ILIAS  Release_4_2_x_branch Revision 61807
 All Data Structures Namespaces Files Functions Variables Groups Pages
class.ilAuthContainerLDAP.php
Go to the documentation of this file.
1 <?php
2 /*
3  +-----------------------------------------------------------------------------+
4  | ILIAS open source |
5  +-----------------------------------------------------------------------------+
6  | Copyright (c) 1998-2006 ILIAS open source, University of Cologne |
7  | |
8  | This program is free software; you can redistribute it and/or |
9  | modify it under the terms of the GNU General Public License |
10  | as published by the Free Software Foundation; either version 2 |
11  | of the License, or (at your option) any later version. |
12  | |
13  | This program is distributed in the hope that it will be useful, |
14  | but WITHOUT ANY WARRANTY; without even the implied warranty of |
15  | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
16  | GNU General Public License for more details. |
17  | |
18  | You should have received a copy of the GNU General Public License |
19  | along with this program; if not, write to the Free Software |
20  | Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. |
21  +-----------------------------------------------------------------------------+
22 */
23 
24 include_once 'Auth/Container/LDAP.php';
25 
36 class ilAuthContainerLDAP extends Auth_Container_LDAP
37 {
38  private static $force_creation = false;
39 
40  private $optional_check = false;
41 
42  private $log = null;
43  private $server = null;
44  private $ldap_attr_to_user = null;
45 
46 
54  public function __construct()
55  {
56  global $ilLog;
57 
58  include_once 'Services/LDAP/classes/class.ilLDAPServer.php';
59  $this->server = new ilLDAPServer(ilLDAPServer::_getFirstActiveServer());
60  $this->server->doConnectionCheck();
61  $this->log = $ilLog;
62 
63  parent::__construct($this->server->toPearAuthArray());
64  }
65 
66  public function forceCreation($a_status)
67  {
68  self::$force_creation = $a_status;
69  }
70 
78  public function enableOptionalGroupCheck()
79  {
80  $this->optional_check = true;
81  $this->updateUserFilter();
82  }
83 
90  public function enabledOptionalGroupCheck()
91  {
92  return (bool) $this->optional_check;
93  }
94 
101  public function fetchData($username, $password)
102  {
103  $res = parent::fetchData($username,$password);
104 
105  if (PEAR::isError($res))
106  {
107  $this->log('Container '.$key.': '.$res->getMessage(), AUTH_LOG_ERR);
108  return $res;
109  }
110  elseif ($res == true)
111  {
112  $this->log('Container '.$key.': Authentication successful.', AUTH_LOG_DEBUG);
113  return true;
114  }
115  if(!$this->enabledOptionalGroupCheck() and $this->server->isMembershipOptional())
116  {
117  $this->enableOptionalGroupCheck();
118  return parent::fetchData($username,$password);
119  }
120  return false;
121  }
122 
123 
132  public function checkGroup($a_name)
133  {
134  $this->log->write(__METHOD__.': checking group restrictions...');
135 
136  // if there are multiple groups define check all of them for membership
137  $groups = $this->server->getGroupNames();
138 
139  if(!count($groups))
140  {
141  $this->log->write(__METHOD__.': No group restrictions found.');
142  return true;
143  }
144  elseif($this->server->isMembershipOptional() and !$this->optional_check)
145  {
146  $this->log->write(__METHOD__.': Group membership is optional.');
147  return true;
148  }
149 
150  foreach($groups as $group)
151  {
152  $this->options['group'] = $group;
153 
154  if(parent::checkGroup($a_name))
155  {
156  return true;
157  }
158  }
159  return false;
160  }
161 
168  private function updateUserFilter()
169  {
170  $this->options['userfilter'] = $this->server->getGroupUserFilter();
171  }
172 
178  public function loginObserver($a_username,$a_auth)
179  {
180  global $ilLog;
181 
182  $user_data = array_change_key_case($a_auth->getAuthData(),CASE_LOWER);
183 
184  $a_username = $this->extractUserName($user_data);
185 
186  include_once './Services/LDAP/classes/class.ilLDAPUserSynchronisation.php';
187  $sync = new ilLDAPUserSynchronisation('ldap', $this->server->getServerId());
188  $sync->setExternalAccount($a_username);
189  $sync->setUserData($user_data);
190  $sync->forceCreation(self::$force_creation);
191 
192  try {
193  $internal_account = $sync->sync();
194  }
195  catch(UnexpectedValueException $e) {
196  $GLOBALS['ilLog']->write(__METHOD__.': Login failed with message: '. $e->getMessage());
197  $a_auth->status = AUTH_WRONG_LOGIN;
198  $a_auth->logout();
199  return false;
200  }
201  catch(ilLDAPSynchronisationForbiddenException $e) {
202  // No syncronisation allowed => create Error
203  $GLOBALS['ilLog']->write(__METHOD__.': Login failed with message: '. $e->getMessage());
204  $a_auth->status = AUTH_LDAP_NO_ILIAS_USER;
205  $a_auth->logout();
206  return false;
207  }
208  catch(ilLDAPAccountMigrationRequiredException $e) {
209  $GLOBALS['ilLog']->write(__METHOD__.': Starting account migration.');
210  $a_auth->logout();
211  ilUtil::redirect('ilias.php?baseClass=ilStartUpGUI&cmdClass=ilstartupgui&cmd=showAccountMigration');
212  }
213 
214  $a_auth->setAuth($internal_account);
215  return true;
216  }
223  private function initLDAPAttributeToUser()
224  {
225  include_once('Services/LDAP/classes/class.ilLDAPAttributeToUser.php');
226  $this->ldap_attr_to_user = new ilLDAPAttributeToUser($this->server);
227  }
228 
234  public function failedLoginObserver($a_username,$a_auth)
235  {
236  return false;
237  }
238 
244  protected function extractUserName($a_user_data)
245  {
246  $a_username = isset($a_user_data[strtolower($this->server->getUserAttribute())]) ?
247  $a_user_data[strtolower($this->server->getUserAttribute())] :
248  trim($a_user_data);
249 
250  // Support for multiple user attributes
251  if(!is_array($a_username))
252  {
253  return $a_username;
254  }
255  foreach($a_username as $name)
256  {
257  // User found with authentication method 'ldap'
258  if(ilObjUser::_checkExternalAuthAccount("ldap",$name))
259  {
260  return trim($name);
261  }
262  }
263  // No existing user found => return first name
264  return $a_username[0];
265  }
266 
272  protected function updateRequired($a_username)
273  {
274  if(!ilObjUser::_checkExternalAuthAccount("ldap",$a_username))
275  {
276  #$GLOBALS['ilLog']->write(__METHOD__.': Required 1');
277  return true;
278  }
279  // Check attribute mapping on login
280  include_once './Services/LDAP/classes/class.ilLDAPAttributeMapping.php';
281  if(ilLDAPAttributeMapping::hasRulesForUpdate($this->server->getServerId()))
282  {
283  #$GLOBALS['ilLog']->write(__METHOD__.': Required 2');
284  return true;
285  }
286  include_once './Services/LDAP/classes/class.ilLDAPRoleAssignmentRule.php';
287  if(ilLDAPRoleAssignmentRule::hasRulesForUpdate())
288  {
289  #$GLOBALS['ilLog']->write(__METHOD__.': Required 3');
290  return true;
291  }
292  return false;
293  }
294 }
295 ?>