ILIAS Release_3_9_x_branch .rev 46835: Services/LDAP/classes/class.ilAuthLDAP.php Source File

Go to the documentation of this file.
00001 <?php
00002 /*
00003         +-----------------------------------------------------------------------------+
00004         | ILIAS open source                                                           |
00005         +-----------------------------------------------------------------------------+
00006         | Copyright (c) 1998-2006 ILIAS open source, University of Cologne            |
00007         |                                                                             |
00008         | This program is free software; you can redistribute it and/or               |
00009         | modify it under the terms of the GNU General Public License                 |
00010         | as published by the Free Software Foundation; either version 2              |
00011         | of the License, or (at your option) any later version.                      |
00012         |                                                                             |
00013         | This program is distributed in the hope that it will be useful,             |
00014         | but WITHOUT ANY WARRANTY; without even the implied warranty of              |
00015         | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the               |
00016         | GNU General Public License for more details.                                |
00017         |                                                                             |
00018         | You should have received a copy of the GNU General Public License           |
00019         | along with this program; if not, write to the Free Software                 |
00020         | Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA. |
00021         +-----------------------------------------------------------------------------+
00022 */
00023 
00034 include_once('Auth/Auth.php');
00035 
00036 class ilAuthLDAP extends Auth
00037 {
00038         private $ldap_server = null;
00039         private $ldap_container = null;
00040         private $ldap_attr_to_user = null;
00041         private $log = null;
00042         private $logCache = '';
00043         
00044         private $force_creation = false;
00045         
00046         public function __construct()
00047         {
00048                 global $ilLog;
00049                 
00050                 $this->log = $ilLog;
00051                 
00052                 // Read setting of LDAP server
00053                 $this->initServer();
00054                 $this->initContainer();
00055                 parent::Auth($this->ldap_container,$this->ldap_server->toPearAuthArray(),'',false);
00056                 $this->initLogObserver();               
00057                 
00058                 // Set callbacks
00059                 $this->setCallbacks();
00060         }
00061         
00069         public function forceCreation($a_status)
00070         {
00071                 $this->force_creation = true;
00072         }
00073         
00079         protected function loginObserver($a_username)
00080         {
00081                 global $ilBench;
00082                 
00083                 $ilBench->start('Auth','LDAPLoginObserver');
00084                 $user_data = array_change_key_case($this->getAuthData(),CASE_LOWER);
00085                 
00086                 // user is authenticated
00087                 // Now we trust the username received from ldap and use it as external account name,
00088                 // to avoid problems with leading/trailing whitespace characters
00089                 $a_username = isset($user_data[$this->ldap_server->getUserAttribute()]) ?
00090                         $user_data[$this->ldap_server->getUserAttribute()] :
00091                         trim($a_username);
00092                 
00093                 $user_data['ilInternalAccount'] = ilObjUser::_checkExternalAuthAccount("ldap",$a_username);
00094                 $users[$a_username] = $user_data;
00095                 
00096                 
00097                 if($this->ldap_server->enabledSyncOnLogin())
00098                 {
00099                         if(!$user_data['ilInternalAccount'] and $this->ldap_server->isAccountMigrationEnabled() and !$this->force_creation)
00100                         {
00101                                 $this->logout();
00102                                 $_SESSION['tmp_auth_mode'] = 'ldap';
00103                                 $_SESSION['tmp_external_account'] = $a_username;
00104                                 $_SESSION['tmp_pass'] = $_POST['password'];
00105                                 
00106                                 include_once('./Services/LDAP/classes/class.ilLDAPRoleAssignments.php');
