24 define(
'IL_LDAP_BIND_DEFAULT',0);
25 define(
'IL_LDAP_BIND_ADMIN',1);
26 define(
'IL_LDAP_BIND_TEST',2);
28 include_once(
'Services/LDAP/classes/class.ilLDAPAttributeMapping.php');
29 include_once(
'Services/LDAP/classes/class.ilLDAPResult.php');
30 include_once(
'Services/LDAP/classes/class.ilLDAPQueryException.php');
61 $this->settings = $a_server;
65 $this->ldap_server_url = $a_url;
69 $this->ldap_server_url = $this->settings->
getUrl();
88 $this->user_fields = array_merge(array($this->settings->getUserAttribute()),$this->mapping->getFields());
112 if(strlen($this->settings->getGroupName()))
114 $this->log->write(__METHOD__.
': Searching for group members.');
116 $groups = $this->settings->getGroupNames();
117 if(count($groups) <= 1)
123 foreach($groups as $group)
130 if(!strlen($this->settings->getGroupName()) or $this->settings->isMembershipOptional())
132 $this->log->write(__METHOD__.
': Start reading all users...');
134 #throw new ilLDAPQueryException('LDAP: Called import of users without specifying group restrictions. NOT IMPLEMENTED YET!');
136 return $this->users ? $this->users : array();
150 public function query($a_search_base,$a_filter,$a_scope,$a_attributes)
152 $res = $this->
queryByScope($a_scope,$a_search_base,$a_filter,$a_attributes);
156 sprintf(
'DN: %s, Filter: %s, Scope: %s',
170 public function modAdd($a_dn,$a_attribute)
172 if(@ldap_mod_add($this->lh,$a_dn,$a_attribute))
187 if(@ldap_mod_del($this->lh,$a_dn,$a_attribute))
205 if(($dn = $this->settings->getSearchBase()) && substr($dn,-1) !=
',')
209 $dn .= $this->settings->getBaseDN();
212 $filter = $this->settings->getFilter();
213 $page_filter = array(
'a',
'b',
'c',
'd',
'e',
'f',
'g',
'h',
'i',
'j',
'k',
'l',
'm',
'n',
'o',
'p',
'q',
'r',
's',
't',
'u',
'v',
'w',
'x',
'y',
'z',
'-');
214 $chars = array(
'a',
'b',
'c',
'd',
'e',
'f',
'g',
'h',
'i',
'j',
'k',
'l',
'm',
'n',
'o',
'p',
'q',
'r',
's',
't',
'u',
'v',
'w',
'x',
'y',
'z');
216 foreach($page_filter as $letter)
219 $new_filter .= $filter;
224 $new_filter .= (
'(!(|');
225 foreach($chars as $char)
227 $new_filter .= (
'('.$this->settings->getUserAttribute().
'='.$char.
'*)');
229 $new_filter .=
')))';
233 $new_filter .= (
'('.$this->settings->getUserAttribute().
'='.$letter.
'*))');
237 $this->log->write(__METHOD__.
': Searching with ldap search and filter '.$new_filter.
' in '.$dn);
241 array($this->settings->getUserAttribute()));
244 if(!$tmp_result->numRows())
246 $this->log->write(__METHOD__.
': No users found. Aborting.');
249 $this->log->write(__METHOD__.
': Found '.$tmp_result->numRows().
' users.');
250 foreach($tmp_result->getRows() as
$data)
252 if(isset(
$data[$this->settings->getUserAttribute()]))
258 $this->log->write(__METHOD__.
': Unknown error. No user attribute found.');
275 $group_name = strlen($a_name) ? $a_name : $this->settings->getGroupName();
278 $filter = sprintf(
'(&(%s=%s)%s)',
279 $this->settings->getGroupAttribute(),
281 $this->settings->getGroupFilter());
285 if(($gdn = $this->settings->getGroupDN()) && substr($gdn,-1) !=
',')
289 $gdn .= $this->settings->getBaseDN();
291 $this->log->write(
'LDAP: Using filter '.$filter);
292 $this->log->write(
'LDAP: Using DN '.$gdn);
296 array($this->settings->getGroupMember()));
299 $group_data = $tmp_result->getRows();
302 if(!$tmp_result->numRows())
304 $this->log->write(__METHOD__.
': No group found.');
308 $attribute_name = strtolower($this->settings->getGroupMember());
311 foreach($group_data as
$data)
313 $this->log->write(__METHOD__.
': found '.count($data[$attribute_name]).
' group members for group '.$data[
'dn']);
314 if(is_array($data[$attribute_name]))
316 foreach($data[$attribute_name] as $name)
336 private function readUserData($a_name,$a_check_dn =
true,$a_try_group_user_filter =
false)
338 $filter = $this->settings->getFilter();
339 if($a_try_group_user_filter)
341 if($this->settings->isMembershipOptional())
343 $filter = $this->settings->getGroupUserFilter();
348 if($this->settings->enabledGroupMemberIsDN() and $a_check_dn)
351 #$res = $this->queryByScope(IL_LDAP_SCOPE_BASE,$dn,$filter,$this->user_fields);
353 $fields = array_merge($this->user_fields,array(
'useraccountcontrol'));
358 $filter = sprintf(
'(&(%s=%s)%s)',
359 $this->settings->getUserAttribute(),
364 if(($dn = $this->settings->getSearchBase()) && substr($dn,-1) !=
',')
368 $dn .= $this->settings->getBaseDN();
369 $fields = array_merge($this->user_fields,array(
'useraccountcontrol'));
370 $res = $this->
queryByScope($this->settings->getUserScope(),strtolower($dn),$filter,$fields);
375 if(!$tmp_result->numRows())
377 $this->log->write(
'LDAP: No user data found for: '.$a_name);
382 if($user_data = $tmp_result->get())
384 if(isset($user_data[
'useraccountcontrol']))
386 if(($user_data[
'useraccountcontrol'] & 0x02))
388 $this->log->write(__METHOD__.
': '.$a_name.
' account disabled.');
393 $user_ext = $user_data[strtolower($this->settings->getUserAttribute())];
399 $this->users[$user_ext] = $user_data;
410 if($this->settings->isAuthenticationEnabled() or !$this->settings->getAuthenticationMapping())
426 private function queryByScope($a_scope,$a_base_dn,$a_filter,$a_attributes)
428 $a_filter = $a_filter ? $a_filter :
"(objectclass=*)";
433 $res = @ldap_search($this->lh,$a_base_dn,$a_filter,$a_attributes);
437 $res = @ldap_list($this->lh,$a_base_dn,$a_filter,$a_attributes);
442 $res = ldap_read($this->lh,$a_base_dn,$a_filter,$a_attributes);
446 $this->log->write(
"LDAP: LDAPQuery: Unknown search scope");
462 $this->lh = @ldap_connect($this->ldap_server_url);
467 throw new ilLDAPQueryException(
"LDAP: Cannot connect to LDAP Server: ".$this->settings->getUrl());
470 if(!ldap_set_option($this->lh,LDAP_OPT_PROTOCOL_VERSION,$this->settings->getVersion()))
475 if($this->settings->isActiveReferrer())
477 if(!ldap_set_option($this->lh,LDAP_OPT_REFERRALS,
true))
481 #@ldap_set_rebind_proc($this->lh,'referralRebind');
485 ldap_set_option($this->lh,LDAP_OPT_REFERRALS,
false);
486 $this->log->write(__METHOD__.
': Switching referrals to false.');
489 if($this->settings->isActiveTLS())
491 if(!ldap_start_tls($this->lh))
508 switch($a_binding_type)
512 if(strlen($this->settings->getBindUser()))
514 $user = $this->settings->getBindUser();
515 $pass = $this->settings->getBindPassword();
517 define(
'IL_LDAP_REBIND_USER',$user);
518 define(
'IL_LDAP_REBIND_PASS',
$pass);
519 $this->log->write(__METHOD__.
': Bind as '.$user);
524 $this->log->write(__METHOD__.
': Bind anonymous');
529 $user = $this->settings->getRoleBindDN();
530 $pass = $this->settings->getRoleBindPassword();
532 if(!strlen($user) or !strlen(
$pass))
534 $user = $this->settings->getBindUser();
535 $pass = $this->settings->getBindPassword();
538 define(
'IL_LDAP_REBIND_USER',$user);
539 define(
'IL_LDAP_REBIND_PASS',
$pass);
543 if(!@ldap_bind($this->lh,$a_user_dn,$a_password))
553 if(!@ldap_bind($this->lh,$user,
$pass))
559 $this->log->write(__METHOD__.
': Bind successful.');
572 include_once(
'Services/LDAP/classes/class.ilLDAPRoleAssignmentRules.php');
574 $this->user_fields = array_merge(
575 array($this->settings->getUserAttribute()),
577 $this->mapping->getFields(),
594 @ldap_unbind($this->lh);
610 @ldap_unbind($this->lh);
619 $ilLog->write(
'LDAP: Called referralRebind.');
621 ldap_set_option($a_ds, LDAP_OPT_PROTOCOL_VERSION, 3);
623 if (!ldap_bind($a_ds,IL_LDAP_REBIND_USER,IL_LDAP_REBIND_PASS))
625 $ilLog->write(
'LDAP: Rebind failed');