ILIAS  Release_5_0_x_branch Revision 61816
 All Data Structures Namespaces Files Functions Variables Groups Pages
class.ilLDAPSettingsGUI.php
Go to the documentation of this file.
1 <?php
2 /*
3  +-----------------------------------------------------------------------------+
4  | ILIAS open source |
5  +-----------------------------------------------------------------------------+
6  | Copyright (c) 1998-2006 ILIAS open source, University of Cologne |
7  | |
8  | This program is free software; you can redistribute it and/or |
9  | modify it under the terms of the GNU General Public License |
10  | as published by the Free Software Foundation; either version 2 |
11  | of the License, or (at your option) any later version. |
12  | |
13  | This program is distributed in the hope that it will be useful, |
14  | but WITHOUT ANY WARRANTY; without even the implied warranty of |
15  | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
16  | GNU General Public License for more details. |
17  | |
18  | You should have received a copy of the GNU General Public License |
19  | along with this program; if not, write to the Free Software |
20  | Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. |
21  +-----------------------------------------------------------------------------+
22 */
23 
34 {
35  private $ref_id = null;
36 
37  public function __construct($a_auth_ref_id)
38  {
39  global $lng,$ilCtrl,$tpl,$ilTabs;
40 
41  $this->ctrl = $ilCtrl;
42  $this->tabs_gui = $ilTabs;
43  $this->lng = $lng;
44  $this->lng->loadLanguageModule('ldap');
45 
46  $this->tpl = $tpl;
47 
48  $this->ctrl->saveParameter($this,'ldap_server_id');
49  $this->ref_id = $a_auth_ref_id;
50 
51 
52  $this->initServer();
53  }
54 
55  public function executeCommand()
56  {
57  global $ilAccess,$ilias, $ilErr, $ilCtrl;
58 
59  $next_class = $this->ctrl->getNextClass($this);
60  $cmd = $this->ctrl->getCmd();
61 
62  if(!$ilAccess->checkAccess('write','',$this->ref_id) && $cmd != "serverList")
63  {
64  ilUtil::sendFailure($this->lng->txt('msg_no_perm_write'), true);
65  $ilCtrl->redirect($this, "serverList");
66  }
67 
68 
69  switch($next_class)
70  {
71  default:
72  if(!$cmd)
73  {
74  $cmd = "serverList";
75  }
76  $this->$cmd();
77  break;
78  }
79  return true;
80  }
81 
88  public function roleAssignments()
89  {
90  global $rbacreview;
91 
92  $this->setSubTabs();
93  $this->tabs_gui->setSubTabActive('ldap_role_assignments');
94 
95  $this->tpl->addBlockFile('ADM_CONTENT','adm_content','tpl.ldap_role_assignments.html','Services/LDAP');
96 
97  include_once('Services/LDAP/classes/class.ilLDAPRoleAssignmentRule.php');
98  $this->initFormRoleAssignments('create',$this->role_mapping_rule = ilLDAPRoleAssignmentRule::_getInstanceByRuleId(0));
99  $this->tpl->setVariable('NEW_ASSIGNMENT_TBL',$this->form->getHTML());
100 
101 
102  if(count($rules = ilLDAPRoleAssignmentRule::_getRules()))
103  {
104  include_once("./Services/LDAP/classes/class.ilLDAPRoleAssignmentTableGUI.php");
105  $table_gui = new ilLDAPRoleAssignmentTableGUI($this,'roleAssignments');
106  $table_gui->setTitle($this->lng->txt("ldap_tbl_role_ass"));
107  $table_gui->parse($rules);
108  $table_gui->addMultiCommand("confirmDeleteRules", $this->lng->txt("delete"));
109  $table_gui->setSelectAllCheckbox("rule_id");
110  $this->tpl->setVariable('RULES_TBL',$table_gui->getHTML());
111  }
112 
113  }
114 
121  public function editRoleAssignment()
122  {
123  if(!(int) $_GET['rule_id'])
124  {
125  ilUtil::sendFailure($this->lng->txt('select_one'));
126  $this->roleAssignments();
127  return false;
128  }
129  $this->setSubTabs();
130  $this->tabs_gui->setSubTabActive('ldap_role_assignments');
131 
132  $this->ctrl->saveParameter($this,'rule_id',(int) $_GET['rule_id']);
133  include_once('Services/LDAP/classes/class.ilLDAPRoleAssignmentRule.php');
134  $this->initFormRoleAssignments('edit',
135  $this->role_mapping_rule = ilLDAPRoleAssignmentRule::_getInstanceByRuleId((int) $_GET['rule_id']));
136  $this->setValuesByArray();
137  $this->tpl->setContent($this->form->getHTML());
138  }
139 
140 
145  protected function setValuesByArray()
146  {
147  global $rbacreview;
148 
149  $role_id = $this->role_mapping_rule->getRoleId();
150  if($rbacreview->isGlobalRole($role_id))
151  {
152  $val['role_name'] = 0;
153  $val['role_id'] = $role_id;
154  }
155  else
156  {
157  $val['role_name'] = 1;
158  $val['role_search'] = ilObject::_lookupTitle($role_id);
159  }
160  $val['add_missing'] = (int) $this->role_mapping_rule->isAddOnUpdateEnabled();
161  $val['remove_deprecated'] = (int) $this->role_mapping_rule->isRemoveOnUpdateEnabled();
162  $val['type'] = (int) $this->role_mapping_rule->getType();
163  $val['dn'] = $this->role_mapping_rule->getDN();
164  $val['at'] = $this->role_mapping_rule->getMemberAttribute();
165  $val['isdn'] = $this->role_mapping_rule->isMemberAttributeDN();
166  $val['name'] = $this->role_mapping_rule->getAttributeName();
167  $val['value'] = $this->role_mapping_rule->getAttributeValue();
168  $val['plugin_id'] = $this->role_mapping_rule->getPluginId();
169 
170  $this->form->setValuesByArray($val);
171  }
172 
179  public function updateRoleAssignment()
180  {
181  global $ilErr,$ilAccess;
182 
183  if(!$ilAccess->checkAccess('write','',$this->ref_id))
184  {
185  ilUtil::sendFailure($this->lng->txt('permission_denied'), true);
186  $this->roleAssignment();
187  return false;
188  }
189 
190  include_once('Services/LDAP/classes/class.ilLDAPRoleAssignmentRule.php');
191  include_once('Services/LDAP/classes/class.ilLDAPServer.php');
192 
193  $this->initFormRoleAssignments('edit');
194  if(!$this->form->checkInput() or ($err = $this->checkRoleAssignmentInput((int) $_REQUEST['rule_id'])))
195  {
196  if($err)
197  {
198  ilUtil::sendFailure($this->lng->txt($err));
199  }
200 
201  $this->tpl->addBlockFile('ADM_CONTENT','adm_content','tpl.ldap_role_assignments.html','Services/LDAP');
202 
203  // DONE: wrap this
204  $this->form->setValuesByPost();
205  $this->tpl->setVariable('NEW_ASSIGNMENT_TBL',$this->form->getHTML());
206  #$this->tpl->setVariable('RULES_TBL',$this->getRoleAssignmentTable());
207  $this->tabs_gui->setSubTabActive('shib_role_assignment');
208  return true;
209 
210  }
211 
212  // Might redirect
213  $this->roleSelection();
214 
215  $this->rule->update();
216  ilUtil::sendSuccess($this->lng->txt('settings_saved'));
217  $this->roleAssignments();
218  return true;
219  }
220 
228  public function confirmDeleteRules()
229  {
230  if(!is_array($_POST['rule_ids']))
231  {
232  ilUtil::sendFailure($this->lng->txt('select_one'));
233  $this->roleAssignments();
234  return false;
235  }
236  $this->setSubTabs();
237  $this->tabs_gui->setSubTabActive('ldap_role_assignments');
238 
239  include_once("Services/Utilities/classes/class.ilConfirmationGUI.php");
240  $c_gui = new ilConfirmationGUI();
241 
242  // set confirm/cancel commands
243  $c_gui->setFormAction($this->ctrl->getFormAction($this, "deleteRules"));
244  $c_gui->setHeaderText($this->lng->txt("ldap_confirm_del_role_ass"));
245  $c_gui->setCancel($this->lng->txt("cancel"), "roleAssignments");
246  $c_gui->setConfirm($this->lng->txt("confirm"), "deleteRules");
247 
248  // add items to delete
249  include_once('Services/LDAP/classes/class.ilLDAPRoleAssignmentRule.php');
250  foreach($_POST["rule_ids"] as $rule_id)
