Perform a query. | |
| modAdd ($a_dn, $a_attribute) | |
| Add value to an existing attribute. | |
| modDelete ($a_dn, $a_attribute) | |
| Delete value from an existing attribute. | |
| bind ($a_binding_type=IL_LDAP_BIND_DEFAULT, $a_user_dn= '', $a_password= '') | |
| Bind to LDAP server. | |
| __destruct () | |
| Destructor unbind from ldap server. | |
Private Member Functions | |
| readAllUsers () | |
| Fetch all users This function splits the query to filters like e.g (uid=a*) (uid=b*)... | |
| fetchGroupMembers ($a_name= '') | |
| Fetch group member ids. | |
| readUserData ($a_name, $a_check_dn=true, $a_try_group_user_filter=false) | |
| Read user data. | |
| queryByScope ($a_scope, $a_base_dn, $a_filter, $a_attributes) | |
| Query by scope IL_SCOPE_SUB => ldap_search IL_SCOPE_ONE => ldap_list. | |
| connect () | |
| Connect to LDAP server. | |
| fetchUserProfileFields () | |
| fetch required fields of user profile data | |
| unbind () | |
| Unbind. | |
Private Attributes | |
| $ldap_server_url = null | |
| $settings = null | |
| $log = null | |
| $user_fields = array() | |
Detailed Description
- Version:
- $Id$
Definition at line 41 of file class.ilLDAPQuery.php.
Constructor & Destructor Documentation
| ilLDAPQuery::__construct | ( | ilLDAPServer $ | a_server, | |
| $ | a_url = '' | |||
| ) |
Constructur.
private
- Parameters:
-
object ilLDAPServer or subclass
- Exceptions:
-
ilLDAPQueryException
Definition at line 57 of file class.ilLDAPQuery.php.
References $ilLog, ilLDAPAttributeMapping::_getInstanceByServerId(), connect(), fetchUserProfileFields(), and ilLDAPServer::getUrl().
{
global $ilLog;
$this->settings = $a_server;
if(strlen($a_url))
{
$this->ldap_server_url = $a_url;
}
else
{
$this->ldap_server_url = $this->settings->getUrl();
}
$this->mapping = ilLDAPAttributeMapping::_getInstanceByServerId($this->settings->getServerId());
$this->log = $ilLog;
$this->fetchUserProfileFields();
$this->connect();
}
Here is the call graph for this function:
| ilLDAPQuery::__destruct | ( | ) |
Destructor unbind from ldap server.
private
- Parameters:
-
Definition at line 584 of file class.ilLDAPQuery.php.
{
if($this->lh)
{
@ldap_unbind($this->lh);
}
}
Member Function Documentation
| ilLDAPQuery::bind | ( | $ | a_binding_type = IL_LDAP_BIND_DEFAULT, |
|
| $ | a_user_dn = '', |
|||
| $ | a_password = '' | |||
| ) |
Bind to LDAP server.
public
- Parameters:
-
int binding_type IL_LDAP_BIND_DEFAULT || IL_LDAP_BIND_ADMIN
- Exceptions:
-
ilLDAPQueryException on connection failure.
Definition at line 485 of file class.ilLDAPQuery.php.
References $user.
{
switch($a_binding_type)
{
case IL_LDAP_BIND_DEFAULT:
// Now bind anonymously or as user
if(strlen($this->settings->getBindUser()))
{
$user = $this->settings->getBindUser();
$pass = $this->settings->getBindPassword();
define('IL_LDAP_REBIND_USER',$user);
define('IL_LDAP_REBIND_PASS',$pass);
$this->log->write(__METHOD__.': Bind as '.$user);
}
else
{
$user = $pass = '';
$this->log->write(__METHOD__.': Bind anonymous');
}
break;
case IL_LDAP_BIND_ADMIN:
$user = $this->settings->getRoleBindDN();
$pass = $this->settings->getRoleBindPassword();
if(!strlen($user) or !strlen($pass))
{
$user = $this->settings->getBindUser();
$pass = $this->settings->getBindPassword();
}
define('IL_LDAP_REBIND_USER',$user);
define('IL_LDAP_REBIND_PASS',$pass);
break;
case IL_LDAP_BIND_TEST:
if(!@ldap_bind($this->lh,$a_user_dn,$a_password))
{
return false;
}
return true;
default:
throw new ilLDAPQueryException('LDAP: unknown binding type in: '.__METHOD__);
}
if(!@ldap_bind($this->lh,$user,$pass))
{
throw new ilLDAPQueryException('LDAP: Cannot bind as '.$user);
}
else
{
$this->log->write(__METHOD__.': Bind successful.');
}
}
| ilLDAPQuery::connect | ( | ) | [private] |
Connect to LDAP server.
private
- Exceptions:
-
ilLDAPQueryException on connection failure.
