ILIAS  Release_4_0_x_branch Revision 61816
 All Data Structures Namespaces Files Functions Variables Groups Pages
Public Member Functions | Private Member Functions | Private Attributes
ilLDAPQuery Class Reference
Services/LDAP
+ Collaboration diagram for ilLDAPQuery:

Public Member Functions

 __construct (ilLDAPServer $a_server, $a_url= '')
 Constructur.
 fetchUser ($a_name)
 Get one user by login name.
 fetchUsers ()
 Fetch all users.
 query ($a_search_base, $a_filter, $a_scope, $a_attributes)
 Perform a query.
 modAdd ($a_dn, $a_attribute)
 Add value to an existing attribute.
 modDelete ($a_dn, $a_attribute)
 Delete value from an existing attribute.
 bind ($a_binding_type=IL_LDAP_BIND_DEFAULT, $a_user_dn= '', $a_password= '')
 Bind to LDAP server.
 __destruct ()
 Destructor unbind from ldap server.

Private Member Functions

 readAllUsers ()
 Fetch all users This function splits the query to filters like e.g (uid=a*) (uid=b*)...
 fetchGroupMembers ($a_name= '')
 Fetch group member ids.
 readUserData ($a_name, $a_check_dn=true, $a_try_group_user_filter=false)
 Read user data.
 queryByScope ($a_scope, $a_base_dn, $a_filter, $a_attributes)
 Query by scope IL_SCOPE_SUB => ldap_search IL_SCOPE_ONE => ldap_list.
 connect ()
 Connect to LDAP server.
 fetchUserProfileFields ()
 fetch required fields of user profile data
 unbind ()
 Unbind.

Private Attributes

 $ldap_server_url = null
 $settings = null
 $log = null
 $user_fields = array()

Detailed Description

Author
Stefan Meyer smeye.nosp@m.r@da.nosp@m.tabay.nosp@m..de
Version
$Id$

Definition at line 41 of file class.ilLDAPQuery.php.

Constructor & Destructor Documentation

ilLDAPQuery::__construct ( ilLDAPServer  $a_server,
  $a_url = '' 
)

Constructur.

private

Parameters
objectilLDAPServer or subclass
Exceptions
ilLDAPQueryException

Definition at line 57 of file class.ilLDAPQuery.php.

References $ilLog, ilLDAPAttributeMapping\_getInstanceByServerId(), connect(), fetchUserProfileFields(), and ilLDAPServer\getUrl().

{
global $ilLog;
$this->settings = $a_server;
if(strlen($a_url))
{
$this->ldap_server_url = $a_url;
}
else
{
$this->ldap_server_url = $this->settings->getUrl();
}
$this->mapping = ilLDAPAttributeMapping::_getInstanceByServerId($this->settings->getServerId());
$this->log = $ilLog;
$this->fetchUserProfileFields();
$this->connect();
}

+ Here is the call graph for this function:

ilLDAPQuery::__destruct ( )

Destructor unbind from ldap server.

private

Parameters

Definition at line 589 of file class.ilLDAPQuery.php.

{
if($this->lh)
{
@ldap_unbind($this->lh);
}
}

Member Function Documentation

ilLDAPQuery::bind (   $a_binding_type = IL_LDAP_BIND_DEFAULT,
  $a_user_dn = '',
  $a_password = '' 
)

Bind to LDAP server.

public

Parameters
intbinding_type IL_LDAP_BIND_DEFAULT || IL_LDAP_BIND_ADMIN
Exceptions
ilLDAPQueryExceptionon connection failure.

Definition at line 489 of file class.ilLDAPQuery.php.

References $pass, $user, IL_LDAP_BIND_ADMIN, IL_LDAP_BIND_DEFAULT, and IL_LDAP_BIND_TEST.

{
switch($a_binding_type)
{
case IL_LDAP_BIND_DEFAULT:
// Now bind anonymously or as user
if(strlen($this->settings->getBindUser()))
{
$user = $this->settings->getBindUser();
$pass = $this->settings->getBindPassword();
define('IL_LDAP_REBIND_USER',$user);
define('IL_LDAP_REBIND_PASS',$pass);
$this->log->write(__METHOD__.': Bind as '.$user);
}
else
{
$user = $pass = '';
$this->log->write(__METHOD__.': Bind anonymous');
}
break;
case IL_LDAP_BIND_ADMIN:
$user = $this->settings->getRoleBindDN();
$pass = $this->settings->getRoleBindPassword();
if(!strlen($user) or !strlen($pass))
{
$user = $this->settings->getBindUser();
$pass = $this->settings->getBindPassword();
}
define('IL_LDAP_REBIND_USER',$user);
define('IL_LDAP_REBIND_PASS',$pass);
break;
case IL_LDAP_BIND_TEST:
if(!@ldap_bind($this->lh,$a_user_dn,$a_password))
{
return false;
}
return true;
default:
throw new ilLDAPQueryException('LDAP: unknown binding type in: '.__METHOD__);
}
if(!@ldap_bind($this->lh,$user,$pass))
{
throw new ilLDAPQueryException('LDAP: Cannot bind as '.$user);
}
else
{
$this->log->write(__METHOD__.': Bind successful.');
}
}
ilLDAPQuery::connect ( )
private

Connect to LDAP server.

private

Exceptions
ilLDAPQueryExceptionon connection failure.