251  {
253  $c_gui->addItem('rule_ids[]',$rule_id,$rule->conditionToString());
254  }
255  $this->tpl->setContent($c_gui->getHTML());
256  }
257 
264  public function deleteRules()
265  {
266  if(!is_array($_POST['rule_ids']))
267  {
268  ilUtil::sendFailure($this->lng->txt('select_once'));
269  $this->roleAssignments();
270  return false;
271  }
272  include_once('Services/LDAP/classes/class.ilLDAPRoleAssignmentRule.php');
273  foreach($_POST["rule_ids"] as $rule_id)
274  {
276  $rule->delete();
277  }
278  ilUtil::sendSuccess($this->lng->txt('ldap_deleted_rule'));
279  $this->roleAssignments();
280  return true;
281  }
282 
289  public function addRoleAssignment()
290  {
291  global $ilErr,$ilAccess;
292 
293  if(!$ilAccess->checkAccess('write','',$this->ref_id))
294  {
295  ilUtil::sendFailure($this->lng->txt('permission_denied'), true);
296  $this->roleAssignment();
297  return false;
298  }
299 
300  include_once('Services/LDAP/classes/class.ilLDAPRoleAssignmentRule.php');
301  include_once('Services/LDAP/classes/class.ilLDAPServer.php');
302 
303  $this->initFormRoleAssignments('create');
304  if(!$this->form->checkInput() or ($err = $this->checkRoleAssignmentInput()))
305  {
306  if($err)
307  {
308  ilUtil::sendFailure($this->lng->txt($err));
309  }
310 
311  $this->tpl->addBlockFile('ADM_CONTENT','adm_content','tpl.ldap_role_assignments.html','Services/LDAP');
312 
313  // DONE: wrap this
314  $this->form->setValuesByPost();
315  $this->tpl->setVariable('NEW_ASSIGNMENT_TBL',$this->form->getHTML());
316  $this->tpl->setVariable('RULES_TBL',$this->getRoleAssignmentTable());
317  $this->tabs_gui->setSubTabActive('shib_role_assignment');
318  return true;
319 
320  }
321 
322  // Might redirect
323  $this->roleSelection();
324 
325  $this->rule->create();
326  ilUtil::sendSuccess($this->lng->txt('settings_saved'));
327  unset($_POST);
328  $this->roleAssignments();
329  return true;
330  }
331 
336  protected function roleSelection()
337  {
338  if($this->rule->getRoleId() > 0)
339  {
340  return false;
341  }
342 
343  $_SESSION['ldap_role_ass']['rule_id'] = $_REQUEST['rule_id'] ? $_REQUEST['rule_id'] : 0;
344  $_SESSION['ldap_role_ass']['role_search'] = $this->form->getInput('role_search');
345  $_SESSION['ldap_role_ass']['add_on_update'] = $this->form->getInput('add_missing');
346  $_SESSION['ldap_role_ass']['remove_on_update'] = $this->form->getInput('remove_deprecated');
347  $_SESSION['ldap_role_ass']['type'] = $this->form->getInput('type');
348  $_SESSION['ldap_role_ass']['dn'] = $this->form->getInput('dn');
349  $_SESSION['ldap_role_ass']['at'] = $this->form->getInput('at');
350  $_SESSION['ldap_role_ass']['isdn'] = $this->form->getInput('isdn');
351  $_SESSION['ldap_role_ass']['name'] = $this->form->getInput('name');
352  $_SESSION['ldap_role_ass']['value'] = $this->form->getInput('value');
353  $_SESSION['ldap_role_ass']['plugin'] = $this->form->getInput('plugin_id');
354 
355  $this->ctrl->saveParameter($this,'rule_id');
356  $this->ctrl->redirect($this,'showRoleSelection');
357  }
358 
359 
360 
365  protected function showRoleSelection()
366  {
367  $this->setSubTabs();
368  $this->tabs_gui->setSubTabActive('ldap_role_assignment');
369  $this->ctrl->saveParameter($this,'rule_id');
370 
371  include_once './Services/Search/classes/class.ilQueryParser.php';
372  $parser = new ilQueryParser($_SESSION['ldap_role_ass']['role_search']);
373  $parser->setMinWordLength(1,true);
374  $parser->setCombination(QP_COMBINATION_AND);
375  $parser->parse();
376 
377  include_once 'Services/Search/classes/Like/class.ilLikeObjectSearch.php';
378  $object_search = new ilLikeObjectSearch($parser);
379  $object_search->setFilter(array('role'));
380  $res = $object_search->performSearch();
381 
382  $entries = $res->getEntries();
383 
384  include_once './Services/AccessControl/classes/class.ilRoleSelectionTableGUI.php';
385  $table = new ilRoleSelectionTableGUI($this,'showRoleSelection');
386  $table->setTitle($this->lng->txt('ldap_role_selection'));
387  $table->addMultiCommand('saveRoleSelection',$this->lng->txt('ldap_choose_role'));
388  #$table->addCommandButton('roleAssignment',$this->lng->txt('cancel'));
389  $table->parse($entries);
390 
391  $this->tpl->setContent($table->getHTML());
392  return true;
393  }
394 
399  protected function saveRoleSelection()
400  {
401  global $ilErr,$ilAccess;
402 
403  if(!$ilAccess->checkAccess('write','',$this->ref_id))
404  {
405  ilUtil::sendFailure($this->lng->txt('permission_denied'), true);
406  $this->roleAssignment();
407  return false;
408  }
409 
410  if(!(int) $_REQUEST['role_id'])
411  {
412  ilUtil::sendFailure($this->lng->txt('select_one'));
413  $this->showRoleSelection();
414  return false;
415  }
416 
417  $this->loadRoleAssignmentRule((int) $_REQUEST['rule_id'],false);
418  $this->rule->setRoleId((int) $_REQUEST['role_id']);
419 
420  if((int) $_REQUEST['rule_id'])
421  {
422  $this->rule->update();
423  }
424  else
425  {
426  $this->rule->create();
427  }
428 
429  ilUtil::sendSuccess($this->lng->txt('settings_saved'));
430  $this->roleAssignments();
431  return true;
432  }
433 
434 
440  protected function checkRoleAssignmentInput($a_rule_id = 0)
441  {
442  global $ilErr;
443 
444  $this->loadRoleAssignmentRule($a_rule_id);
445  $this->rule->validate();
446  return $ilErr->getMessage();
447  }
448 
449 
454  protected function getRoleAssignmentTable()
455  {
456  if(count($rules = ilLDAPRoleAssignmentRule::_getRules()))
457  {
458  include_once("./Services/LDAP/classes/class.ilLDAPRoleAssignmentTableGUI.php");
459  $table_gui = new ilLDAPRoleAssignmentTableGUI($this,'roleAssignments');
460  $table_gui->setTitle($this->lng->txt("ldap_tbl_role_ass"));
461  $table_gui->parse($rules);
462  $table_gui->addMultiCommand("confirmDeleteRules", $this->lng->txt("delete"));
463  $table_gui->setSelectAllCheckbox("rule_id");
464  return $table_gui->getHTML();
465  }
466  return '';
467  }
468 
469 
475  protected function loadRoleAssignmentRule($a_rule_id,$a_from_form = true)
476  {
477  if(is_object($this->rule))
478  {
479  return true;
480  }
481 
482  include_once './Services/LDAP/classes/class.ilLDAPRoleAssignmentRule.php';
483  $this->rule = ilLDAPRoleAssignmentRule::_getInstanceByRuleId($a_rule_id);
484 
485 
486  if($a_from_form)
487  {
488  if($this->form->getInput('role_name') == 0)
489  {
490  $this->rule->setRoleId($this->form->getInput('role_id'));
491  }
492  elseif($this->form->getInput('role_search'))
493  {
494  // Search role
495  include_once './Services/Search/classes/class.ilQueryParser.php';
496 
497  $parser = new ilQueryParser('"'.$this->form->getInput('role_search').'"');
498 
499  // TODO: Handle minWordLength
500  $parser->setMinWordLength(1,true);
501  $parser->setCombination(QP_COMBINATION_AND);
502  $parser->parse();
503 
504  include_once 'Services/Search/classes/Like/class.ilLikeObjectSearch.php';
505  $object_search = new ilLikeObjectSearch($parser);
506  $object_search->setFilter(array('role'));
507  $res = $object_search->performSearch();
508 
509  $entries = $res->getEntries();
510  if(count($entries) == 1)
511  {
512  $role = current($entries);
513  $this->rule->setRoleId($role['obj_id']);
514  }
515  elseif(count($entries) > 1)
516  {
517  $this->rule->setRoleId(-1);
518  }
519  }
520 
