ILIAS  Release_4_0_x_branch Revision 61816
 All Data Structures Namespaces Files Functions Variables Groups Pages
class.ilLDAPServer.php
Go to the documentation of this file.
1 <?php
2 
3 /*
4  +-----------------------------------------------------------------------------+
5  | ILIAS open source |
6  +-----------------------------------------------------------------------------+
7  | Copyright (c) 1998-2006 ILIAS open source, University of Cologne |
8  | |
9  | This program is free software; you can redistribute it and/or |
10  | modify it under the terms of the GNU General Public License |
11  | as published by the Free Software Foundation; either version 2 |
12  | of the License, or (at your option) any later version. |
13  | |
14  | This program is distributed in the hope that it will be useful, |
15  | but WITHOUT ANY WARRANTY; without even the implied warranty of |
16  | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
17  | GNU General Public License for more details. |
18  | |
19  | You should have received a copy of the GNU General Public License |
20  | along with this program; if not, write to the Free Software |
21  | Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. |
22  +-----------------------------------------------------------------------------+
23 */
24 
25 define('IL_LDAP_BIND_ANONYMOUS',0);
26 define('IL_LDAP_BIND_USER',1);
27 
28 define('IL_LDAP_SCOPE_SUB',0);
29 define('IL_LDAP_SCOPE_ONE',1);
30 define('IL_LDAP_SCOPE_BASE',2);
31 
44 class ilLDAPServer
45 {
46  private static $instances = array();
47 
48  const DEBUG = false;
49  const DEFAULT_VERSION = 3;
50 
51  private $role_bind_dn = '';
52  private $role_bind_pass = '';
53  private $role_sync_active = 0;
54 
55  private $server_id = null;
56  private $fallback_urls = array();
57 
58  public function __construct($a_server_id = 0)
59  {
60  global $ilDB,$lng;
61 
62  $this->db = $ilDB;
63  $this->lng = $lng;
64  $this->server_id = $a_server_id;
65 
66  $this->read();
67  }
68 
69  public static function getInstanceByServerId($a_server_id)
70  {
71  if(isset(self::$instances[$a_server_id]))
72  {
73  return self::$instances[$a_server_id];
74  }
75  return self::$instances[$a_server_id] = new ilLDAPServer($a_server_id);
76  }
77 
83  public static function _getActiveServerList()
84  {
85  global $ilDB;
86 
87  $query = "SELECT server_id FROM ldap_server_settings ".
88  "WHERE active = 1 ".
89  "ORDER BY name ";
90  $res = $ilDB->query($query);
91  while($row = $ilDB->fetchObject($res))
92  {
93  $server_ids[] = $row->server_id;
94  }
95  return $server_ids ? $server_ids : array();
96  }
97 
103  public static function _getCronServerIds()
104  {
105  global $ilDB;
106 
107  $query = "SELECT server_id FROM ldap_server_settings ".
108  "WHERE active = 1 ".
109  "AND sync_per_cron = 1 ".
110  "ORDER BY name";
111 
112  $res = $ilDB->query($query);
113  while($row = $ilDB->fetchObject($res))
114  {
115  $server_ids[] = $row->server_id;
116  }
117  return $server_ids ? $server_ids : array();
118  }
119 
127  public static function _getRoleSyncServerIds()
128  {
129  global $ilDB;
130 
131  $query = "SELECT server_id FROM ldap_server_settings ".
132  "WHERE active = 1 ".
133  "AND role_sync_active = 1 ";
134 
135  $res = $ilDB->query($query);
136  while($row = $ilDB->fetchObject($res))
137  {
138  $server_ids[] = $row->server_id;
139  }
140  return $server_ids ? $server_ids : array();
141  }
142 
150  public static function _getPasswordServers()
151  {
152  return ilLDAPServer::_getActiveServerList();
153  }
154 
155 
161  public static function _getFirstActiveServer()
162  {
163  $servers = ilLDAPServer::_getActiveServerList();
164  if(count($servers))
165  {
166  return $servers[0];
167  }
168  return 0;
169  }
170 
176  public static function _getServerList()
177  {
178  global $ilDB;
179 
180  $query = "SELECT server_id FROM ldap_server_settings ORDER BY name";
181 
182  $res = $ilDB->query($query);
183  while($row = $ilDB->fetchObject($res))
184  {
185  $server_ids[] = $row->server_id;
186  }
187  return $server_ids ? $server_ids : array();
188  }
189 
190  /*
191  * Get first server id
192  *
193  * @return integer server_id
194  */
195  public static function _getFirstServer()
196  {
197  $servers = ilLDAPServer::_getServerList();
198 
199  if(count($servers))
200  {
201  return $servers[0];
202  }
203  return 0;
204  }
205 
206  // Set/Get
207  public function getServerId()
208  {
209  return $this->server_id;
210  }
211 
212 
213  public function toggleActive($a_status)
214  {
215  $this->active = $a_status;
216  }
217  public function isActive()
218  {
219  return $this->active;
220  }
221  public function getUrl()
222  {
223  return $this->url;
224  }
225  public function setUrl($a_url)
226  {
227  $this->url_string = $a_url;
228 
229  // Maybe there are more than one url's (comma seperated).
230  $urls = explode(',',$a_url);
231 
232  $counter = 0;
233  foreach($urls as $url)
234  {
235  $url = trim($url);
236  if(!$counter++)
237  {
238  $this->url = $url;
239  }
240  else
241  {
242  $this->fallback_urls[] = $url;
243  }
244  }
245  }
246  public function getUrlString()
247  {
248  return $this->url_string;
249  }
250 
258  public function doConnectionCheck()
259  {
260  global $ilLog;
261 
262  include_once('Services/LDAP/classes/class.ilLDAPQuery.php');
263 
264  foreach(array_merge(array(0 => $this->url),$this->fallback_urls) as $url)
265  {
266  try
267  {
268  // Need to do a full bind, since openldap return valid connection links for invalid hosts
269  $query = new ilLDAPQuery($this,$url);
270  $query->bind();
271  $this->url = $url;
272  $ilLog->write(__METHOD__.': Using url: '.$url.'.');
273  return true;
274  }
275  catch(ilLDAPQueryException $exc)
276  {
277  $ilLog->write(__METHOD__.': Cannot connect to LDAP server: '.$url.'. Trying fallback...');
278  }
279  }
280  $ilLog->write(__METHOD__.': No valid LDAP server found.');
281  return false;
282  }
283 
284 
285  public function getName()
286  {
287  return $this->name;
288  }
289  public function setName($a_name)
290  {
291  $this->name = $a_name;
292  }
293  public function getVersion()
294  {
295  return $this->version ? $this->version : self::DEFAULT_VERSION;
296  }
297  public function setVersion($a_version)
298  {
299  $this->version = $a_version;
300  }
301  public function getBaseDN()
302  {
303  return $this->base_dn;
304  }
305  public function setBaseDN($a_base_dn)
306  {
307  $this->base_dn = $a_base_dn;
308  }
309  public function isActiveReferrer()
310  {
311  return $this->referrals ? true : false;
312  }
313  public function toggleReferrer($a_status)
314  {
315  $this->referrals = $a_status;
316  }
317  public function isActiveTLS()
318  {
319  return $this->tls ? true : false;
320  }
321  public function toggleTLS($a_status)
322  {
323  $this->tls = $a_status;
324  }
325  public function getBindingType()
326  {
327  return $this->binding_type;
328  }
329  public function setBindingType($a_type)
330  {