00107                                 $role_ass = ilLDAPRoleAssignments::_getInstanceByServer($this->ldap_server);
00108                                 $role_inf = $role_ass->assignedRoles($a_username,$user_data);
00109                                 $_SESSION['tmp_roles'] = array();
00110                                 foreach($role_inf as $info)
00111                                 {
00112                                         $_SESSION['tmp_roles'][] = $info['id'];
00113                                 }
00114                                 $ilBench->stop('Auth','LDAPLoginObserver');
00115                                 ilUtil::redirect('ilias.php?baseClass=ilStartUpGUI&cmdClass=ilstartupgui&cmd=showAccountMigration');
00116                         }
00117 
00118                         // Refresh or create user data
00119                         $ilBench->start('Auth','LDAPUserSynchronization');
00120                         $this->initLDAPAttributeToUser();
00121                         $this->ldap_attr_to_user->setUserData($users);
00122                         $this->ldap_attr_to_user->refresh();
00123                         $user_data['ilInternalAccount'] = ilObjUser::_checkExternalAuthAccount("ldap",$a_username);
00124                         $ilBench->stop('Auth','LDAPUserSynchronization');
00125                 }
00126 
00127                 if(!$user_data['ilInternalAccount'])
00128                 {
00129                         // No syncronisation allowed => create Error
00130                         $this->status = AUTH_LDAP_NO_ILIAS_USER;
00131                         $this->logout();
00132                         $ilBench->stop('Auth','LDAPLoginObserver');
00133                         return;
00134                 }
00135                 // Finally setAuth
00136                 $this->setAuth($user_data['ilInternalAccount']);
00137                 $ilBench->stop('Auth','LDAPLoginObserver');
00138                 return;
00139                 
00140         }
00141         
00147         protected function failedLoginObserver()
00148         {
00149                 if(!$this->ldap_container->enabledOptionalGroupCheck() and $this->ldap_server->isMembershipOptional())
00150                 {
00151                         $this->logout();
00152                         $this->ldap_container->enableOptionalGroupCheck();
00153                         $this->start();
00154                 }
00155         }
00156         
00163         private function initLDAPAttributeToUser()
00164         {
00165                 include_once('Services/LDAP/classes/class.ilLDAPAttributeToUser.php');
00166                 $this->ldap_attr_to_user = new ilLDAPAttributeToUser($this->ldap_server);
00167         }
00168 
00169         private function initServer()
00170         {
00171                 include_once 'Services/LDAP/classes/class.ilLDAPServer.php';
00172                 $this->ldap_server = new ilLDAPServer(ilLDAPServer::_getFirstActiveServer());
00173                 $this->ldap_server->doConnectionCheck();
00174         }
00175         
00183         private function initContainer()
00184         {
00185                 include_once('Services/LDAP/classes/class.ilAuthContainerLDAP.php');
00186                 $this->ldap_container = new ilAuthContainerLDAP($this->ldap_server,$this->ldap_server->toPearAuthArray());
00187         }
00188         
00193         private function setCallbacks() 
00194         {
00195                 $this->setLoginCallback(array($this,'loginObserver'));
00196                 $this->setFailedLoginCallback(array($this,'failedLoginObserver'));
00197         }
00198         
00206         private function initLogObserver()
00207         {
00208                 global $ilLog;
00209                 
00210                 if(!method_exists($this,'attachLogObserver'))
00211                 {
00212                         $ilLog->write(__METHOD__.': PEAR Auth < 1.5 => disabling logging.');
00213                         return false;
00214                 }
00215                 
00216                 if(@include_once('Log.php'))
00217                 {
00218                         if(@include_once('Log/observer.php'))
00219                         {
00220                                 $ilLog->write(__METHOD__.': Attached Logging observer.');
00221                                 include_once('Services/LDAP/classes/class.ilAuthLDAPLogObserver.php');
00222                                 $this->attachLogObserver(new ilAuthLDAPLogObserver(AUTH_LOG_DEBUG));
00223                                 return true;
00224                         }
00225                 }
00226                 $ilLog->write(__METHOD__.': PEAR Log not installed. Logging disabled');
00227                 
00228         }
00229         
00230 }
00231 ?>