521  $this->rule->setAttributeName($this->form->getInput('name'));
522  $this->rule->setAttributeValue($this->form->getInput('value'));
523  $this->rule->setDN($this->form->getInput('dn'));
524  $this->rule->setMemberAttribute($this->form->getInput('at'));
525  $this->rule->setMemberIsDN($this->form->getInput('isdn'));
526  $this->rule->enableAddOnUpdate($this->form->getInput('add_missing'));
527  $this->rule->enableRemoveOnUpdate($this->form->getInput('remove_deprecated'));
528  $this->rule->setPluginId($this->form->getInput('plugin_id'));
529  $this->rule->setType($this->form->getInput('type'));
530  return true;
531  }
532 
533  // LOAD from session
534  $this->rule = ilLDAPRoleAssignmentRule::_getInstanceByRuleId($a_rule_id);
535  $this->rule->setServerId(0);
536  $this->rule->enableAddOnUpdate((int) $_SESSION['ldap_role_ass']['add_on_update']);
537  $this->rule->enableRemoveOnUpdate((int) $_SESSION['ldap_role_ass']['remove_on_update']);
538  $this->rule->setType(ilUtil::stripSlashes($_SESSION['ldap_role_ass']['type']));
539  $this->rule->setDN(ilUtil::stripSlashes($_SESSION['ldap_role_ass']['dn']));
540  $this->rule->setMemberAttribute( ilUtil::stripSlashes($_SESSION['ldap_role_ass']['at']));
541  $this->rule->setMemberIsDN( ilUtil::stripSlashes($_SESSION['ldap_role_ass']['isdn']));
542  $this->rule->setAttributeName( ilUtil::stripSlashes($_SESSION['ldap_role_ass']['name']));
543  $this->rule->setAttributeValue(ilUtil::stripSlashes($_SESSION['ldap_role_ass']['value']));
544  $this->rule->setPluginId(ilUtil::stripSlashes($_SESSION['ldap_role_ass']['plugin']));
545  return true;
546  }
547 
548  public function deleteRoleMapping()
549  {
550  if(!count($_POST['mappings']))
551  {
552  ilUtil::sendFailure($this->lng->txt('select_one'));
553  $this->roleMapping();
554  return false;
555  }
556 
557  $this->initRoleMapping();
558 
559  foreach($_POST['mappings'] as $mapping_id)
560  {
561  $this->role_mapping->delete($mapping_id);
562  }
563  ilUtil::sendSuccess($this->lng->txt('ldap_deleted_role_mapping'));
564  $this->roleMapping();
565  return true;
566  }
567 
568  public function chooseMapping()
569  {
570  if(!$_POST['mapping_template'])
571  {
572  $this->userMapping();
573  return;
574  }
575 
576  $this->initAttributeMapping();
577  $this->mapping->clearRules();
578 
579  include_once('Services/LDAP/classes/class.ilLDAPAttributeMappingUtils.php');
580  foreach(ilLDAPAttributeMappingUtils::_getMappingRulesByClass($_POST['mapping_template']) as $key => $value)
581  {
582  $this->mapping->setRule($key,$value,0);
583  }
584  $this->userMapping();
585  return true;
586  }
587 
588  public function saveMapping()
589  {
590  $this->initAttributeMapping();
591  foreach($this->getMappingFields() as $key => $mapping)
592  {
593  $this->mapping->setRule($key,ilUtil::stripSlashes($_POST[$key.'_value']),(int) $_POST[$key.'_update']);
594  }
595  $this->initUserDefinedFields();
596  foreach($this->udf->getDefinitions() as $definition)
597  {
598  $key = 'udf_'.$definition['field_id'];
599  $this->mapping->setRule($key,ilUtil::stripSlashes($_POST[$key.'_value']),(int) $_POST[$key.'_update']);
600  }
601 
602  $this->mapping->save();
603  $this->userMapping();
604 
605  ilUtil::sendSuccess($this->lng->txt('settings_saved'));
606  unset($_POST['mapping_template']);
607  return;
608  }
609 
610  public function serverList()
611  {
612  global $ilAccess, $ilErr;
613 
614  if(!$ilAccess->checkAccess('read','',$this->ref_id) && $cmd != "serverList")
615  {
616  $ilErr->raiseError($this->lng->txt('msg_no_perm_write'),$ilErr->WARNING);
617  }
618 
619  if(!ilLDAPServer::checkLDAPLib() and $this->server->isActive())
620  {
621  ilUtil::sendFailure('Missing LDAP libraries. Please ensure that the PHP LDAP module is installed on your server.');
622  }
623 
624  $this->setSubTabs();
625  $this->tabs_gui->setSubTabActive('ldap_settings');
626 
627  $this->initForm();
628  $this->setServerFormValues();
629  return $this->tpl->setContent($this->form_gui->getHtml());
630  }
631 
632  public function setServerFormValues()
633  {
634  $this->form_gui->setValuesByArray(array(
635  'active' => $this->server->isActive(),
636  'ds' => !$this->server->isAuthenticationEnabled(),
637  'server_name' => $this->server->getName(),
638  'server_url' => $this->server->getUrlString(),
639  'version' => $this->server->getVersion(),
640  'base_dn' => $this->server->getBaseDN(),
641  'referrals' => $this->server->isActiveReferrer(),
642  'tls' => $this->server->isActiveTLS(),
643  'binding_type' => $this->server->getBindingType(),
644  'bind_dn' => $this->server->getBindUser(),
645  'bind_pass' => $this->server->getBindPassword(),
646  'bind_pass_retype' => $this->server->getBindPassword(),
647  'search_base' => $this->server->getSearchBase(),
648  'user_scope' => $this->server->getUserScope(),
649  'user_attribute' => $this->server->getUserAttribute(),
650  'filter' => $this->server->getFilter(),
651  'group_dn' => $this->server->getGroupDN(),
652  'group_scope' => $this->server->getGroupScope(),
653  'group_filter' => $this->server->getGroupFilter(),
654  'group_member' => $this->server->getGroupMember(),
655  'memberisdn' => $this->server->enabledGroupMemberIsDN(),
656  'group' => $this->server->getGroupName(),
657  'group_attribute' => $this->server->getGroupAttribute(),
658  'group_optional' => $this->server->isMembershipOptional(),
659  'group_user_filter' => $this->server->getGroupUserFilter(),
660  'sync_on_login' => $this->server->enabledSyncOnLogin(),
661  'sync_per_cron' => $this->server->enabledSyncPerCron(),
662  'global_role' => ilLDAPAttributeMapping::_lookupGlobalRole($this->server->getServerId()),
663  'migration' => (int)$this->server->isAccountMigrationEnabled(),
664  ));
665  }
666 
667  private function initForm()
668  {
669  include_once 'Services/Form/classes/class.ilPropertyFormGUI.php';
670 
671  $this->form_gui = new ilPropertyFormGUI();
672  $this->form_gui->setFormAction($this->ctrl->getFormAction($this, 'save'));
673  $this->form_gui->setTitle($this->lng->txt('ldap_configure'));
674 
675  $active = new ilCheckboxInputGUI($this->lng->txt('auth_ldap_enable'), 'active');
676  $active->setValue(1);
677  $this->form_gui->addItem($active);
678 
679  $ds = new ilCheckboxInputGUI($this->lng->txt('ldap_as_ds'), 'ds');
680  $ds->setValue(1);
681  $ds->setInfo($this->lng->txt('ldap_as_ds_info'));
682  $this->form_gui->addItem($ds);
683 
684  $servername = new ilTextInputGUI($this->lng->txt('ldap_server_name'), 'server_name');
685  $servername->setRequired(true);
686  $servername->setInfo($this->lng->txt('ldap_server_name_info'));
687  $servername->setSize(32);
688  $servername->setMaxLength(32);
689  $this->form_gui->addItem($servername);
690 
691  $serverurl = new ilTextInputGUI($this->lng->txt('ldap_server'), 'server_url');
692  $serverurl->setRequired(true);
693  $serverurl->setInfo($this->lng->txt('ldap_server_url_info'));
694  $serverurl->setSize(64);
695  $serverurl->setMaxLength(255);
696  $this->form_gui->addItem($serverurl);
697 
698  $version = new ilSelectInputGUI($this->lng->txt('ldap_version'), 'version');
699  $version->setOptions(array(2 => 2, 3 => 3));
700  $version->setInfo($this->lng->txt('ldap_server_version_info'));
701  $this->form_gui->addItem($version);
702 
703  $basedsn = new ilTextInputGUI($this->lng->txt('basedn'), 'base_dn');