331  if($a_type == IL_LDAP_BIND_USER)
332  {
333  $this->binding_type = IL_LDAP_BIND_USER;
334  }
335  else
336  {
337  $this->binding_type = IL_LDAP_BIND_ANONYMOUS;
338  }
339  }
340  public function getBindUser()
341  {
342  return $this->bind_user;
343  }
344  public function setBindUser($a_user)
345  {
346  $this->bind_user = $a_user;
347  }
348  public function getBindPassword()
349  {
350  return $this->bind_password;
351  }
352  public function setBindPassword($a_password)
353  {
354  $this->bind_password = $a_password;
355  }
356  public function getSearchBase()
357  {
358  return $this->search_base;
359  }
360  public function setSearchBase($a_search_base)
361  {
362  $this->search_base = $a_search_base;
363  }
364  public function getUserAttribute()
365  {
366  return $this->user_attribute;
367  }
368  public function setUserAttribute($a_user_attr)
369  {
370  $this->user_attribute = $a_user_attr;
371  }
372  public function getFilter()
373  {
374  return $this->prepareFilter($this->filter);
375  }
376  public function setFilter($a_filter)
377  {
378  $this->filter = $a_filter;
379  }
380  public function getGroupDN()
381  {
382  return $this->group_dn;
383  }
384  public function setGroupDN($a_value)
385  {
386  $this->group_dn = $a_value;
387  }
388  public function getGroupFilter()
389  {
390  return $this->prepareFilter($this->group_filter);
391  }
392  public function setGroupFilter($a_value)
393  {
394  $this->group_filter = $a_value;
395  }
396  public function getGroupMember()
397  {
398  return $this->group_member;
399  }
400  public function setGroupMember($a_value)
401  {
402  $this->group_member = $a_value;
403  }
404  public function getGroupName()
405  {
406  return $this->group_name;
407  }
408  public function setGroupName($a_value)
409  {
410  $this->group_name = $a_value;
411  }
419  public function getGroupNames()
420  {
421  $names = explode(',',$this->getGroupName());
422 
423  if(!is_array($names))
424  {
425  return array();
426  }
427  foreach($names as $name)
428  {
429  $new_names[] = trim($name);
430  }
431  return $new_names;
432  }
433 
434 
435  public function getGroupAttribute()
436  {
437  return $this->group_attribute;
438  }
439  public function setGroupAttribute($a_value)
440  {
441  $this->group_attribute = $a_value;
442  }
443 
444  public function toggleMembershipOptional($a_status)
445  {
446  $this->group_optional = (bool) $a_status;
447  }
448  public function isMembershipOptional()
449  {
450  return (bool) $this->group_optional;
451  }
452  public function setGroupUserFilter($a_filter)
453  {
454  $this->group_user_filter = $a_filter;
455  }
456  public function getGroupUserFilter()
457  {
458  return $this->group_user_filter;
459  }
460 
461  public function enabledGroupMemberIsDN()
462  {
463  return (bool) $this->memberisdn;
464  }
465  public function enableGroupMemberIsDN($a_value)
466  {
467  $this->memberisdn = (bool) $a_value;
468  }
469  public function setGroupScope($a_value)
470  {
471  $this->group_scope = $a_value;
472  }
473  public function getGroupScope()
474  {
475  return $this->group_scope;
476  }
477  public function setUserScope($a_value)
478  {
479  $this->user_scope = $a_value;
480  }
481  public function getUserScope()
482  {
483  return $this->user_scope;
484  }
485  public function enabledSyncOnLogin()
486  {
487  return $this->sync_on_login;
488  }
489  public function enableSyncOnLogin($a_value)
490  {
491  $this->sync_on_login = (int) $a_value;
492  }
493  public function enabledSyncPerCron()
494  {
495  return $this->sync_per_cron;
496  }
497  public function enableSyncPerCron($a_value)
498  {
499  $this->sync_per_cron = (int) $a_value;
500  }
501  public function setGlobalRole($a_role)
502  {
503  $this->global_role = $a_role;
504  }
505  public function getRoleBindDN()
506  {
507  return $this->role_bind_dn;
508  }
509  public function setRoleBindDN($a_value)
510  {
511  $this->role_bind_dn = $a_value;
512  }
513  public function getRoleBindPassword()
514  {
515  return $this->role_bind_pass;
516  }
517  public function setRoleBindPassword($a_value)
518  {
519  $this->role_bind_pass = $a_value;
520  }
521  public function enabledRoleSynchronization()
522  {
523  return $this->role_sync_active;
524  }
525  public function enableRoleSynchronization($a_value)
526  {
527  $this->role_sync_active = $a_value;
528  }
529 
537  public function enableAccountMigration($a_status)
538  {
539  $this->account_migration = $a_status;
540  }
541 
548  public function isAccountMigrationEnabled()
549  {
550  return $this->account_migration ? true : false;
551  }
552 
553 
559  public function validate()
560  {
561  global $ilErr;
562 
563  $ilErr->setMessage('');
564  if(!strlen($this->getName()) ||
565  !strlen($this->getUrl()) ||
566  !strlen($this->getBaseDN()) ||
567  !strlen($this->getUserAttribute()))
568  {
569  $ilErr->setMessage($this->lng->txt('fill_out_all_required_fields'));
570  }
571 
572  if($this->getBindingType() == IL_LDAP_BIND_USER
573  && (!strlen($this->getBindUser()) || !strlen($this->getBindPassword())))
574  {
575  $ilErr->appendMessage($this->lng->txt('ldap_missing_bind_user'));
576  }
577 
578  if(($this->enabledSyncPerCron() or $this->enabledSyncOnLogin()) and !$this->global_role)
579  {
580  $ilErr->appendMessage($this->lng->txt('ldap_missing_role_assignment'));
581  }
582  if($this->getVersion() == 2 and $this->isActiveTLS())
583  {
584  $ilErr->appendMessage($this->lng->txt('ldap_tls_conflict'));
585  }
586 
587  return strlen($ilErr->getMessage()) ? false : true;
588  }
589 
590  public function create()
591  {
592  global $ilDB;
593 
594  $next_id = $ilDB->nextId('ldap_server_settings');
595 
596  $query = 'INSERT INTO ldap_server_settings (server_id,active,name,url,version,base_dn,referrals,tls,bind_type,bind_user,bind_pass,'.
597  'search_base,user_scope,user_attribute,filter,group_dn,group_scope,group_filter,group_member,group_memberisdn,group_name,'.
598  'group_attribute,group_optional,group_user_filter,sync_on_login,sync_per_cron,role_sync_active,role_bind_dn,role_bind_pass,migration) '.
599  'VALUES (%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s)';
600  $res = $ilDB->queryF($query,
601  array(
602  'integer','integer','text','text','integer','text','integer','integer','integer','text','text','text','integer',
603  'text','text','text','integer','text','text','integer','text','text','integer','text','integer','integer','integer',
604  'text','text', 'integer'),
605  array(
606  $next_id,
607  $this->isActive(),
608  $this->getName(),
609  $this->getUrlString(),
610  $this->getVersion(),
611  $this->getBaseDN(),
612  $this->isActiveReferrer(),
613  $this->isActiveTLS(),
614  $this->getBindingType(),
615  $this->getBindUser(),
616  $this->getBindPassword(),
617  $this->getSearchBase(),
618  $this->getUserScope(),
619  $this->getUserAttribute(),
620  $this->getFilter(),
621  $this->getGroupDN(),
622  $this->getGroupScope(),
623  $this->getGroupFilter(),
624  $this->getGroupMember(),
625  $this->enabledGroupMemberIsDN(),
626  $this->getGroupName(),
627  $this->getGroupAttribute(),
628  $this->isMembershipOptional(),
629  $this->getGroupUserFilter(),
630  $this->enabledSyncOnLogin(),
631  $this->enabledSyncPerCron(),
632  $this->enabledRoleSynchronization(),
633  $this->getRoleBindDN(),
634  $this->getRoleBindPassword(),
635  $this->isAccountMigrationEnabled()
636  ));
637 
638  return $next_id;
639  }
640 
641  public function update()
642  {
643  global $ilDB;
644 
645  $query = "UPDATE ldap_server_settings SET ".
646  "active = ".$this->db->quote($this->isActive(),'integer').", ".
647  "name = ".$this->db->quote($this->getName(),'text').", ".
648  "url = ".$this->db->quote($this->getUrlString(),'text').", ".
649  "version = ".$this->db->quote($this->getVersion(),'integer').", ".
650  "base_dn = ".$this->db->quote($this->getBaseDN(),'text').", ".
651  "referrals = ".$this->db->quote($this->isActiveReferrer(),'integer').", ".
652  "tls = ".$this->db->quote($this->isActiveTLS(),'integer').", ".
653  "bind_type = ".$this->db->quote($this->getBindingType(),'integer').", ".
654  "bind_user = ".$this->db->quote($this->getBindUser(),'text').", ".
655  "bind_pass = ".$this->db->quote($this->getBindPassword(),'text').", ".
656  "search_base = ".$this->db->quote($this->getSearchBase(),'text').", ".
657  "user_scope = ".$this->db->quote($this->getUserScope(),'integer').", ".
658  "user_attribute = ".$this->db->quote($this->getUserAttribute(),'text').", ".
659  "filter = ".$this->db->quote($this->getFilter(),'text').", ".
660  "group_dn = ".$this->db->quote($this->getGroupDN(),'text').", ".
661  "group_scope = ".$this->db->quote($this->getGroupScope(),'integer').", ".
662  "group_filter = ".$this->db->quote($this->getGroupFilter(),'text').", ".
663  "group_member = ".$this->db->quote($this->getGroupMember(),'text').", ".
664  "group_memberisdn =".$this->db->quote((int) $this->enabledGroupMemberIsDN(),'integer').", ".
665  "group_name = ".$this->db->quote($this->getGroupName(),'text').", ".
666  "group_attribute = ".$this->db->quote($this->getGroupAttribute(),'text').", ".
667  "group_optional = ".$this->db->quote((int) $this->isMembershipOptional(),'integer').", ".
668  "group_user_filter = ".$this->db->quote($this->getGroupUserFilter(),'text').", ".
669  "sync_on_login = ".$this->db->quote(($this->enabledSyncOnLogin() ? 1 : 0),'integer').", ".
670  "sync_per_cron = ".$this->db->quote(($this->enabledSyncPerCron() ? 1 : 0),'integer').", ".
671  "role_sync_active = ".$this->db->quote($this->enabledRoleSynchronization(),'integer').", ".
672  "role_bind_dn = ".$this->db->quote($this->getRoleBindDN(),'text').", ".
673  "role_bind_pass = ".$this->db->quote($this->getRoleBindPassword(),'text').", ".
674  "migration = ".$this->db->quote((int)$this->isAccountMigrationEnabled(),'integer')." ".
675  "WHERE server_id = ".$this->db->quote($this->getServerId(),'integer');
676 
677  $res = $ilDB->manipulate($query);
678  return true;
679  }
680 
686  public function toPearAuthArray()
687  {
688  $options = array(
689  'url' => $this->getUrl(),
690  'version' => (int) $this->getVersion(),
691  'referrals' => (bool) $this->isActiveReferrer());
692 
693  if($this->getBindingType() == IL_LDAP_BIND_USER)
694  {
695  $options['binddn'] = $this->getBindUser();
696  $options['bindpw'] = $this->getBindPassword();
697  }
698  $options['basedn'] = $this->getBaseDN();
699  $options['start_tls'] = (bool) $this->isActiveTLS();
700  $options['userdn'] = $this->getSearchBase();
701  switch($this->getUserScope())
702  {
703  case IL_LDAP_SCOPE_ONE:
704  $options['userscope'] = 'one';
705  break;
706  default:
707  $options['userscope'] = 'sub';
708  break;
709  }
710 
711  $options['userattr'] = $this->getUserAttribute();
712  $options['userfilter'] = $this->getFilter();
713  $options['attributes'] = $this->getPearAtributeArray();
714  $options['debug'] = self::DEBUG;
715 
716  if(@include_once('Log.php'))
717  {
718  if(@include_once('Log/observer.php'))
719  {
720  $options['enableLogging'] = true;
721  }
722  }
723  switch($this->getGroupScope())
724  {
725  case IL_LDAP_SCOPE_BASE:
726  $options['groupscope'] = 'base';
727  break;
728  case IL_LDAP_SCOPE_ONE:
729  $options['groupscope'] = 'one';
730  break;
731  default:
732  $options['groupscope'] = 'sub';
733  break;
734  }
735  $options['groupdn'] = $this->getGroupDN();
736  $options['groupattr'] = $this->getGroupAttribute();
737  $options['groupfilter'] = $this->getGroupFilter();
738  $options['memberattr'] = $this->getGroupMember();
739  $options['memberisdn'] = $this->enabledGroupMemberIsDN();
740  $options['group'] = $this->getGroupName();
741 
742 
743  return $options;
744  }
745 
753  private function prepareFilter($a_filter)
754  {
755  $filter = trim($a_filter);
756 
757  if(!strlen($filter))
758  {
759  return $filter;
760  }
761 
762  if(strpos($filter,'(') !== 0)
763  {
764  $filter = ('('.$filter);
765  }
766  if(substr($filter,-1) != ')')
767  {
768  $filter = ($filter.')');
769  }
770  return $filter;
771  }
772 
780  private function getPearAtributeArray()
781  {
782  if($this->enabledSyncOnLogin())
783  {
784  include_once('Services/LDAP/classes/class.ilLDAPAttributeMapping.php');
785  include_once('Services/LDAP/classes/class.ilLDAPRoleAssignmentRules.php');
786  $mapping = ilLDAPAttributeMapping::_getInstanceByServerId($this->getServerId());
787  return array_merge(
788  array($this->getUserAttribute()),
789  $mapping->getFields(),
790  array('dn'),
791  ilLDAPRoleAssignmentRules::getAttributeNames()
792  );
793  }
794  else
795  {
796  return array($this->getUserAttribute());
797  }
798  }
799 
800 
801 
806  private function read()
807  {
808  if(!$this->server_id)
809  {
810  return true;
811  }
812  $query = "SELECT * FROM ldap_server_settings WHERE server_id = ".$this->db->quote($this->server_id)."";
813 # var_dump("<pre>",$query,"</pre>");
814 
815  $res = $this->db->query($query);
816  while($row = $res->fetchRow(DB_FETCHMODE_OBJECT))
817  {
818  $this->toggleActive($row->active);
819  $this->setName($row->name);
820  $this->setUrl($row->url);
821  $this->setVersion($row->version);
822  $this->setBaseDN($row->base_dn);
823  $this->toggleReferrer($row->referrals);
824  $this->toggleTLS($row->tls);
825  $this->setBindingType($row->bind_type);
826  $this->setBindUser($row->bind_user);
827  $this->setBindPassword($row->bind_pass);
828  $this->setSearchBase($row->search_base);
829  $this->setUserScope($row->user_scope);
830  $this->setUserAttribute($row->user_attribute);
831  $this->setFilter($row->filter);
832  $this->setGroupDN($row->group_dn);
833  $this->setGroupScope($row->group_scope);
834  $this->setGroupFilter($row->group_filter);
835  $this->setGroupMember($row->group_member);
836  $this->setGroupAttribute($row->group_attribute);
837  $this->toggleMembershipOptional($row->group_optional);
838  $this->setGroupUserFilter($row->group_user_filter);
839  $this->enableGroupMemberIsDN($row->group_memberisdn);
840  $this->setGroupName($row->group_name);
841  $this->enableSyncOnLogin($row->sync_on_login);
842  $this->enableSyncPerCron($row->sync_per_cron);
843  $this->enableRoleSynchronization($row->role_sync_active);
844  $this->setRoleBindDN($row->role_bind_dn);
845  $this->setRoleBindPassword($row->role_bind_pass);
846  $this->enableAccountMigration($row->migration);
847  }
848  }
849 }
850 ?>