Definition at line 443 of file class.ilLDAPQuery.php.

Referenced by __construct().

{
$this->lh = @ldap_connect($this->ldap_server_url);
// LDAP Connect
if(!$this->lh)
{
throw new ilLDAPQueryException("LDAP: Cannot connect to LDAP Server: ".$this->settings->getUrl());
}
// LDAP Version
if(!ldap_set_option($this->lh,LDAP_OPT_PROTOCOL_VERSION,$this->settings->getVersion()))
{
throw new ilLDAPQueryException("LDAP: Cannot set version to: ".$this->settings->getVersion());
}
// Switch on referrals
if($this->settings->isActiveReferrer())
{
if(!ldap_set_option($this->lh,LDAP_OPT_REFERRALS,true))
{
throw new ilLDAPQueryException("LDAP: Cannot switch on LDAP referrals");
}
#@ldap_set_rebind_proc($this->lh,'referralRebind');
}
else
{
ldap_set_option($this->lh,LDAP_OPT_REFERRALS,false);
$this->log->write(__METHOD__.': Switching referrals to false.');
}
// Start TLS
if($this->settings->isActiveTLS())
{
if(!ldap_start_tls($this->lh))
{
throw new ilLDAPQueryException("LDAP: Cannot start LDAP TLS");
}
}
}

+ Here is the caller graph for this function:

ilLDAPQuery::fetchGroupMembers (   $a_name = '')
private

Fetch group member ids.

public

Definition at line 273 of file class.ilLDAPQuery.php.

References $data, $filter, $name, $res, queryByScope(), and readUserData().

Referenced by fetchUsers().

{
$group_name = strlen($a_name) ? $a_name : $this->settings->getGroupName();
// Build filter
$filter = sprintf('(&(%s=%s)%s)',
$this->settings->getGroupAttribute(),
$group_name,
$this->settings->getGroupFilter());
// Build search base
if(($gdn = $this->settings->getGroupDN()) && substr($gdn,-1) != ',')
{
$gdn .= ',';
}
$gdn .= $this->settings->getBaseDN();
$this->log->write('LDAP: Using filter '.$filter);
$this->log->write('LDAP: Using DN '.$gdn);
$res = $this->queryByScope($this->settings->getGroupScope(),
$gdn,
$filter,
array($this->settings->getGroupMember()));
$tmp_result = new ilLDAPResult($this->lh,$res);
$group_data = $tmp_result->getRows();
if(!$tmp_result->numRows())
{
$this->log->write(__METHOD__.': No group found.');
return false;
}
$attribute_name = strtolower($this->settings->getGroupMember());
// All groups
foreach($group_data as $data)
{
$this->log->write(__METHOD__.': found '.count($data[$attribute_name]).' group members for group '.$data['dn']);
if(is_array($data[$attribute_name]))
{
foreach($data[$attribute_name] as $name)
{
$this->readUserData($name,true,true);
}
}
else
{
$this->readUserData($data[$attribute_name],true,true);
}
}
unset($tmp_result);
return;
}

+ Here is the call graph for this function:

+ Here is the caller graph for this function:

ilLDAPQuery::fetchUser (   $a_name)

Get one user by login name.

public

Parameters
stringlogin name
Returns
array of user data

Definition at line 86 of file class.ilLDAPQuery.php.

References readUserData().

{
$this->user_fields = array_merge(array($this->settings->getUserAttribute()),$this->mapping->getFields());
if(!$this->readUserData($a_name))
{
return array();
}
else
{
return $this->users;
}
}

+ Here is the call graph for this function:

ilLDAPQuery::fetchUserProfileFields ( )
private

fetch required fields of user profile data

private

Parameters

Definition at line 553 of file class.ilLDAPQuery.php.

References ilLDAPRoleAssignmentRules\getAttributeNames().

Referenced by __construct().

{
include_once('Services/LDAP/classes/class.ilLDAPRoleAssignmentRules.php');
$this->user_fields = array_merge(
array($this->settings->getUserAttribute()),
array('dn'),
$this->mapping->getFields(),
ilLDAPRoleAssignmentRules::getAttributeNames()
);
}

+ Here is the call graph for this function:

+ Here is the caller graph for this function:

ilLDAPQuery::fetchUsers ( )

Fetch all users.

public

Returns
array array of user data

Definition at line 107 of file class.ilLDAPQuery.php.