704  $basedsn->setRequired(true);
705  $basedsn->setSize(64);
706  $basedsn->setMaxLength(255);
707  $this->form_gui->addItem($basedsn);
708 
709  $referrals = new ilCheckboxInputGUI($this->lng->txt('ldap_referrals'), 'referrals');
710  $referrals->setValue(1);
711  $referrals->setInfo($this->lng->txt('ldap_referrals_info'));
712  $this->form_gui->addItem($referrals);
713 
714  $section_security = new ilFormSectionHeaderGUI();
715  $section_security->setTitle($this->lng->txt('ldap_server_security_settings'));
716  $this->form_gui->addItem($section_security);
717 
718  $tls = new ilCheckboxInputGUI($this->lng->txt('ldap_tls'), 'tls');
719  $tls->setValue(1);
720  $this->form_gui->addItem($tls);
721 
722  $binding = new ilRadioGroupInputGUI($this->lng->txt('ldap_server_binding'), 'binding_type' );
723  $anonymous = new ilRadioOption($this->lng->txt('ldap_bind_anonymous'), IL_LDAP_BIND_ANONYMOUS);
724  $binding->addOption($anonymous);
725  $user = new ilRadioOption($this->lng->txt('ldap_bind_user'), IL_LDAP_BIND_USER);
726  $dn = new ilTextInputGUI($this->lng->txt('ldap_server_bind_dn'), 'bind_dn');
727  $dn->setSize(64);
728  $dn->setMaxLength(255);
729  $user->addSubItem($dn);
730  $pass = new ilPasswordInputGUI($this->lng->txt('ldap_server_bind_pass'), 'bind_pass');
731  $pass->setSkipSyntaxCheck(true);
732  $pass->setSize(12);
733  $pass->setMaxLength(36);
734  $user->addSubItem($pass);
735  $binding->addOption($user);
736  $this->form_gui->addItem($binding);
737 
738  $section_auth = new ilFormSectionHeaderGUI();
739  $section_auth->setTitle($this->lng->txt('ldap_authentication_settings'));
740  $this->form_gui->addItem($section_auth);
741 
742  $search_base = new ilTextInputGUI($this->lng->txt('ldap_user_dn'), 'search_base');
743  $search_base->setInfo($this->lng->txt('ldap_search_base_info'));
744  $search_base->setSize(64);
745  $search_base->setMaxLength(255);
746  $this->form_gui->addItem($search_base);
747 
748  $user_scope = new ilSelectInputGUI($this->lng->txt('ldap_user_scope'), 'user_scope');
749  $user_scope->setOptions(array(IL_LDAP_SCOPE_ONE => $this->lng->txt('ldap_scope_one'),
750  IL_LDAP_SCOPE_SUB => $this->lng->txt('ldap_scope_sub')));
751  $user_scope->setInfo($this->lng->txt('ldap_user_scope_info'));
752  $this->form_gui->addItem($user_scope);
753 
754  $user_attribute = new ilTextInputGUI($this->lng->txt('ldap_user_attribute'), 'user_attribute');
755  $user_attribute->setSize(16);
756  $user_attribute->setMaxLength(64);
757  $user_attribute->setRequired(true);
758  $this->form_gui->addItem($user_attribute);
759 
760  $filter = new ilTextInputGUI($this->lng->txt('ldap_search_filter'), 'filter');
761  $filter->setInfo($this->lng->txt('ldap_filter_info'));
762  $filter->setSize(64);
763  $filter->setMaxLength(512);
764  $this->form_gui->addItem($filter);
765 
766  $section_restrictions = new ilFormSectionHeaderGUI();
767  $section_restrictions->setTitle($this->lng->txt('ldap_group_restrictions'));
768  $this->form_gui->addItem($section_restrictions);
769 
770  $group_dn = new ilTextInputGUI($this->lng->txt('ldap_group_search_base'), 'group_dn');
771  $group_dn->setInfo($this->lng->txt('ldap_group_dn_info'));
772  $group_dn->setSize(64);
773  $group_dn->setMaxLength(255);
774  $this->form_gui->addItem($group_dn);
775 
776  $group_scope = new ilSelectInputGUI($this->lng->txt('ldap_group_scope'), 'group_scope');
777  $group_scope->setOptions(array(IL_LDAP_SCOPE_ONE => $this->lng->txt('ldap_scope_one'),
778  IL_LDAP_SCOPE_SUB => $this->lng->txt('ldap_scope_sub')));
779  $group_scope->setInfo($this->lng->txt('ldap_group_scope_info'));
780  $this->form_gui->addItem($group_scope);
781 
782  $group_filter = new ilTextInputGUI($this->lng->txt('ldap_group_filter'), 'group_filter');
783  $group_filter->setInfo($this->lng->txt('ldap_group_filter_info'));
784  $group_filter->setSize(64);
785  $group_filter->setMaxLength(255);
786  $this->form_gui->addItem($group_filter);
787 
788  $group_member = new ilTextInputGUI($this->lng->txt('ldap_group_member'), 'group_member');
789  $group_member->setInfo($this->lng->txt('ldap_group_member_info'));
790  $group_member->setSize(32);
791  $group_member->setMaxLength(255);
792  $this->form_gui->addItem($group_member);
793 
794 
795  $group_member_isdn = new ilCheckboxInputGUI($this->lng->txt('ldap_memberisdn'), 'memberisdn');
796  #$group_member_isdn->setInfo($this->lng->txt('ldap_group_member_info'));
797  $this->form_gui->addItem($group_member_isdn);
798  #$group_member->addSubItem($group_member_isdn);
799 
800  $group = new ilTextInputGUI($this->lng->txt('ldap_group_name'), 'group');
801  $group->setInfo($this->lng->txt('ldap_group_name_info'));
802  $group->setSize(32);
803  $group->setMaxLength(255);
804  $this->form_gui->addItem($group);
805 
806  $group_atrr = new ilTextInputGUI($this->lng->txt('ldap_group_attribute'), 'group_attribute');
807  $group_atrr->setInfo($this->lng->txt('ldap_group_attribute_info'));
808  $group_atrr->setSize(16);
809  $group_atrr->setMaxLength(64);
810  $this->form_gui->addItem($group_atrr);
811 
812  $group_optional = new ilCheckboxInputGUI($this->lng->txt('ldap_group_membership'), 'group_optional');
813  $group_optional->setOptionTitle($this->lng->txt('ldap_group_member_optional'));
814  $group_optional->setInfo($this->lng->txt('ldap_group_optional_info'));
815  $group_optional->setValue(1);
816  $group_user_filter = new ilTextInputGUI($this->lng->txt('ldap_group_user_filter'), 'group_user_filter');
817  $group_user_filter->setSize(64);
818  $group_user_filter->setMaxLength(255);
819  $group_optional->addSubItem($group_user_filter);
820  $this->form_gui->addItem($group_optional);
821 
822  $section_sync = new ilFormSectionHeaderGUI();
823  $section_sync->setTitle($this->lng->txt('ldap_user_sync'));
824  $this->form_gui->addItem($section_sync);
825 
826  $ci_gui = new ilCustomInputGUI($this->lng->txt('ldap_moment_sync'));
827  $sync_on_login = new ilCheckboxInputGUI($this->lng->txt('ldap_sync_login'), 'sync_on_login');
828  $sync_on_login->setValue(1);
829  $ci_gui->addSubItem($sync_on_login);
830  $sync_per_cron = new ilCheckboxInputGUI($this->lng->txt('ldap_sync_cron'), 'sync_per_cron');
831  $sync_per_cron->setValue(1);
832  $ci_gui->addSubItem($sync_per_cron);
833  $ci_gui->setInfo($this->lng->txt('ldap_user_sync_info'));
834  $this->form_gui->addItem($ci_gui);
835 
836  $global_role = new ilSelectInputGUI($this->lng->txt('ldap_global_role_assignment'), 'global_role');
837  $global_role->setOptions($this->prepareRoleSelect(false));
838  $global_role->setInfo($this->lng->txt('ldap_global_role_info'));
839  $this->form_gui->addItem($global_role);
840 
841  $migr = new ilCheckboxInputGUI($this->lng->txt('auth_ldap_migration'), 'migration');
842  $migr->setInfo($this->lng->txt('auth_ldap_migration_info'));
843  $migr->setValue(1);
844  $this->form_gui->addItem($migr);
845 
846 
847  include_once "Services/Administration/classes/class.ilAdministrationSettingsFormHandler.php";
850  $this->form_gui,
852  );
853 
854 
855  $this->form_gui->addCommandButton('save', $this->lng->txt('save'));
856  }
857 
858  /*
859  * Update Settings
860  */
861  function save()
862  {
863  global $ilErr;
864 
865  $this->setSubTabs();
866  $this->tabs_gui->setSubTabActive('ldap_settings');
867 
868  $this->initForm();
869  if($this->form_gui->checkInput())
870  {