Definition at line 439 of file class.ilLDAPQuery.php.
Referenced by __construct().
{
$this->lh = @ldap_connect($this->ldap_server_url);
// LDAP Connect
if(!$this->lh)
{
throw new ilLDAPQueryException("LDAP: Cannot connect to LDAP Server: ".$this->settings->getUrl());
}
// LDAP Version
if(!ldap_set_option($this->lh,LDAP_OPT_PROTOCOL_VERSION,$this->settings->getVersion()))
{
throw new ilLDAPQueryException("LDAP: Cannot set version to: ".$this->settings->getVersion());
}
// Switch on referrals
if($this->settings->isActiveReferrer())
{
if(!ldap_set_option($this->lh,LDAP_OPT_REFERRALS,true))
{
throw new ilLDAPQueryException("LDAP: Cannot switch on LDAP referrals");
}
#@ldap_set_rebind_proc($this->lh,'referralRebind');
}
else
{
ldap_set_option($this->lh,LDAP_OPT_REFERRALS,false);
$this->log->write(__METHOD__.': Switching referrals to false.');
}
// Start TLS
if($this->settings->isActiveTLS())
{
if(!ldap_start_tls($this->lh))
{
throw new ilLDAPQueryException("LDAP: Cannot start LDAP TLS");
}
}
}
Here is the caller graph for this function:
| ilLDAPQuery::fetchGroupMembers | ( | $ | a_name = '' |
) | [private] |
Fetch group member ids.
public
Definition at line 273 of file class.ilLDAPQuery.php.
References $data, $res, queryByScope(), and readUserData().
Referenced by fetchUsers().
{
$group_name = strlen($a_name) ? $a_name : $this->settings->getGroupName();
// Build filter
$filter = sprintf('(&(%s=%s)%s)',
$this->settings->getGroupAttribute(),
$group_name,
$this->settings->getGroupFilter());
// Build search base
if(($gdn = $this->settings->getGroupDN()) && substr($gdn,-1) != ',')
{
$gdn .= ',';
}
$gdn .= $this->settings->getBaseDN();
$this->log->write('LDAP: Using filter '.$filter);
$this->log->write('LDAP: Using DN '.$gdn);
$res = $this->queryByScope($this->settings->getGroupScope(),
$gdn,
$filter,
array($this->settings->getGroupMember()));
$tmp_result = new ilLDAPResult($this->lh,$res);
$group_data = $tmp_result->getRows();
if(!$tmp_result->numRows())
{
$this->log->write(__METHOD__.': No group found.');
return false;
}
$attribute_name = strtolower($this->settings->getGroupMember());
// All groups
foreach($group_data as $data)
{
$this->log->write(__METHOD__.': found '.count($data[$attribute_name]).' group members for group '.$data['dn']);
if(is_array($data[$attribute_name]))
{
foreach($data[$attribute_name] as $name)
{
$this->readUserData($name,true,true);
}
}
else
{
$this->readUserData($data[$attribute_name],true,true);
}
}
unset($tmp_result);
return;
}
Here is the call graph for this function:
Here is the caller graph for this function:
| ilLDAPQuery::fetchUser | ( | $ | a_name | ) |
Get one user by login name.
public
- Parameters:
-
string login name
- Returns:
- array of user data
Definition at line 86 of file class.ilLDAPQuery.php.
References readUserData().
{
$this->user_fields = array_merge(array($this->settings->getUserAttribute()),$this->mapping->getFields());
if(!$this->readUserData($a_name))
{
return array();
}
else
{
return $this->users;
}
}
Here is the call graph for this function:
| ilLDAPQuery::fetchUserProfileFields | ( | ) | [private] |
fetch required fields of user profile data
private
- Parameters:
-
Definition at line 549 of file class.ilLDAPQuery.php.
References ilLDAPRoleAssignments::_getDistinctAttributeNamesByServerId().
Referenced by __construct().
{
include_once('Services/LDAP/classes/class.ilLDAPRoleAssignments.php');
$this->user_fields = array_merge(
array($this->settings->getUserAttribute()),
array('dn'),
$this->mapping->getFields(),
ilLDAPRoleAssignments::_getDistinctAttributeNamesByServerId($this->settings->getServerId()));
}
Here is the call graph for this function:
Here is the caller graph for this function:
| ilLDAPQuery::fetchUsers | ( | ) |
Fetch all users.
public
- Returns:
- array array of user data
Definition at line 107 of file class.ilLDAPQuery.php.
References fetchGroupMembers(), and readAllUsers().
{
// First of all check if a group restriction is enabled
// YES: => fetch all group members
// No: => fetch all users
if(strlen($this->settings->getGroupName()))
{
$this->log->write(__METHOD__.': Searching for group members.');
$groups = $this->settings->getGroupNames();
if(count($groups) <= 1)
{
$this->fetchGroupMembers();
}
else
{
foreach($groups as $group)
{
$this->fetchGroupMembers($group);
}
}
}
if(!strlen($this->settings->getGroupName()) or $this->settings->isMembershipOptional())
{
$this->log->write(__METHOD__.': Start reading all users...');
$this->readAllUsers();
#throw new ilLDAPQueryException('LDAP: Called import of users without specifying group restrictions. NOT IMPLEMENTED YET!');
}
return $this->users ? $this->users : array();
}
Here is the call graph for this function:
| ilLDAPQuery::modAdd | ( | $ | a_dn, | |
| $ | a_attribute | |||
| ) |
Add value to an existing attribute.
public
- Exceptions:
-
ilLDAPQueryException
Definition at line 170 of file class.ilLDAPQuery.php.
{
if(@ldap_mod_add($this->lh,$a_dn,$a_attribute))
{
return true;
}
throw new ilLDAPQueryException(__METHOD__.' '.ldap_error($this->lh));
}
| ilLDAPQuery::modDelete | ( | $ | a_dn, | |
| $ | a_attribute | |||
| ) |
Delete value from an existing attribute.
public
- Exceptions:
-
ilLDAPQueryException
Definition at line 185 of file class.ilLDAPQuery.php.
{
if(@ldap_mod_del($this->lh,$a_dn,$a_attribute))
{
return true;
}
throw new ilLDAPQueryException(__METHOD__.' '.ldap_error($this->lh));
}
| ilLDAPQuery::query | ( | $ | a_search_base, | |
| $ | a_filter, | |||
| $ | a_scope, | |||
| $ | a_attributes | |||
| ) |
Perform a query.
public
- Parameters:
-
string search base string filter int scope array attributes
- Returns:
- object ilLDAPResult
- Exceptions:
-
ilLDAPQueryException
Definition at line 150 of file class.ilLDAPQuery.php.
References $res, and queryByScope().
{
$res = $this->queryByScope($a_scope,$a_search_base,$a_filter,$a_attributes);
if($res === false)
{
throw new ilLDAPQueryException(__METHOD__.' '.ldap_error($this->lh).' '.
sprintf('DN: %s, Filter: %s, Scope: %s',
$a_search_base,
$a_filter,
$a_scope));
}
return new ilLDAPResult($this->lh,$res);
}
Here is the call graph for this function:
| ilLDAPQuery::queryByScope | ( | $ | a_scope, | |
| $ | a_base_dn, | |||
| $ | a_filter, | |||
| $ | a_attributes | |||
| ) | [private] |
Query by scope IL_SCOPE_SUB => ldap_search IL_SCOPE_ONE => ldap_list.
private
- Parameters:
-
Definition at line 406 of file class.ilLDAPQuery.php.
References $res.
Referenced by fetchGroupMembers(), query(), readAllUsers(), and readUserData().
{
switch($a_scope)
{
case IL_LDAP_SCOPE_SUB:
#$this->log->write('LDAP: Scope is: sub, using ldap_search');
$res = @ldap_search($this->lh,$a_base_dn,$a_filter,$a_attributes);
break;
case IL_LDAP_SCOPE_ONE:
#$this->log->write('LDAP: Scope is: one, using ldap_list');
$res = @ldap_list($this->lh,$a_base_dn,$a_filter,$a_attributes);
break;
case IL_LDAP_SCOPE_BASE:
$res = @ldap_read($this->lh,$a_base_dn,$a_filter,$a_attributes);
break;
default:
$this->log->write("LDAP: LDAPQuery: Unknown search scope");
}
return $res;
}
Here is the caller graph for this function:
| ilLDAPQuery::readAllUsers | ( | ) | [private] |
Fetch all users This function splits the query to filters like e.g (uid=a*) (uid=b*)...
This avoids AD page_size_limit
public
Definition at line 202 of file class.ilLDAPQuery.php.
References $data, $res, queryByScope(), and readUserData().
Referenced by fetchUsers().
{
// Build search base
if(($dn = $this->settings->getSearchBase()) && substr($dn,-1) != ',')
{
$dn .= ',';
}
$dn .= $this->settings->getBaseDN();
// page results
$filter = $this->settings->getFilter();
$page_filter = array('a','b','c','d','e','f','g','h','i','j','k','l','m','n','o','p','q','r','s','t','u','v','w','x','y','z','-');
$chars = array('a','b','c','d','e','f','g','h','i','j','k','l','m','n','o','p','q','r','s','t','u','v','w','x','y','z');
foreach($page_filter as $letter)
{
$new_filter = '(&';
$new_filter .= $filter;
switch($letter)
{
case '-':
$new_filter .= ('(!(|');
foreach($chars as $char)
{
$new_filter .= ('('.$this->settings->getUserAttribute().'='.$char.'*)');
}
$new_filter .= ')))';
break;
default:
$new_filter .= ('('.$this->settings->getUserAttribute().'='.$letter.'*))');
break;
}
$this->log->write(__METHOD__.': Searching with ldap search and filter '.$new_filter.' in '.$dn);
$res = $this->queryByScope($this->settings->getUserScope(),
$dn,
$new_filter,
array($this->settings->getUserAttribute()));
$tmp_result = new ilLDAPResult($this->lh,$res);
if(!$tmp_result->numRows())
{
$this->log->write(__METHOD__.': No users found. Aborting.');
continue;
}
$this->log->write(__METHOD__.': Found '.$tmp_result->numRows().' users.');
foreach($tmp_result->getRows() as $data)
{
if(isset($data[$this->settings->getUserAttribute()]))
{
$this->readUserData($data[$this->settings->getUserAttribute()],false,false);
}
else
{
$this->log->write(__METHOD__.': Unknown error. No user attribute found.');
}
}
unset($tmp_result);
}
return true;
}
Here is the call graph for this function:
Here is the caller graph for this function:
| ilLDAPQuery::readUserData | ( | $ | a_name, | |
| $ | a_check_dn = true, |
|||
| $ | a_try_group_user_filter = false | |||
| ) | [private] |
Read user data.
- Parameters:
-
bool check dn bool use group filter private
Definition at line 336 of file class.ilLDAPQuery.php.
References $res, ilObjUser::_checkExternalAuthAccount(), and queryByScope().
Referenced by fetchGroupMembers(), fetchUser(), and readAllUsers().
{
$filter = $this->settings->getFilter();
if($a_try_group_user_filter)
{
if($this->settings->isMembershipOptional())
{
$filter = $this->settings->getGroupUserFilter();
}
}
// Build filter
if($this->settings->enabledGroupMemberIsDN() and $a_check_dn)
{
$dn = $a_name;
$res = $this->queryByScope(IL_LDAP_SCOPE_BASE,$dn,$filter,$this->user_fields);
}
else
{
$filter = sprintf('(&(%s=%s)%s)',
$this->settings->getUserAttribute(),
$a_name,
$filter);
// Build search base
if(($dn = $this->settings->getSearchBase()) && substr($dn,-1) != ',')
{
$dn .= ',';
}
$dn .= $this->settings->getBaseDN();
$fields = array_merge($this->user_fields,array('useraccountcontrol'));
$res = $this->queryByScope($this->settings->getUserScope(),strtolower($dn),$filter,$fields);
}
$tmp_result = new ilLDAPResult($this->lh,$res);
if(!$tmp_result->numRows())
{
$this->log->write('LDAP: No user data found for: '.$a_name);
unset($tmp_result);
return false;
}
if($user_data = $tmp_result->get())
{
if(isset($user_data['useraccountcontrol']))
{
if(($user_data['useraccountcontrol'] & 0x02))
{
$this->log->write(__METHOD__.': '.$a_name.' account disabled.');
return;
}
}
$user_ext = $user_data[strtolower($this->settings->getUserAttribute())];
$user_data['ilInternalAccount'] = ilObjUser::_checkExternalAuthAccount('ldap',$user_ext);
$this->users[$user_ext] = $user_data;
}
return true;
}
Here is the call graph for this function:
Here is the caller graph for this function:
| ilLDAPQuery::unbind | ( | ) | [private] |
Unbind.
private
- Parameters:
-
Definition at line 568 of file class.ilLDAPQuery.php.
{
if($this->lh)
{
@ldap_unbind($this->lh);
}
}
Field Documentation
ilLDAPQuery::$ldap_server_url = null [private] |
Definition at line 43 of file class.ilLDAPQuery.php.
ilLDAPQuery::$log = null [private] |
Definition at line 45 of file class.ilLDAPQuery.php.
ilLDAPQuery::$settings = null [private] |
Definition at line 44 of file class.ilLDAPQuery.php.
ilLDAPQuery::$user_fields = array() [private] |
Definition at line 47 of file class.ilLDAPQuery.php.
The documentation for this class was generated from the following file:
- Services/LDAP/classes/class.ilLDAPQuery.php