References fetchGroupMembers(), and readAllUsers().

{
// First of all check if a group restriction is enabled
// YES: => fetch all group members
// No: => fetch all users
if(strlen($this->settings->getGroupName()))
{
$this->log->write(__METHOD__.': Searching for group members.');
$groups = $this->settings->getGroupNames();
if(count($groups) <= 1)
{
$this->fetchGroupMembers();
}
else
{
foreach($groups as $group)
{
$this->fetchGroupMembers($group);
}
}
}
if(!strlen($this->settings->getGroupName()) or $this->settings->isMembershipOptional())
{
$this->log->write(__METHOD__.': Start reading all users...');
$this->readAllUsers();
#throw new ilLDAPQueryException('LDAP: Called import of users without specifying group restrictions. NOT IMPLEMENTED YET!');
}
return $this->users ? $this->users : array();
}

+ Here is the call graph for this function:

ilLDAPQuery::modAdd (   $a_dn,
  $a_attribute 
)

Add value to an existing attribute.

public

Exceptions
ilLDAPQueryException

Definition at line 170 of file class.ilLDAPQuery.php.

{
if(@ldap_mod_add($this->lh,$a_dn,$a_attribute))
{
return true;
}
throw new ilLDAPQueryException(__METHOD__.' '.ldap_error($this->lh));
}
ilLDAPQuery::modDelete (   $a_dn,
  $a_attribute 
)

Delete value from an existing attribute.

public

Exceptions
ilLDAPQueryException

Definition at line 185 of file class.ilLDAPQuery.php.

{
if(@ldap_mod_del($this->lh,$a_dn,$a_attribute))
{
return true;
}
throw new ilLDAPQueryException(__METHOD__.' '.ldap_error($this->lh));
}
ilLDAPQuery::query (   $a_search_base,
  $a_filter,
  $a_scope,
  $a_attributes 
)

Perform a query.

public

Parameters
stringsearch base
stringfilter
intscope
arrayattributes
Returns
object ilLDAPResult
Exceptions
ilLDAPQueryException

Definition at line 150 of file class.ilLDAPQuery.php.

References $res, and queryByScope().

{
$res = $this->queryByScope($a_scope,$a_search_base,$a_filter,$a_attributes);
if($res === false)
{
throw new ilLDAPQueryException(__METHOD__.' '.ldap_error($this->lh).' '.
sprintf('DN: %s, Filter: %s, Scope: %s',
$a_search_base,
$a_filter,
$a_scope));
}
return new ilLDAPResult($this->lh,$res);
}

+ Here is the call graph for this function:

ilLDAPQuery::queryByScope (   $a_scope,
  $a_base_dn,
  $a_filter,
  $a_attributes 
)
private

Query by scope IL_SCOPE_SUB => ldap_search IL_SCOPE_ONE => ldap_list.

private

Parameters

Definition at line 409 of file class.ilLDAPQuery.php.

References $res, IL_LDAP_SCOPE_BASE, IL_LDAP_SCOPE_ONE, and IL_LDAP_SCOPE_SUB.

Referenced by fetchGroupMembers(), query(), readAllUsers(), and readUserData().

{
$a_filter = $a_filter ? $a_filter : "(objectclass=*)";
switch($a_scope)
{
case IL_LDAP_SCOPE_SUB:
$res = @ldap_search($this->lh,$a_base_dn,$a_filter,$a_attributes);
break;
case IL_LDAP_SCOPE_ONE:
$res = @ldap_list($this->lh,$a_base_dn,$a_filter,$a_attributes);
break;
case IL_LDAP_SCOPE_BASE:
$res = ldap_read($this->lh,$a_base_dn,$a_filter,$a_attributes);
break;
default:
$this->log->write("LDAP: LDAPQuery: Unknown search scope");
}
return $res;
}

+ Here is the caller graph for this function:

ilLDAPQuery::readAllUsers ( )
private

Fetch all users This function splits the query to filters like e.g (uid=a*) (uid=b*)...

This avoids AD page_size_limit

public

Definition at line 202 of file class.ilLDAPQuery.php.

References $data, $filter, $res, queryByScope(), and readUserData().

Referenced by fetchUsers().