871  $this->server->toggleActive((int)$this->form_gui->getInput('active'));
872  $this->server->enableAuthentication(!$this->form_gui->getInput('ds'));
873  $this->server->setName($this->form_gui->getInput('server_name'));
874  $this->server->setUrl($this->form_gui->getInput('server_url'));
875  $this->server->setVersion($this->form_gui->getInput('version'));
876  $this->server->setBaseDN($this->form_gui->getInput('base_dn'));
877  $this->server->toggleReferrer($this->form_gui->getInput('referrals'));
878  $this->server->toggleTLS($this->form_gui->getInput('tls'));
879  $this->server->setBindingType((int)$this->form_gui->getInput('binding_type'));
880  $this->server->setBindUser($this->form_gui->getInput('bind_dn'));
881  $this->server->setBindPassword($this->form_gui->getInput('bind_pass'));
882  $this->server->setSearchBase($this->form_gui->getInput('search_base'));
883  $this->server->setUserScope($this->form_gui->getInput('user_scope'));
884  $this->server->setUserAttribute($this->form_gui->getInput('user_attribute'));
885  $this->server->setFilter($this->form_gui->getInput('filter'));
886  $this->server->setGroupDN($this->form_gui->getInput('group_dn'));
887  $this->server->setGroupScope((int)$this->form_gui->getInput('group_scope'));
888  $this->server->setGroupFilter($this->form_gui->getInput('group_filter'));
889  $this->server->setGroupMember($this->form_gui->getInput('group_member'));
890  $this->server->enableGroupMemberIsDN((int)$this->form_gui->getInput('memberisdn'));
891  $this->server->setGroupName($this->form_gui->getInput('group'));
892  $this->server->setGroupAttribute($this->form_gui->getInput('group_attribute'));
893  $this->server->setGroupUserFilter($this->form_gui->getInput('group_user_filter'));
894  $this->server->toggleMembershipOptional((int)$this->form_gui->getInput('group_optional'));
895  $this->server->enableSyncOnLogin((int)$this->form_gui->getInput('sync_on_login'));
896  $this->server->enableSyncPerCron((int)$this->form_gui->getInput('sync_per_cron'));
897  $this->server->setGlobalRole((int)$this->form_gui->getInput('global_role'));
898  $this->server->enableAccountMigration((int)$this->form_gui->getInput('migration'));
899 
900  if(!$this->server->validate())
901  {
902  ilUtil::sendFailure($ilErr->getMessage());
903  $this->form_gui->setValuesByPost();
904  return $this->tpl->setContent($this->form_gui->getHtml());
905  }
906 
907  // Update or create
908  if($this->server->getServerId())
909  {
910  $this->server->update();
911  }
912  else
913  {
914  $_GET['ldap_server_id'] = $this->server->create();
915  }
916 
917  // Now server_id exists => update LDAP attribute mapping
918  $this->initAttributeMapping();
919  $this->mapping->setRule('global_role', (int)$this->form_gui->getInput('global_role'), false);
920  $this->mapping->save();
921 
922  ilUtil::sendSuccess($this->lng->txt('settings_saved'),true);
923  $this->ctrl->redirect($this,'serverList');
924  return true;
925  #$this->form_gui->setValuesByPost();
926  #return $this->tpl->setContent($this->form_gui->getHtml());
927  }
928 
929  $this->form_gui->setValuesByPost();
930  return $this->tpl->setContent($this->form_gui->getHtml());
931  }
932 
933 
934 
940  private function setSubTabs()
941  {
942  $this->tabs_gui->addSubTabTarget("ldap_settings",
943  $this->ctrl->getLinkTarget($this,'serverList'),
944  "serverList",get_class($this));
945 
946  // Disable all other tabs, if server hasn't been configured.
947  include_once('Services/LDAP/classes/class.ilLDAPServer.php');
948  if(!count(ilLDAPServer::_getServerList()))
949  {
950  return true;
951  }
952 
953  $this->tabs_gui->addSubTabTarget("ldap_user_mapping",
954  $this->ctrl->getLinkTarget($this,'userMapping'),
955  "userMapping",get_class($this));
956 
957  $this->tabs_gui->addSubTabTarget('ldap_role_assignments',
958  $this->ctrl->getLinkTarget($this,'roleAssignments'),
959  "roleAssignments",get_class($this));
960 
961  $this->tabs_gui->addSubTabTarget("ldap_role_mapping",
962  $this->ctrl->getLinkTarget($this,'roleMapping'),
963  "roleMapping",get_class($this));
964  }
965 
966 
967  private function initServer()
968  {
969  include_once './Services/LDAP/classes/class.ilLDAPServer.php';
970  if(!$_GET['ldap_server_id'])
971  {
972  $_GET['ldap_server_id'] = ilLDAPServer::_getFirstServer();
973  }
974  $this->server = new ilLDAPServer((int) $_GET['ldap_server_id']);
975  }
976 
977  private function initAttributeMapping()
978  {
979  include_once './Services/LDAP/classes/class.ilLDAPAttributeMapping.php';
980  $this->mapping = ilLDAPAttributeMapping::_getInstanceByServerId((int) $_GET['ldap_server_id']);
981  }
982 
983  private function initRoleMapping()
984  {
985  include_once './Services/LDAP/classes/class.ilLDAPRoleGroupMappingSettings.php';
986  $this->role_mapping = ilLDAPRoleGroupMappingSettings::_getInstanceByServerId((int) $_GET['ldap_server_id']);
987  }
988 
994  private function prepareGlobalRoleSelection($a_as_select = true)
995  {
996  global $rbacreview,$ilObjDataCache;
997 
998  $global_roles = ilUtil::_sortIds($rbacreview->getGlobalRoles(),
999  'object_data',
1000  'title',
1001  'obj_id');
1002 
1003  $select[0] = $this->lng->txt('links_select_one');
1004  foreach($global_roles as $role_id)
1005  {
1006  $select[$role_id] = ilObject::_lookupTitle($role_id);
1007  }
1008  return $select;
1009  }
1010 
1011 
1018  private function prepareRoleSelect($a_as_select = true)
1019  {
1020  global $rbacreview,$ilObjDataCache;
1021 
1022  include_once('./Services/LDAP/classes/class.ilLDAPAttributeMapping.php');
1023 
1024  $global_roles = ilUtil::_sortIds($rbacreview->getGlobalRoles(),
1025  'object_data',
1026  'title',
1027  'obj_id');
1028 
1029  $select[0] = $this->lng->txt('links_select_one');
1030  foreach($global_roles as $role_id)
1031  {
1032  $select[$role_id] = ilObject::_lookupTitle($role_id);
1033  }
1034 
1035  if($a_as_select)
1036  {
1037  return ilUtil::formSelect(ilLDAPAttributeMapping::_lookupGlobalRole($this->server->getServerId()),
1038  'global_role',$select,false,true);
1039  }
1040  else
1041  {
1042  return $select;
1043  }
1044  }
1045 
1046 
1047  private function getMappingFields()
1048  {
1049  return array('gender' => $this->lng->txt('gender'),
1050  'firstname' => $this->lng->txt('firstname'),
1051  'lastname' => $this->lng->txt('lastname'),
1052  'title' => $this->lng->txt('person_title'),
1053  'institution' => $this->lng->txt('institution'),
1054  'department' => $this->lng->txt('department'),
1055  'street' => $this->lng->txt('street'),
1056  'city' => $this->lng->txt('city'),
1057  'zipcode' => $this->lng->txt('zipcode'),
1058  'country' => $this->lng->txt('country'),
1059  'phone_office' => $this->lng->txt('phone_office'),
1060  'phone_home' => $this->lng->txt('phone_home'),
1061  'phone_mobile' => $this->lng->txt('phone_mobile'),
1062  'fax' => $this->lng->txt('fax'),
1063  'email' => $this->lng->txt('email'),
1064  'hobby' => $this->lng->txt('hobby'),
1065  'matriculation' => $this->lng->txt('matriculation'));
1066  #'photo' => $this->lng->txt('photo'));
1067  }
1068 
1069  private function initUserDefinedFields()
1070  {
1071  include_once("./Services/User/classes/class.ilUserDefinedFields.php");
1072  $this->udf = ilUserDefinedFields::_getInstance();
1073  }
1074 
1075  private function prepareMappingSelect()
1076  {
1077  return ilUtil::formSelect($_POST['mapping_template'],'mapping_template',array(0 => $this->lng->txt('ldap_mapping_template'),
1078  "inetOrgPerson" => 'inetOrgPerson',
1079  "organizationalPerson" => 'organizationalPerson',
1080  "person" => 'person',
1081  "ad_2003" => 'Active Directory (Win 2003)'),false,true);
1082  }
1083 
1090  private function loadMappingDetails()
1091  {
1092  if(!isset($_SESSION['ldap_mapping_details']))
1093  {
1094  $_SESSION['ldap_mapping_details'] = array();
1095  }
1096  if(isset($_GET['details_show']))
1097  {
1098  $_SESSION['ldap_mapping_details'][$_GET['details_show']] = $_GET['details_show'];
1099  }
1100  if(isset($_GET['details_hide']))
1101  {
1102  unset($_SESSION['ldap_mapping_details'][$_GET['details_hide']]);
1103  }
1104  }
1105 
1114  protected function initFormRoleAssignments($a_mode)
1115  {
1116  include_once('Services/Form/classes/class.ilPropertyFormGUI.php');
1117  include_once('Services/LDAP/classes/class.ilLDAPRoleAssignmentRule.php');
1118 
1119  $this->form = new ilPropertyFormGUI();
1120  $this->form->setFormAction($this->ctrl->getFormAction($this));
1121 
1122  switch($a_mode)
1123  {
1124  case 'edit':
1125  $this->form->setTitle($this->lng->txt('ldap_edit_role_ass_rule'));
1126  $this->form->addCommandButton('updateRoleAssignment',$this->lng->txt('save'));
1127  $this->form->addCommandButton('roleAssignments',$this->lng->txt('cancel'));
1128  break;
1129  case 'create':
1130  $this->form->setTitle($this->lng->txt('ldap_add_role_ass_rule'));
1131  $this->form->addCommandButton('addRoleAssignment',$this->lng->txt('ldap_btn_add_role_ass'));
1132  $this->form->addCommandButton('roleAssignments',$this->lng->txt('cancel'));
1133  break;
1134  }
1135 
1136  // Role Selection
1137  $role = new ilRadioGroupInputGUI($this->lng->txt('ldap_ilias_role'),'role_name');
1138  $role->setRequired(true);
1139 
1140  $global = new ilRadioOption($this->lng->txt('ldap_global_role'),0);
1141  $role->addOption($global);
1142 
1143  $role_select = new ilSelectInputGUI('','role_id');
1144  $role_select->setOptions($this->prepareGlobalRoleSelection());
1145  $global->addSubItem($role_select);
1146 
1147  $local = new ilRadioOption($this->lng->txt('ldap_local_role'),1);
1148  $role->addOption($local);
1149 
1150  include_once './Services/Form/classes/class.ilRoleAutoCompleteInputGUI.php';
1151  $role_search = new ilRoleAutoCompleteInputGUI('','role_search',$this,'addRoleAutoCompleteObject');
1152  $role_search->setSize(40);
1153  $local->addSubItem($role_search);
1154 
1155  $role->setInfo($this->lng->txt('ldap_role_name_info'));
1156  $this->form->addItem($role);
1157 
1158  // Update options
1159  $update = new ilNonEditableValueGUI($this->lng->txt('ldap_update_roles'),'update_roles');
1160  $update->setValue($this->lng->txt('ldap_check_role_assignment'));
1161 
1162  $add = new ilCheckboxInputGUI('','add_missing');
1163  $add->setOptionTitle($this->lng->txt('ldap_add_missing'));
1164  $update->addSubItem($add);
1165 
1166  $remove = new ilCheckboxInputGUI('','remove_deprecated');
1167  $remove->setOptionTitle($this->lng->txt('ldap_remove_deprecated'));
1168  $update->addSubItem($remove);
1169 
1170  $this->form->addItem($update);
1171 
1172 
1173 
1174  // Assignment Type
1175  $group = new ilRadioGroupInputGUI($this->lng->txt('ldap_assignment_type'),'type');
1176  #$group->setValue($current_rule->getType());
1177  $group->setRequired(true);
1178 
1179  // Option by group
1180  $radio_group = new ilRadioOption($this->lng->txt('ldap_role_by_group'),ilLDAPRoleAssignmentRule::TYPE_GROUP);
1181 
1182  $dn = new ilTextInputGUI($this->lng->txt('ldap_group_dn'),'dn');
1183  #$dn->setValue($current_rule->getDN());
1184  $dn->setSize(32);
1185  $dn->setMaxLength(512);
1186  $dn->setInfo($this->lng->txt('ldap_role_grp_dn_info'));
1187  $radio_group->addSubItem($dn);
1188  $at = new ilTextInputGUI($this->lng->txt('ldap_role_grp_at'),'at');
1189  #$at->setValue($current_rule->getMemberAttribute());
1190  $at->setSize(16);
1191  $at->setMaxLength(128);
1192  $radio_group->addSubItem($at);
1193  $isdn = new ilCheckboxInputGUI($this->lng->txt('ldap_role_grp_isdn'),'isdn');
1194  #$isdn->setChecked($current_rule->isMemberAttributeDN());
1195  $isdn->setInfo($this->lng->txt('ldap_group_member_info'));
1196  $radio_group->addSubItem($isdn);
1197  $radio_group->setInfo($this->lng->txt('ldap_role_grp_info'));
1198 
1199  $group->addOption($radio_group);
1200 
1201  // Option by Attribute
1202  $radio_attribute = new ilRadioOption($this->lng->txt('ldap_role_by_attribute'),ilLDAPRoleAssignmentRule::TYPE_ATTRIBUTE);
1203  $name = new ilTextInputGUI($this->lng->txt('ldap_role_at_name'),'name');
1204  #$name->setValue($current_rule->getAttributeName());
1205  $name->setSize(32);
1206  $name->setMaxLength(128);
1207  #$name->setInfo($this->lng->txt('ldap_role_at_name_info'));
1208  $radio_attribute->addSubItem($name);
1209 
1210  // Radio Attribute
1211  $val = new ilTextInputGUI($this->lng->txt('ldap_role_at_value'),'value');
1212  #$val->setValue($current_rule->getAttributeValue());
1213  $val->setSize(32);
1214  $val->setMaxLength(128);
1215  #$val->setInfo($this->lng->txt('ldap_role_at_value_info'));
1216  $radio_attribute->addSubItem($val);
1217  $radio_attribute->setInfo($this->lng->txt('ldap_role_at_info'));
1218 
1219  $group->addOption($radio_attribute);
1220 
1221  // Option by Plugin
1222  $pl_active = (bool) $this->hasActiveRoleAssignmentPlugins();
1223  $pl = new ilRadioOption($this->lng->txt('ldap_plugin'),3);
1224  $pl->setInfo($this->lng->txt('ldap_plugin_info'));
1225  $pl->setDisabled(!$pl_active);
1226 
1227  $id = new ilNumberInputGUI($this->lng->txt('ldap_plugin_id'),'plugin_id');
1228  $id->setDisabled(!$pl_active);
1229  $id->setSize(3);
1230  $id->setMaxLength(3);
1231  $id->setMaxValue(999);
1232  $id->setMinValue(1);
1233  $pl->addSubItem($id);
1234 
1235  $group->addOption($pl);
1236  $this->form->addItem($group);
1237  }
1238 
1244  {
1245  global $ilPluginAdmin;
1246 
1247  return count($ilPluginAdmin->getActivePluginsForSlot(IL_COMP_SERVICE,'LDAP','ldaphk')) ? true : false;
1248  }
1249 
1250 
1255  {
1256  include_once("./Services/Form/classes/class.ilRoleAutoCompleteInputGUI.php");
1258  }
1259 
1263  public function userMapping()
1264  {
1265  $this->initAttributeMapping();
1266 
1267  $this->setSubTabs();
1268  $this->tabs_gui->setSubTabActive('ldap_user_mapping');
1269  $this->userMappingToolbar();
1270 
1271  $propertie_form = $this->initUserMappingForm();
1272 
1273  $this->tpl->setContent($propertie_form->getHTML());
1274  }
1275 
1280  private function userMappingToolbar()
1281  {
1282  global $ilToolbar;
1283  include_once("./Services/Form/classes/class.ilSelectInputGUI.php");
1284 
1285  $select_form = new ilSelectInputGUI("mapping_template");
1286  $select_form->setPostVar("mapping_template");
1287  $options = array(
1288  "" => $this->lng->txt('ldap_mapping_template'),
1289  "inetOrgPerson" => 'inetOrgPerson',
1290  "organizationalPerson" => 'organizationalPerson',
1291  "person" => 'person',
1292  "ad_2003" => 'Active Directory (Win 2003)');
1293  $select_form->setOptions($options);
1294  $select_form->setValue($_POST['mapping_template']);
1295 
1296  $ilToolbar->addInputItem($select_form);
1297  $ilToolbar->addFormButton($this->lng->txt('show'), "chooseMapping");
1298  $ilToolbar->setFormAction($this->ctrl->getFormAction($this, "chooseMapping"));
1299  }
1300 
1305  private function initUserMappingForm()
1306  {
1307  include_once("./Services/Form/classes/class.ilPropertyFormGUI.php");
1308  $propertie_form = new ilPropertyFormGUI();
1309  $propertie_form->setTitle($this->lng->txt('ldap_mapping_table'));
1310  $propertie_form->setFormAction($this->ctrl->getFormAction($this, 'saveMapping'));
1311  $propertie_form->addCommandButton('saveMapping',$this->lng->txt('save'));
1312 
1313  foreach($this->getMappingFields() as $mapping => $lang)
1314  {
1315  $text_form = new ilTextInputGUI($lang);
1316  $text_form->setPostVar($mapping."_value");
1317  $text_form->setValue($this->mapping->getValue($mapping));
1318  $text_form->setSize(32);
1319  $text_form->setMaxLength(255);
1320  $propertie_form->addItem($text_form);
1321 
1322  $checkbox_form = new ilCheckboxInputGUI("");
1323  $checkbox_form->setPostVar($mapping . "_update");
1324  $checkbox_form->setChecked($this->mapping->enabledUpdate($mapping));
1325  $checkbox_form->setOptionTitle($this->lng->txt('ldap_update_field_info'));
1326  $propertie_form->addItem($checkbox_form);
1327  }
1328 
1329  $this->initUserDefinedFields();
1330  foreach($this->udf->getDefinitions() as $definition)
1331  {
1332  $text_form = new ilTextInputGUI($definition['field_name']);
1333  $text_form->setPostVar('udf_'.$definition['field_id'].'_value');
1334  $text_form->setValue($this->mapping->getValue('udf_'.$definition['field_id']));
1335  $text_form->setSize(32);
1336  $text_form->setMaxLength(255);
1337  $propertie_form->addItem($text_form);
1338 
1339  $checkbox_form = new ilCheckboxInputGUI("");
1340  $checkbox_form->setPostVar('udf_'.$definition['field_id'].'_update');
1341  $checkbox_form->setChecked($this->mapping->enabledUpdate('udf_'.$definition['field_id']));
1342  $checkbox_form->setOptionTitle($this->lng->txt('ldap_update_field_info'));
1343  $propertie_form->addItem($checkbox_form);
1344  }
1345 
1346  return $propertie_form;
1347  }
1348 
1353  public function roleMapping()
1354  {
1355  global $ilToolbar;
1356  $this->setSubTabs();
1357  $this->tabs_gui->setSubTabActive('ldap_role_mapping');
1358  $ilToolbar->addButton($this->lng->txt("ldap_new_role_assignment") ,
1359  $this->ctrl->getLinkTarget($this,'addRoleMapping'));
1360  include_once("./Services/Form/classes/class.ilPropertyFormGUI.php");
1361 
1362  //Set propertyform for synchronization settings
1363  include_once("./Services/Form/classes/class.ilCombinationInputGUI.php");
1364  $propertie_form = new ilPropertyFormGUI();
1365  $propertie_form->setTitle($this->lng->txt('ldap_role_settings'));
1366  $propertie_form->setFormAction($this->ctrl->getFormAction($this, "saveSyncronizationSettings"));
1367  $propertie_form->addCommandButton("saveSyncronizationSettings" ,$this->lng->txt('save'));
1368  $role_active = new ilCheckboxInputGUI($this->lng->txt('ldap_role_active'));
1369  $role_active->setPostVar('role_sync_active');
1370  $role_active->setChecked($this->server->enabledRoleSynchronization() ? true : false);
1371  $propertie_form->addItem($role_active);
1372  $binding = new ilCombinationInputGUI($this->lng->txt('ldap_server_binding'));
1373  $binding->setInfo($this->lng->txt('ldap_role_bind_user_info'));
1374  $user = new ilTextInputGUI("");
1375  $user->setPostVar("role_bind_user");
1376  $user->setValue($this->server->getRoleBindDN());
1377  $user->setSize(50);
1378  $user->setMaxLength(255);
1379  $binding->addCombinationItem(0, $user, $this->lng->txt('ldap_role_bind_user'));
1380  $pass = new ilPasswordInputGUI("");
1381  $pass->setPostVar("role_bind_pass");
1382  $pass->setValue($this->server->getRoleBindPassword());
1383  $pass->setSize(12);
1384  $pass->setMaxLength(36);
1385  $pass->setRetype(false);
1386  $binding->addCombinationItem(1, $pass, $this->lng->txt('ldap_role_bind_pass'));
1387  $propertie_form->addItem($binding);
1388 
1389  $this->tpl->addBlockFile('ADM_CONTENT','adm_content','tpl.ldap_role_mappings.html','Services/LDAP');
1390  $this->tpl->setVariable("NEW_ASSIGNMENT_TBL",$propertie_form->getHTML());
1391 
1392  //Set Group Assignments Table if mappings exist
1393  include_once('Services/LDAP/classes/class.ilLDAPRoleGroupMappingSettings.php');
1394  $mapping_instance = ilLDAPRoleGroupMappingSettings::_getInstanceByServerId($this->server->getServerId());
1395  $mappings = $mapping_instance->getMappings();
1396  if(count($mappings))
1397  {
1398  include_once("./Services/LDAP/classes/class.ilLDAPRoleMappingTableGUI.php");
1399  $table_gui = new ilLDAPRoleMappingTableGUI($this, $this->server->getServerId(), "roleMapping");
1400  $table_gui->setTitle($this->lng->txt('ldap_role_group_assignments'));
1401  $table_gui->setData($mappings);
1402  $this->tpl->setVariable("RULES_TBL",$table_gui->getHTML());
1403  }
1404  }
1405 
1411  private function initRoleMappingForm($command)
1412  {
1413  include_once("./Services/Form/classes/class.ilPropertyFormGUI.php");
1414  $this->setSubTabs();
1415  $this->tabs_gui->setSubTabActive('ldap_role_mapping');
1416 
1417  if(isset($_GET["mapping_id"]))
1418  {
1419  $this->ctrl->setParameter($this,'mapping_id', $_GET["mapping_id"]);
1420  }
1421 
1422  $propertie_form = new ilPropertyFormGUI();
1423  $propertie_form->setFormAction($this->ctrl->getFormAction($this, $command));
1424  $propertie_form->addCommandButton($command ,$this->lng->txt('save'));
1425  $propertie_form->addCommandButton("roleMapping", $this->lng->txt('cancel'));
1426 
1427  $url = new ilTextInputGUI($this->lng->txt('ldap_server'));
1428  $url->setPostVar("url");
1429  $url->setSize(50);
1430  $url->setMaxLength(255);
1431  $url->setRequired(true);
1432 
1433  $group_dn = new ilTextInputGUI($this->lng->txt('ldap_group_dn'));
1434  $group_dn->setPostVar("dn");
1435  $group_dn->setSize(50);
1436  $group_dn->setMaxLength(255);
1437  $group_dn->setInfo($this->lng->txt('ldap_dn_info'));
1438  $group_dn->setRequired(true);
1439 
1440  $member = new ilTextInputGUI($this->lng->txt('ldap_group_member'));
1441  $member->setPostVar("member");
1442  $member->setSize(32);
1443  $member->setMaxLength(255);
1444  $member->setInfo($this->lng->txt('ldap_member_info'));
1445  $member->setRequired(true);
1446 
1447  $member_isdn = new ilCheckboxInputGUI("");
1448  $member_isdn->setPostVar("memberisdn");
1449  $member_isdn->setOptionTitle($this->lng->txt('ldap_memberisdn'));
1450 
1451  $role = new ilTextInputGUI($this->lng->txt('ldap_ilias_role'));
1452  $role->setPostVar("role");
1453  $role->setSize(32);
1454  $role->setMaxLength(255);
1455  $role->setInfo($this->lng->txt('ldap_role_info'));
1456  $role->setRequired(true);
1457 
1458  $info = new ilTextAreaInputGUI($this->lng->txt('ldap_info_text'));
1459  $info->setPostVar("info");
1460  $info->setCols(50);
1461  $info->setRows(3);
1462  $info->setInfo($this->lng->txt('ldap_info_text_info'));
1463 
1464  $info_type = new ilCheckboxInputGUI("");
1465  $info_type->setPostVar("info_type");
1466  $info_type->setOptionTitle($this->lng->txt('ldap_mapping_info_type'));
1467 
1468  $propertie_form->addItem($url);
1469  $propertie_form->addItem($group_dn);
1470  $propertie_form->addItem($member);
1471  $propertie_form->addItem($member_isdn);
1472  $propertie_form->addItem($role);
1473  $propertie_form->addItem($info);
1474  $propertie_form->addItem($info_type);
1475 
1476  return $propertie_form;
1477  }
1478 
1482  public function addRoleMapping()
1483  {
1484  $propertie_form = $this->initRoleMappingForm("createRoleMapping");
1485  $propertie_form->getItemByPostVar("url")->setValue($this->server->getUrl());
1486  $propertie_form->setTitle($this->lng->txt("ldap_new_role_assignment"));
1487 
1488  if(isset($_GET["mapping_id"]))
1489  {
1490  include_once('Services/LDAP/classes/class.ilLDAPRoleGroupMappingSetting.php');
1491  $mapping = new ilLDAPRoleGroupMappingSetting($_GET["mapping_id"]);
1492  $mapping->read();
1493 
1494  $propertie_form->getItemByPostVar("url")->setValue($mapping->getURL());
1495  $propertie_form->getItemByPostVar("dn")->setValue($mapping->getDN());
1496  $propertie_form->getItemByPostVar("member")->setValue($mapping->getMemberAttribute());
1497  $propertie_form->getItemByPostVar("memberisdn")->setChecked($mapping->getMemberISDN());
1498  $propertie_form->getItemByPostVar("role")->setValue($mapping->getRoleName());
1499  $propertie_form->getItemByPostVar("info")->setValue($mapping->getMappingInfo());
1500  $propertie_form->getItemByPostVar("info_type")->setChecked($mapping->getMappingInfoType());
1501  }
1502 
1503  $this->tpl->setContent($propertie_form->getHTML());
1504  }
1505 
1509  public function editRoleMapping()
1510  {
1511  include_once('Services/LDAP/classes/class.ilLDAPRoleGroupMappingSetting.php');
1512  $mapping = new ilLDAPRoleGroupMappingSetting($_GET["mapping_id"]);
1513  $mapping->read();
1514 
1515  $propertie_form = $this->initRoleMappingForm("updateRoleMapping");
1516  $propertie_form->setTitle($this->lng->txt('ldap_edit_role_assignment'));
1517  $propertie_form->getItemByPostVar("url")->setValue($mapping->getURL());
1518  $propertie_form->getItemByPostVar("dn")->setValue($mapping->getDN());
1519  $propertie_form->getItemByPostVar("member")->setValue($mapping->getMemberAttribute());
1520  $propertie_form->getItemByPostVar("memberisdn")->setChecked($mapping->getMemberISDN());
1521  $propertie_form->getItemByPostVar("role")->setValue($mapping->getRoleName());
1522  $propertie_form->getItemByPostVar("info")->setValue($mapping->getMappingInfo());
1523  $propertie_form->getItemByPostVar("info_type")->setChecked($mapping->getMappingInfoType());
1524 
1525  $this->tpl->setContent($propertie_form->getHTML());
1526  }
1527 
1532  public function createRoleMapping()
1533  {
1534  global $rbacreview;
1535  $propertie_form = $this->initRoleMappingForm("createRoleMapping");
1536 
1537  if($propertie_form->checkInput() && $rbacreview->roleExists($propertie_form->getInput("role")))
1538  {
1539  include_once('Services/LDAP/classes/class.ilLDAPRoleGroupMappingSetting.php');
1540  $mapping = new ilLDAPRoleGroupMappingSetting(0);
1541  $mapping->setServerId($this->server->getServerId());
1542  $mapping->setURL($propertie_form->getInput("url"));
1543  $mapping->setDN($propertie_form->getInput("dn"));
1544  $mapping->setMemberAttribute($propertie_form->getInput("member"));
1545  $mapping->setMemberISDN($propertie_form->getInput("memberisdn"));
1546  $mapping->setRoleByName($propertie_form->getInput("role"));
1547  $mapping->setMappingInfo($propertie_form->getInput("info"));
1548  $mapping->setMappingInfoType($propertie_form->getInput("info_type"));
1549  $mapping->save();
1550 
1551  ilUtil::sendSuccess($this->lng->txt('settings_saved'), true);
1552  $this->ctrl->redirect($this, "roleMapping");
1553  }
1554  else
1555  {
1556  if(!$rbacreview->roleExists($propertie_form->getInput("role")))
1557  {
1558  ilUtil::sendFailure($this->lng->txt("ldap_role_not_exists") . " " .
1559  $propertie_form->getInput("role"));
1560  }
1561  $propertie_form->setValuesByPost();
1562  $this->tpl->setContent($propertie_form->getHTML());
1563  }
1564  }
1565 
1570  public function updateRoleMapping()
1571  {
1572  global $rbacreview;
1573  $propertie_form = $this->initRoleMappingForm("updateRoleMapping");
1574 
1575  if($propertie_form->checkInput() && $rbacreview->roleExists($propertie_form->getInput("role")))
1576  {
1577  include_once('Services/LDAP/classes/class.ilLDAPRoleGroupMappingSetting.php');
1578  $mapping = new ilLDAPRoleGroupMappingSetting($_GET["mapping_id"]);
1579  $mapping->setServerId($this->server->getServerId());
1580  $mapping->setURL($propertie_form->getInput("url"));
1581  $mapping->setDN($propertie_form->getInput("dn"));
1582  $mapping->setMemberAttribute($propertie_form->getInput("member"));
1583  $mapping->setMemberISDN($propertie_form->getInput("memberisdn"));
1584  $mapping->setRoleByName($propertie_form->getInput("role"));
1585  $mapping->setMappingInfo($propertie_form->getInput("info"));
1586  $mapping->setMappingInfoType($propertie_form->getInput("info_type"));
1587  $mapping->update();
1588 
1589  ilUtil::sendSuccess($this->lng->txt('settings_saved'), true);
1590  $this->ctrl->redirect($this, "roleMapping");
1591  }
1592  else
1593  {
1594  if(!$rbacreview->roleExists($propertie_form->getInput("role")))
1595  {
1596  ilUtil::sendFailure($this->lng->txt("ldap_role_not_exists") . " " .
1597  $propertie_form->getInput("role"));
1598  }
1599  $propertie_form->setValuesByPost();
1600  $this->tpl->setContent($propertie_form->getHTML());
1601  }
1602  }
1603 
1607  public function saveSyncronizationSettings()
1608  {
1609  $this->server->setRoleBindDN(ilUtil::stripSlashes($_POST['role_bind_user']));
1610  $this->server->setRoleBindPassword(ilUtil::stripSlashes($_POST['role_bind_pass']));
1611  $this->server->enableRoleSynchronization((int) $_POST['role_sync_active']);
1612 
1613  // Update or create
1614  if($this->server->getServerId())
1615  {
1616  $this->server->update();
1617  }
1618  else
1619  {
1620  $_GET['ldap_server_id'] = $this->server->create();
1621  }
1622 
1623  ilUtil::sendSuccess($this->lng->txt('settings_saved'),true);
1624  $this->ctrl->redirect($this, "roleMapping");
1625  }
1626 
1630  public function confirmDeleteRoleMapping()
1631  {
1632  if(!is_array($_POST['mappings']))
1633  {
1634  ilUtil::sendFailure($this->lng->txt('select_one'), true);
1635  $this->ctrl->redirect($this, "roleMapping");
1636  return false;
1637  }
1638 
1639  include_once("Services/Utilities/classes/class.ilConfirmationGUI.php");
1640  $c_gui = new ilConfirmationGUI();
1641 
1642  // set confirm/cancel commands
1643  $c_gui->setFormAction($this->ctrl->getFormAction($this, "deleteRoleMapping"));
1644  $c_gui->setHeaderText($this->lng->txt("ldap_confirm_del_role_ass"));
1645  $c_gui->setCancel($this->lng->txt("cancel"), "roleMapping");
1646  $c_gui->setConfirm($this->lng->txt("confirm"), "deleteRoleMapping");
1647 
1648  foreach ($_POST['mappings'] as $id)
1649  {
1650  include_once('Services/LDAP/classes/class.ilLDAPRoleGroupMappingSetting.php');
1651  $mapping = new ilLDAPRoleGroupMappingSetting($id);
1652  $mapping->read();
1653  $txt = $this->lng->txt('obj_role') . ": " . $mapping->getRoleName(). ", ";
1654  $txt .= $this->lng->txt('ldap_group_dn') . ": " . $mapping->getDN() . ", ";
1655  $txt .= $this->lng->txt('ldap_server_short') . " " . $mapping->getURL() . ", ";
1656  $txt .= $this->lng->txt('ldap_group_member_short') . " " . $mapping->getMemberAttribute();
1657 
1658  $c_gui->addItem("mappings[]", $id, $txt);
1659  }
1660  $this->tpl->setContent($c_gui->getHTML());
1661  }
1662 }
1663 ?>