Auth LDAP overwrites PEAR Auth to perform LDAP authentication with specific ILIAS options. More...
Inheritance diagram for ilAuthLDAP:
Collaboration diagram for ilAuthLDAP:
Public Member Functions | |
| __construct () | |
| forceCreation ($a_status) | |
| Force creation of user accounts. | |
Protected Member Functions | |
| loginObserver ($a_username) | |
| Called from base class after successful login. | |
| failedLoginObserver () | |
| Called from base class after failed login. | |
Private Member Functions | |
| initLDAPAttributeToUser () | |
| Init LDAP attribute mapping. | |
| initServer () | |
| initContainer () | |
| Init overwritten. | |
| setCallbacks () | |
| Set callback function for PEAR Auth. | |
| initLogObserver () | |
| Init Log observer. | |
Private Attributes | |
| $ldap_server = null | |
| $ldap_container = null | |
| $ldap_attr_to_user = null | |
| $log = null | |
| $logCache = '' | |
| $force_creation = false | |
Detailed Description
Auth LDAP overwrites PEAR Auth to perform LDAP authentication with specific ILIAS options.
- Version:
- $Id$
Definition at line 36 of file class.ilAuthLDAP.php.
Constructor & Destructor Documentation
| ilAuthLDAP::__construct | ( | ) |
Definition at line 46 of file class.ilAuthLDAP.php.
References $ilLog, initContainer(), initLogObserver(), initServer(), and setCallbacks().
{
global $ilLog;
$this->log = $ilLog;
// Read setting of LDAP server
$this->initServer();
$this->initContainer();
parent::Auth($this->ldap_container,$this->ldap_server->toPearAuthArray(),'',false);
$this->initLogObserver();
// Set callbacks
$this->setCallbacks();
}
Here is the call graph for this function:
Member Function Documentation
| ilAuthLDAP::failedLoginObserver | ( | ) | [protected] |
Called from base class after failed login.
- Parameters:
-
string username
Definition at line 147 of file class.ilAuthLDAP.php.
References logout().
{
if(!$this->ldap_container->enabledOptionalGroupCheck() and $this->ldap_server->isMembershipOptional())
{
$this->logout();
$this->ldap_container->enableOptionalGroupCheck();
$this->start();
}
}
Here is the call graph for this function:
| ilAuthLDAP::forceCreation | ( | $ | a_status | ) |
Force creation of user accounts.
public
- Parameters:
-
bool force_creation
Definition at line 69 of file class.ilAuthLDAP.php.
{
$this->force_creation = true;
}
| ilAuthLDAP::initContainer | ( | ) | [private] |
Init overwritten.
private
- Parameters:
-
Definition at line 183 of file class.ilAuthLDAP.php.
Referenced by __construct().
{
include_once('Services/LDAP/classes/class.ilAuthContainerLDAP.php');
$this->ldap_container = new ilAuthContainerLDAP($this->ldap_server,$this->ldap_server->toPearAuthArray());
}
Here is the caller graph for this function:
| ilAuthLDAP::initLDAPAttributeToUser | ( | ) | [private] |
Init LDAP attribute mapping.
private
Definition at line 163 of file class.ilAuthLDAP.php.
Referenced by loginObserver().
{
include_once('Services/LDAP/classes/class.ilLDAPAttributeToUser.php');
$this->ldap_attr_to_user = new ilLDAPAttributeToUser($this->ldap_server);
}
Here is the caller graph for this function:
| ilAuthLDAP::initLogObserver | ( | ) | [private] |
Init Log observer.
private
- Parameters:
-
Definition at line 206 of file class.ilAuthLDAP.php.
References $ilLog.
Referenced by __construct().
{
global $ilLog;
if(!method_exists($this,'attachLogObserver'))
{
$ilLog->write(__METHOD__.': PEAR Auth < 1.5 => disabling logging.');
return false;
}
if(@include_once('Log.php'))
{
if(@include_once('Log/observer.php'))
{
$ilLog->write(__METHOD__.': Attached Logging observer.');
include_once('Services/LDAP/classes/class.ilAuthLDAPLogObserver.php');
$this->attachLogObserver(new ilAuthLDAPLogObserver(AUTH_LOG_DEBUG));
return true;
}
}
$ilLog->write(__METHOD__.': PEAR Log not installed. Logging disabled');
}
Here is the caller graph for this function:
| ilAuthLDAP::initServer | ( | ) | [private] |
Definition at line 169 of file class.ilAuthLDAP.php.
References ilLDAPServer::_getFirstActiveServer().
Referenced by __construct().
{
include_once 'Services/LDAP/classes/class.ilLDAPServer.php';
$this->ldap_server = new ilLDAPServer(ilLDAPServer::_getFirstActiveServer());
$this->ldap_server->doConnectionCheck();
}
Here is the call graph for this function:
Here is the caller graph for this function:
| ilAuthLDAP::loginObserver | ( | $ | a_username | ) | [protected] |
Called from base class after successful login.
- Parameters:
-
string username
Definition at line 79 of file class.ilAuthLDAP.php.
References $_SESSION, $ilBench, ilObjUser::_checkExternalAuthAccount(), ilLDAPRoleAssignments::_getInstanceByServer(), initLDAPAttributeToUser(), logout(), and ilUtil::redirect().
{
global $ilBench;
$ilBench->start('Auth','LDAPLoginObserver');
$user_data = array_change_key_case($this->getAuthData(),CASE_LOWER);
// user is authenticated
// Now we trust the username received from ldap and use it as external account name,
// to avoid problems with leading/trailing whitespace characters
$a_username = isset($user_data[$this->ldap_server->getUserAttribute()]) ?
$user_data[$this->ldap_server->getUserAttribute()] :
trim($a_username);
$user_data['ilInternalAccount'] = ilObjUser::_checkExternalAuthAccount("ldap",$a_username);
$users[$a_username] = $user_data;
if($this->ldap_server->enabledSyncOnLogin())
{
if(!$user_data['ilInternalAccount'] and $this->ldap_server->isAccountMigrationEnabled() and !$this->force_creation)
{
$this->logout();
$_SESSION['tmp_auth_mode'] = 'ldap';
$_SESSION['tmp_external_account'] = $a_username;
$_SESSION['tmp_pass'] = $_POST['password'];
include_once('./Services/LDAP/classes/class.ilLDAPRoleAssignments.php');
$role_ass = ilLDAPRoleAssignments::_getInstanceByServer($this->ldap_server);
$role_inf = $role_ass->assignedRoles($a_username,$user_data);
$_SESSION['tmp_roles'] = array();
foreach($role_inf as $info)
{
$_SESSION['tmp_roles'][] = $info['id'];
}
$ilBench->stop('Auth','LDAPLoginObserver');
ilUtil::redirect('ilias.php?baseClass=ilStartUpGUI&cmdClass=ilstartupgui&cmd=showAccountMigration');
}
// Refresh or create user data
$ilBench->start('Auth','LDAPUserSynchronization');
$this->initLDAPAttributeToUser();
$this->ldap_attr_to_user->setUserData($users);
$this->ldap_attr_to_user->refresh();
$user_data['ilInternalAccount'] = ilObjUser::_checkExternalAuthAccount("ldap",$a_username);
$ilBench->stop('Auth','LDAPUserSynchronization');
}
if(!$user_data['ilInternalAccount'])
{
// No syncronisation allowed => create Error
$this->status = AUTH_LDAP_NO_ILIAS_USER;
$this->logout();
$ilBench->stop('Auth','LDAPLoginObserver');
return;
}
// Finally setAuth
$this->setAuth($user_data['ilInternalAccount']);
$ilBench->stop('Auth','LDAPLoginObserver');
return;
}
Here is the call graph for this function:
| ilAuthLDAP::setCallbacks | ( | ) | [private] |
Set callback function for PEAR Auth.
Definition at line 193 of file class.ilAuthLDAP.php.
Referenced by __construct().
{
$this->setLoginCallback(array($this,'loginObserver'));
$this->setFailedLoginCallback(array($this,'failedLoginObserver'));
}
Here is the caller graph for this function:
Field Documentation
ilAuthLDAP::$force_creation = false [private] |
Definition at line 44 of file class.ilAuthLDAP.php.
ilAuthLDAP::$ldap_attr_to_user = null [private] |
Definition at line 40 of file class.ilAuthLDAP.php.
ilAuthLDAP::$ldap_container = null [private] |
Definition at line 39 of file class.ilAuthLDAP.php.
ilAuthLDAP::$ldap_server = null [private] |
Definition at line 38 of file class.ilAuthLDAP.php.
ilAuthLDAP::$log = null [private] |
Definition at line 41 of file class.ilAuthLDAP.php.
ilAuthLDAP::$logCache = '' [private] |
Definition at line 42 of file class.ilAuthLDAP.php.
The documentation for this class was generated from the following file:
- Services/LDAP/classes/class.ilAuthLDAP.php