{
// Build search base
if(($dn = $this->settings->getSearchBase()) && substr($dn,-1) != ',')
{
$dn .= ',';
}
$dn .= $this->settings->getBaseDN();
// page results
$filter = $this->settings->getFilter();
$page_filter = array('a','b','c','d','e','f','g','h','i','j','k','l','m','n','o','p','q','r','s','t','u','v','w','x','y','z','-');
$chars = array('a','b','c','d','e','f','g','h','i','j','k','l','m','n','o','p','q','r','s','t','u','v','w','x','y','z');
foreach($page_filter as $letter)
{
$new_filter = '(&';
$new_filter .= $filter;
switch($letter)
{
case '-':
$new_filter .= ('(!(|');
foreach($chars as $char)
{
$new_filter .= ('('.$this->settings->getUserAttribute().'='.$char.'*)');
}
$new_filter .= ')))';
break;
default:
$new_filter .= ('('.$this->settings->getUserAttribute().'='.$letter.'*))');
break;
}
$this->log->write(__METHOD__.': Searching with ldap search and filter '.$new_filter.' in '.$dn);
$res = $this->queryByScope($this->settings->getUserScope(),
$dn,
$new_filter,
array($this->settings->getUserAttribute()));
$tmp_result = new ilLDAPResult($this->lh,$res);
if(!$tmp_result->numRows())
{
$this->log->write(__METHOD__.': No users found. Aborting.');
continue;
}
$this->log->write(__METHOD__.': Found '.$tmp_result->numRows().' users.');
foreach($tmp_result->getRows() as $data)
{
if(isset($data[$this->settings->getUserAttribute()]))
{
$this->readUserData($data[$this->settings->getUserAttribute()],false,false);
}
else
{
$this->log->write(__METHOD__.': Unknown error. No user attribute found.');
}
}
unset($tmp_result);
}
return true;
}

+ Here is the call graph for this function:

+ Here is the caller graph for this function:

ilLDAPQuery::readUserData (   $a_name,
  $a_check_dn = true,
  $a_try_group_user_filter = false 
)
private

Read user data.

Parameters
boolcheck dn
booluse group filter private

Definition at line 336 of file class.ilLDAPQuery.php.

References $filter, $res, ilObjUser\_checkExternalAuthAccount(), IL_LDAP_SCOPE_BASE, and queryByScope().

Referenced by fetchGroupMembers(), fetchUser(), and readAllUsers().

{
$filter = $this->settings->getFilter();
if($a_try_group_user_filter)
{
if($this->settings->isMembershipOptional())
{
$filter = $this->settings->getGroupUserFilter();
}
}
// Build filter
if($this->settings->enabledGroupMemberIsDN() and $a_check_dn)
{
$dn = $a_name;
#$res = $this->queryByScope(IL_LDAP_SCOPE_BASE,$dn,$filter,$this->user_fields);
$fields = array_merge($this->user_fields,array('useraccountcontrol'));
$res = $this->queryByScope(IL_LDAP_SCOPE_BASE,strtolower($dn),$filter,$fields);
}
else
{
$filter = sprintf('(&(%s=%s)%s)',
$this->settings->getUserAttribute(),
$a_name,
$filter);
// Build search base
if(($dn = $this->settings->getSearchBase()) && substr($dn,-1) != ',')
{
$dn .= ',';
}
$dn .= $this->settings->getBaseDN();
$fields = array_merge($this->user_fields,array('useraccountcontrol'));
$res = $this->queryByScope($this->settings->getUserScope(),strtolower($dn),$filter,$fields);
}
$tmp_result = new ilLDAPResult($this->lh,$res);
if(!$tmp_result->numRows())
{
$this->log->write('LDAP: No user data found for: '.$a_name);
unset($tmp_result);
return false;
}
if($user_data = $tmp_result->get())
{
if(isset($user_data['useraccountcontrol']))
{
if(($user_data['useraccountcontrol'] & 0x02))
{
$this->log->write(__METHOD__.': '.$a_name.' account disabled.');
return;
}
}
$user_ext = $user_data[strtolower($this->settings->getUserAttribute())];
$user_data['ilInternalAccount'] = ilObjUser::_checkExternalAuthAccount('ldap',$user_ext);
$this->users[$user_ext] = $user_data;
}
return true;
}

+ Here is the call graph for this function:

+ Here is the caller graph for this function:

ilLDAPQuery::unbind ( )
private

Unbind.

private

Parameters

Definition at line 573 of file class.ilLDAPQuery.php.

{
if($this->lh)
{
@ldap_unbind($this->lh);
}
}

Field Documentation

ilLDAPQuery::$ldap_server_url = null
private

Definition at line 43 of file class.ilLDAPQuery.php.

ilLDAPQuery::$log = null
private

Definition at line 45 of file class.ilLDAPQuery.php.

ilLDAPQuery::$settings = null
private

Definition at line 44 of file class.ilLDAPQuery.php.

ilLDAPQuery::$user_fields = array()
private

Definition at line 47 of file class.ilLDAPQuery.php.

The documentation for this class was generated from the following file: