ILIAS  release_4-3 Revision
 All Data Structures Namespaces Files Functions Variables Groups Pages
class.ilLDAPSettingsGUI.php
Go to the documentation of this file.
1 <?php
2 /*
3  +-----------------------------------------------------------------------------+
4  | ILIAS open source |
5  +-----------------------------------------------------------------------------+
6  | Copyright (c) 1998-2006 ILIAS open source, University of Cologne |
7  | |
8  | This program is free software; you can redistribute it and/or |
9  | modify it under the terms of the GNU General Public License |
10  | as published by the Free Software Foundation; either version 2 |
11  | of the License, or (at your option) any later version. |
12  | |
13  | This program is distributed in the hope that it will be useful, |
14  | but WITHOUT ANY WARRANTY; without even the implied warranty of |
15  | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
16  | GNU General Public License for more details. |
17  | |
18  | You should have received a copy of the GNU General Public License |
19  | along with this program; if not, write to the Free Software |
20  | Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. |
21  +-----------------------------------------------------------------------------+
22 */
23 
33 class ilLDAPSettingsGUI
34 {
35  private $ref_id = null;
36 
37  public function __construct($a_auth_ref_id)
38  {
39  global $lng,$ilCtrl,$tpl,$ilTabs;
40 
41  $this->ctrl = $ilCtrl;
42  $this->tabs_gui = $ilTabs;
43  $this->lng = $lng;
44  $this->lng->loadLanguageModule('ldap');
45 
46  $this->tpl = $tpl;
47 
48  $this->ctrl->saveParameter($this,'ldap_server_id');
49  $this->ref_id = $a_auth_ref_id;
50 
51 
52  $this->initServer();
53  }
54 
55  public function executeCommand()
56  {
57  global $ilAccess,$ilias, $ilErr, $ilCtrl;
58 
59  $next_class = $this->ctrl->getNextClass($this);
60  $cmd = $this->ctrl->getCmd();
61 
62  if(!$ilAccess->checkAccess('write','',$this->ref_id) && $cmd != "serverList")
63  {
64  ilUtil::sendFailure($this->lng->txt('msg_no_perm_write'), true);
65  $ilCtrl->redirect($this, "serverList");
66  }
67 
68 
69  switch($next_class)
70  {
71  default:
72  if(!$cmd)
73  {
74  $cmd = "serverList";
75  }
76  $this->$cmd();
77  break;
78  }
79  return true;
80  }
81 
88  public function roleAssignments()
89  {
90  global $rbacreview;
91 
92  $this->setSubTabs();
93  $this->tabs_gui->setSubTabActive('ldap_role_assignments');
94 
95  $this->tpl->addBlockFile('ADM_CONTENT','adm_content','tpl.ldap_role_assignments.html','Services/LDAP');
96 
97  include_once('Services/LDAP/classes/class.ilLDAPRoleAssignmentRule.php');
98  $this->initFormRoleAssignments('create',$this->role_mapping_rule = ilLDAPRoleAssignmentRule::_getInstanceByRuleId(0));
99  $this->tpl->setVariable('NEW_ASSIGNMENT_TBL',$this->form->getHTML());
100 
101 
102  if(count($rules = ilLDAPRoleAssignmentRule::_getRules()))
103  {
104  include_once("./Services/LDAP/classes/class.ilLDAPRoleAssignmentTableGUI.php");
105  $table_gui = new ilLDAPRoleAssignmentTableGUI($this,'roleAssignments');
106  $table_gui->setTitle($this->lng->txt("ldap_tbl_role_ass"));
107  $table_gui->parse($rules);
108  $table_gui->addMultiCommand("confirmDeleteRules", $this->lng->txt("delete"));
109  $table_gui->setSelectAllCheckbox("rule_id");
110  $this->tpl->setVariable('RULES_TBL',$table_gui->getHTML());
111  }
112 
113  }
114 
121  public function editRoleAssignment()
122  {
123  if(!(int) $_GET['rule_id'])
124  {
125  ilUtil::sendFailure($this->lng->txt('select_one'));
126  $this->roleAssignments();
127  return false;
128  }
129  $this->setSubTabs();
130  $this->tabs_gui->setSubTabActive('ldap_role_assignments');
131 
132  $this->ctrl->saveParameter($this,'rule_id',(int) $_GET['rule_id']);
133  include_once('Services/LDAP/classes/class.ilLDAPRoleAssignmentRule.php');
134  $this->initFormRoleAssignments('edit',
135  $this->role_mapping_rule = ilLDAPRoleAssignmentRule::_getInstanceByRuleId((int) $_GET['rule_id']));
136  $this->setValuesByArray();
137  $this->tpl->setContent($this->form->getHTML());
138  }
139 
140 
145  protected function setValuesByArray()
146  {
147  global $rbacreview;
148 
149  $role_id = $this->role_mapping_rule->getRoleId();
150  if($rbacreview->isGlobalRole($role_id))
151  {
152  $val['role_name'] = 0;
153  $val['role_id'] = $role_id;
154  }
155  else
156  {
157  $val['role_name'] = 1;
158  $val['role_search'] = ilObject::_lookupTitle($role_id);
159  }
160  $val['add_missing'] = (int) $this->role_mapping_rule->isAddOnUpdateEnabled();
161  $val['remove_deprecated'] = (int) $this->role_mapping_rule->isRemoveOnUpdateEnabled();
162  $val['type'] = (int) $this->role_mapping_rule->getType();
163  $val['dn'] = $this->role_mapping_rule->getDN();
164  $val['at'] = $this->role_mapping_rule->getMemberAttribute();
165  $val['isdn'] = $this->role_mapping_rule->isMemberAttributeDN();
166  $val['name'] = $this->role_mapping_rule->getAttributeName();
167  $val['value'] = $this->role_mapping_rule->getAttributeValue();
168  $val['plugin_id'] = $this->role_mapping_rule->getPluginId();
169 
170  $this->form->setValuesByArray($val);
171  }
172 
179  public function updateRoleAssignment()
180  {
181  global $ilErr,$ilAccess;
182 
183  if(!$ilAccess->checkAccess('write','',$this->ref_id))
184  {
185  ilUtil::sendFailure($this->lng->txt('permission_denied'), true);
186  $this->roleAssignment();
187  return false;
188  }
189 
190  include_once('Services/LDAP/classes/class.ilLDAPRoleAssignmentRule.php');
191  include_once('Services/LDAP/classes/class.ilLDAPServer.php');
192 
193  $this->initFormRoleAssignments('edit');
194  if(!$this->form->checkInput() or ($err = $this->checkRoleAssignmentInput((int) $_REQUEST['rule_id'])))
195  {
196  if($err)
197  {
198  ilUtil::sendFailure($this->lng->txt($err));
199  }
200 
201  $this->tpl->addBlockFile('ADM_CONTENT','adm_content','tpl.ldap_role_assignments.html','Services/LDAP');
202 
203  // DONE: wrap this
204  $this->form->setValuesByPost();
205  $this->tpl->setVariable('NEW_ASSIGNMENT_TBL',$this->form->getHTML());
206  #$this->tpl->setVariable('RULES_TBL',$this->getRoleAssignmentTable());
207  $this->tabs_gui->setSubTabActive('shib_role_assignment');
208  return true;
209 
210  }
211 
212  // Might redirect
213  $this->roleSelection();
214 
215  $this->rule->update();
216  ilUtil::sendSuccess($this->lng->txt('settings_saved'));
217  $this->roleAssignments();
218  return true;
219  }
220 
228  public function confirmDeleteRules()
229  {
230  if(!is_array($_POST['rule_ids']))
231  {
232  ilUtil::sendFailure($this->lng->txt('select_one'));
233  $this->roleAssignments();
234  return false;
235  }
236  $this->setSubTabs();
237  $this->tabs_gui->setSubTabActive('ldap_role_assignments');
238 
239  include_once("Services/Utilities/classes/class.ilConfirmationGUI.php");
240  $c_gui = new ilConfirmationGUI();
241 
242  // set confirm/cancel commands
243  $c_gui->setFormAction($this->ctrl->getFormAction($this, "deleteRules"));
244  $c_gui->setHeaderText($this->lng->txt("ldap_confirm_del_role_ass"));
245  $c_gui->setCancel($this->lng->txt("cancel"), "roleAssignments");
246  $c_gui->setConfirm($this->lng->txt("confirm"), "deleteRules");
247 
248  // add items to delete
249  include_once('Services/LDAP/classes/class.ilLDAPRoleAssignmentRule.php');
250  foreach($_POST["rule_ids"] as $rule_id)
251  {
252  $rule = ilLDAPRoleAssignmentRule::_getInstanceByRuleId($rule_id);
253  $c_gui->addItem('rule_ids[]',$rule_id,$rule->conditionToString());
254  }
255  $this->tpl->setContent($c_gui->getHTML());
256  }
257 
264  public function deleteRules()
265  {
266  if(!is_array($_POST['rule_ids']))
267  {
268  ilUtil::sendFailure($this->lng->txt('select_once'));
269  $this->roleAssignments();
270  return false;
271  }
272  include_once('Services/LDAP/classes/class.ilLDAPRoleAssignmentRule.php');
273  foreach($_POST["rule_ids"] as $rule_id)
274  {
275  $rule = ilLDAPRoleAssignmentRule::_getInstanceByRuleId($rule_id);
276  $rule->delete();
277  }
278  ilUtil::sendSuccess($this->lng->txt('ldap_deleted_rule'));
279  $this->roleAssignments();
280  return true;
281  }
282 
289  public function addRoleAssignment()
290  {
291  global $ilErr,$ilAccess;
292 
293  if(!$ilAccess->checkAccess('write','',$this->ref_id))
294  {
295  ilUtil::sendFailure($this->lng->txt('permission_denied'), true);
296  $this->roleAssignment();
297  return false;
298  }
299 
300  include_once('Services/LDAP/classes/class.ilLDAPRoleAssignmentRule.php');
301  include_once('Services/LDAP/classes/class.ilLDAPServer.php');
302 
303  $this->initFormRoleAssignments('create');
304  if(!$this->form->checkInput() or ($err = $this->checkRoleAssignmentInput()))
305  {
306  if($err)
307  {
308  ilUtil::sendFailure($this->lng->txt($err));
309  }
310 
311  $this->tpl->addBlockFile('ADM_CONTENT','adm_content','tpl.ldap_role_assignments.html','Services/LDAP');
312 
313  // DONE: wrap this
314  $this->form->setValuesByPost();
315  $this->tpl->setVariable('NEW_ASSIGNMENT_TBL',$this->form->getHTML());
316  $this->tpl->setVariable('RULES_TBL',$this->getRoleAssignmentTable());
317  $this->tabs_gui->setSubTabActive('shib_role_assignment');
318  return true;
319 
320  }
321 
322  // Might redirect
323  $this->roleSelection();
324 
325  $this->rule->create();
326  ilUtil::sendSuccess($this->lng->txt('settings_saved'));
327  unset($_POST);
328  $this->roleAssignments();
329  return true;
330  }
331 
336  protected function roleSelection()
337  {
338  if($this->rule->getRoleId() > 0)
339  {
340  return false;
341  }
342 
343  $_SESSION['ldap_role_ass']['rule_id'] = $_REQUEST['rule_id'] ? $_REQUEST['rule_id'] : 0;
344  $_SESSION['ldap_role_ass']['role_search'] = $this->form->getInput('role_search');
345  $_SESSION['ldap_role_ass']['add_on_update'] = $this->form->getInput('add_missing');
346  $_SESSION['ldap_role_ass']['remove_on_update'] = $this->form->getInput('remove_deprecated');
347  $_SESSION['ldap_role_ass']['type'] = $this->form->getInput('type');
348  $_SESSION['ldap_role_ass']['dn'] = $this->form->getInput('dn');
349  $_SESSION['ldap_role_ass']['at'] = $this->form->getInput('at');
350  $_SESSION['ldap_role_ass']['isdn'] = $this->form->getInput('isdn');
351  $_SESSION['ldap_role_ass']['name'] = $this->form->getInput('name');
352  $_SESSION['ldap_role_ass']['value'] = $this->form->getInput('value');
353  $_SESSION['ldap_role_ass']['plugin'] = $this->form->getInput('plugin_id');
354 
355  $this->ctrl->saveParameter($this,'rule_id');
356  $this->ctrl->redirect($this,'showRoleSelection');
357  }
358 
359 
360 
365  protected function showRoleSelection()
366  {
367  $this->setSubTabs();
368  $this->tabs_gui->setSubTabActive('ldap_role_assignment');
369  $this->ctrl->saveParameter($this,'rule_id');
370 
371  include_once './Services/Search/classes/class.ilQueryParser.php';
372  $parser = new ilQueryParser($_SESSION['ldap_role_ass']['role_search']);
373  $parser->setMinWordLength(1,true);
374  $parser->setCombination(QP_COMBINATION_AND);
375  $parser->parse();
376 
377  include_once 'Services/Search/classes/Like/class.ilLikeObjectSearch.php';
378  $object_search = new ilLikeObjectSearch($parser);
379  $object_search->setFilter(array('role'));
380  $res = $object_search->performSearch();
381 
382  $entries = $res->getEntries();
383 
384  include_once './Services/AccessControl/classes/class.ilRoleSelectionTableGUI.php';
385  $table = new ilRoleSelectionTableGUI($this,'showRoleSelection');
386  $table->setTitle($this->lng->txt('ldap_role_selection'));
387  $table->addMultiCommand('saveRoleSelection',$this->lng->txt('ldap_choose_role'));
388  #$table->addCommandButton('roleAssignment',$this->lng->txt('cancel'));
389  $table->parse($entries);
390 
391  $this->tpl->setContent($table->getHTML());
392  return true;
393  }
394 
399  protected function saveRoleSelection()
400  {
401  global $ilErr,$ilAccess;
402 
403  if(!$ilAccess->checkAccess('write','',$this->ref_id))
404  {
405  ilUtil::sendFailure($this->lng->txt('permission_denied'), true);
406  $this->roleAssignment();
407  return false;
408  }
409 
410  if(!(int) $_REQUEST['role_id'])
411  {
412  ilUtil::sendFailure($this->lng->txt('select_one'));
413  $this->showRoleSelection();
414  return false;
415  }
416 
417  $this->loadRoleAssignmentRule((int) $_REQUEST['rule_id'],false);
418  $this->rule->setRoleId((int) $_REQUEST['role_id']);
419 
420  if((int) $_REQUEST['rule_id'])
421  {
422  $this->rule->update();
423  }
424  else
425  {
426  $this->rule->create();
427  }
428 
429  ilUtil::sendSuccess($this->lng->txt('settings_saved'));
430  $this->roleAssignments();
431  return true;
432  }
433 
434 
440  protected function checkRoleAssignmentInput($a_rule_id = 0)
441  {
442  global $ilErr;
443 
444  $this->loadRoleAssignmentRule($a_rule_id);
445  $this->rule->validate();
446  return $ilErr->getMessage();
447  }
448 
449 
454  protected function getRoleAssignmentTable()
455  {
456  if(count($rules = ilLDAPRoleAssignmentRule::_getRules()))
457  {
458  include_once("./Services/LDAP/classes/class.ilLDAPRoleAssignmentTableGUI.php");
459  $table_gui = new ilLDAPRoleAssignmentTableGUI($this,'roleAssignments');
460  $table_gui->setTitle($this->lng->txt("ldap_tbl_role_ass"));
461  $table_gui->parse($rules);
462  $table_gui->addMultiCommand("confirmDeleteRules", $this->lng->txt("delete"));
463  $table_gui->setSelectAllCheckbox("rule_id");
464  return $table_gui->getHTML();
465  }
466  return '';
467  }
468 
469 
475  protected function loadRoleAssignmentRule($a_rule_id,$a_from_form = true)
476  {
477  if(is_object($this->rule))
478  {
479  return true;
480  }
481 
482  include_once './Services/LDAP/classes/class.ilLDAPRoleAssignmentRule.php';
483  $this->rule = ilLDAPRoleAssignmentRule::_getInstanceByRuleId($a_rule_id);
484 
485 
486  if($a_from_form)
487  {
488  if($this->form->getInput('role_name') == 0)
489  {
490  $this->rule->setRoleId($this->form->getInput('role_id'));
491  }
492  elseif($this->form->getInput('role_search'))
493  {
494  // Search role
495  include_once './Services/Search/classes/class.ilQueryParser.php';
496 
497  $parser = new ilQueryParser('"'.$this->form->getInput('role_search').'"');
498 
499  // TODO: Handle minWordLength
500  $parser->setMinWordLength(1,true);
501  $parser->setCombination(QP_COMBINATION_AND);
502  $parser->parse();
503 
504  include_once 'Services/Search/classes/Like/class.ilLikeObjectSearch.php';
505  $object_search = new ilLikeObjectSearch($parser);
506  $object_search->setFilter(array('role'));
507  $res = $object_search->performSearch();
508 
509  $entries = $res->getEntries();
510  if(count($entries) == 1)
511  {
512  $role = current($entries);
513  $this->rule->setRoleId($role['obj_id']);
514  }
515  elseif(count($entries) > 1)
516  {
517  $this->rule->setRoleId(-1);
518  }
519  }
520 
521  $this->rule->setAttributeName($this->form->getInput('name'));
522  $this->rule->setAttributeValue($this->form->getInput('value'));
523  $this->rule->setDN($this->form->getInput('dn'));
524  $this->rule->setMemberAttribute($this->form->getInput('at'));
525  $this->rule->setMemberIsDN($this->form->getInput('isdn'));
526  $this->rule->enableAddOnUpdate($this->form->getInput('add_missing'));
527  $this->rule->enableRemoveOnUpdate($this->form->getInput('remove_deprecated'));
528  $this->rule->setPluginId($this->form->getInput('plugin_id'));
529  $this->rule->setType($this->form->getInput('type'));
530  return true;
531  }
532 
533  // LOAD from session
534  $this->rule = ilLDAPRoleAssignmentRule::_getInstanceByRuleId($a_rule_id);
535  $this->rule->setServerId(0);
536  $this->rule->enableAddOnUpdate((int) $_SESSION['ldap_role_ass']['add_on_update']);
537  $this->rule->enableRemoveOnUpdate((int) $_SESSION['ldap_role_ass']['remove_on_update']);
538  $this->rule->setType(ilUtil::stripSlashes($_SESSION['ldap_role_ass']['type']));
539  $this->rule->setDN(ilUtil::stripSlashes($_SESSION['ldap_role_ass']['dn']));
540  $this->rule->setMemberAttribute( ilUtil::stripSlashes($_SESSION['ldap_role_ass']['at']));
541  $this->rule->setMemberIsDN( ilUtil::stripSlashes($_SESSION['ldap_role_ass']['isdn']));
542  $this->rule->setAttributeName( ilUtil::stripSlashes($_SESSION['ldap_role_ass']['name']));
543  $this->rule->setAttributeValue(ilUtil::stripSlashes($_SESSION['ldap_role_ass']['value']));
544  $this->rule->setPluginId(ilUtil::stripSlashes($_SESSION['ldap_role_ass']['plugin']));
545  return true;
546  }
547 
548 
549  public function roleMapping()
550  {
551  $this->initRoleMapping();
552 
553  $this->setSubTabs();
554  $this->tabs_gui->setSubTabActive('ldap_role_mapping');
555 
556  $this->tpl->addBlockFile('ADM_CONTENT','adm_content','tpl.ldap_role_mapping.html','Services/LDAP');
557  $this->tpl->setVariable("FORMACTION",$this->ctrl->getFormAction($this,'saveRoleMapping'));
558 
559  // Role Sync
560  $this->tpl->setVariable('TXT_ROLE_SETTINGS',$this->lng->txt('ldap_role_settings'));
561  $this->tpl->setVariable('TXT_ROLE_ACTIVE',$this->lng->txt('ldap_role_active'));
562  $this->tpl->setVariable('TXT_ROLE_BIND_USER',$this->lng->txt('ldap_role_bind_user'));
563  $this->tpl->setVariable('TXT_ROLE_BIND_PASS',$this->lng->txt('ldap_role_bind_pass'));
564  $this->tpl->setVariable('TXT_ROLE_ASSIGNMENTS',$this->lng->txt('ldap_role_assignments'));
565  $this->tpl->setVariable('TXT_BINDING',$this->lng->txt('ldap_server_binding'));
566 
567  $this->tpl->setVariable('TXT_ROLE_BIND_USER_INFO',$this->lng->txt('ldap_role_bind_user_info'));
568  $this->tpl->setVariable('TXT_ROLE_ASSIGNMENTS_INFO',$this->lng->txt('ldap_role_assignments_info'));
569 
570 
571  $mapping_data = $this->role_mapping->getMappings();
572  $mapping_data = $this->loadMappingCopy($mapping_data);
573  $this->loadMappingDetails();
574 
575  // Section new assignment
576  $this->tpl->setVariable('TXT_NEW_ASSIGNMENT',$this->lng->txt('ldap_new_role_assignment'));
577  $this->tpl->setVariable('TXT_URL',$this->lng->txt('ldap_server'));
578  $this->tpl->setVariable('TXT_DN',$this->lng->txt('ldap_group_dn'));
579  $this->tpl->setVariable('TXT_MEMBER',$this->lng->txt('ldap_group_member'));
580  $this->tpl->setVariable('TXT_MEMBER_ISDN',$this->lng->txt('ldap_memberisdn'));
581  $this->tpl->setVariable('TXT_ROLE',$this->lng->txt('ldap_ilias_role'));
582  $this->tpl->setVariable('TXT_ROLE_INFO',$this->lng->txt('ldap_role_info'));
583  $this->tpl->setVariable('TXT_DN_INFO',$this->lng->txt('ldap_dn_info'));
584  $this->tpl->setVariable('TXT_MEMBER_INFO',$this->lng->txt('ldap_member_info'));
585  $this->tpl->setVariable('TXT_MEMBERISDN',$this->lng->txt('ldap_memberisdn'));
586  $this->tpl->setVariable('TXT_INFO',$this->lng->txt('ldap_info_text'));
587  $this->tpl->setVariable('TXT_INFO_INFO',$this->lng->txt('ldap_info_text_info'));
588 
589 
590  $this->tpl->setVariable('ROLE_BIND_USER',$this->server->getRoleBindDN());
591  $this->tpl->setVariable('ROLE_BIND_PASS',$this->server->getRoleBindPassword());
592  $this->tpl->setVariable('CHECK_ROLE_ACTIVE',ilUtil::formCheckbox($this->server->enabledRoleSynchronization() ? true : false,
593  'role_sync_active',
594  1));
595 
596  // Section new assignment
597  $this->tpl->setVariable('URL',$mapping_data[0]['url'] ? $mapping_data[0]['url'] : $this->server->getUrl());
598  $this->tpl->setVariable('DN',$mapping_data[0]['dn']);
599  $this->tpl->setVariable('ROLE',$mapping_data[0]['role_name']);
600  $this->tpl->setVariable('MEMBER',$mapping_data[0]['member_attribute']);
601  $this->tpl->setVariable('CHECK_MEMBERISDN',ilUtil::formCheckbox($mapping_data[0]['memberisdn'],
602  'mapping[0][memberisdn]',
603  1));
604  $this->tpl->setVariable('MAPPING_INFO',$mapping_data[0]['info']);
605 
606  $info_type_checked = isset($mapping_data[0]['info_type']) ? $mapping_data[0]['info_type'] : 1;
607 
608  $this->tpl->setVariable('TXT_MAPPING_INFO_TYPE',$this->lng->txt('ldap_mapping_info_type'));
609  $this->tpl->setVariable('CHECK_MAPPING_INFO_TYPE',ilUtil::formCheckbox($info_type_checked,
610  'mapping[0][info_type]',
611  1));
612 
613  unset($mapping_data[0]);
614 
615  // Section assignments
616  if(count($mapping_data))
617  {
618  $this->tpl->setCurrentBlock('txt_assignments');
619  $this->tpl->setVariable('TXT_ASSIGNMENTS',$this->lng->txt('ldap_role_group_assignments'));
620  $this->tpl->parseCurrentBlock();
621 
622  $this->tpl->setCurrentBlock('delete_btn');
623  $this->tpl->setVariable('SOURCE',ilUtil::getImagePath("arrow_downright.png"));
624  $this->tpl->setVariable('TXT_DELETE',$this->lng->txt('delete'));
625  $this->tpl->parseCurrentBlock();
626  }
627 
628  $mapping_data = $this->sortMappingData($mapping_data);
629 
630  foreach($mapping_data as $data)
631  {
632  $mapping_id = $data['mapping_id'];
633  if(in_array($mapping_id,$_SESSION['ldap_mapping_details']))
634  {
635  $this->tpl->setCurrentBlock('show_mapping_details');
636  $this->tpl->setVariable('ASS_GROUP_URL',$this->lng->txt('ldap_server_short'));
637  $this->tpl->setVariable('ASS_GROUP_DN',$this->lng->txt('ldap_group_dn_short'));
638  $this->tpl->setVariable('ASS_MEMBER_ATTR',$this->lng->txt('ldap_group_member_short'));
639  $this->tpl->setVariable('ASS_ROLE',$this->lng->txt('ldap_ilias_role_short'));
640  $this->tpl->setVariable('ASS_INFO',$this->lng->txt('ldap_info_text_short'));
641  $this->tpl->setVariable('ROW_ID',$mapping_id);
642  $this->tpl->setVariable('ROW_URL',$data['url']);
643  $this->tpl->setVariable('ROW_ROLE',$data['role_name'] ? $data['role_name'] : $data['role']);
644  $this->tpl->setVariable('ROW_DN',$data['dn']);
645  $this->tpl->setVariable('ROW_MEMBER',$data['member_attribute']);
646  $this->tpl->setVariable('TXT_ROW_MEMBERISDN',$this->lng->txt('ldap_memberisdn'));
647  $this->tpl->setVariable('ROW_CHECK_MEMBERISDN',ilUtil::formCheckbox($data['member_isdn'],
648  'mapping['.$mapping_id.'][memberisdn]',
649  1));
650  $this->tpl->setVariable('ROW_INFO',ilUtil::prepareFormOutput($data['info']));
651  $this->tpl->setVariable('TXT_ROW_INFO_TYPE',$this->lng->txt('ldap_mapping_info_type'));
652  $this->tpl->setVariable('ROW_CHECK_INFO_TYPE',ilUtil::formCheckbox($data['info_type'],
653  'mapping['.$mapping_id.'][info_type]',
654  1));
655  $this->tpl->parseCurrentBlock();
656  }
657 
658  // assignment row
659  $this->tpl->setCurrentBlock('assignments');
660 
661  // Copy link
662  $this->ctrl->setParameter($this,'mapping_id',$mapping_id);
663  $this->tpl->setVariable('COPY_LINK',$this->ctrl->getLinkTarget($this,'roleMapping'));
664  $this->tpl->setVariable('TXT_COPY',$this->lng->txt('copy'));
665  $this->ctrl->clearParameters($this);
666 
667  // Details link
668  if(!in_array($mapping_id,$_SESSION['ldap_mapping_details']))
669  {
670  $this->ctrl->setParameter($this,'details_show',$mapping_id);
671  $this->tpl->setVariable('DETAILS_LINK',$this->ctrl->getLinkTarget($this,'roleMapping'));
672  $this->tpl->setVariable('TXT_DETAILS',$this->lng->txt('show_details'));
673  $this->ctrl->clearParameters($this);
674  }
675  else
676  {
677  $this->ctrl->setParameter($this,'details_hide',$mapping_id);
678  $this->tpl->setVariable('DETAILS_LINK',$this->ctrl->getLinkTarget($this,'roleMapping'));
679  $this->tpl->setVariable('TXT_DETAILS',$this->lng->txt('hide_details'));
680  $this->ctrl->clearParameters($this);
681  }
682  if(!count($_SESSION['ldap_mapping_details']))
683  {
684  $this->tpl->setVariable('WIDTH',"50%");
685  }
686  $this->tpl->setVariable('ROW_CHECK',ilUtil::formCheckbox(0,
687  'mappings[]',$mapping_id));
688  $this->tpl->setVariable('TXT_TITLE_TITLE',$this->lng->txt('title'));
689  $this->tpl->setVariable('TXT_TITLE_ROLE',$this->lng->txt('obj_role'));
690  $this->tpl->setVariable('TXT_TITLE_GROUP',$this->lng->txt('obj_grp'));
691  $this->tpl->setVariable('TITLE_GROUP',$this->role_mapping->getMappingInfoString($mapping_id));
692  $this->tpl->setVariable('TITLE_TITLE',ilUtil::shortenText($data['obj_title'],30,true));
693  $this->tpl->setVariable('TITLE_ROLE',$data['role_name']);
694 
695  $this->tpl->parseCurrentBlock();
696  }
697 
698 
699  $this->tpl->setVariable('TXT_SAVE',$this->lng->txt('save'));
700  $this->tpl->setVariable('TXT_REQUIRED_FLD',$this->lng->txt('required_field'));
701  }
702 
703 
704  public function deleteRoleMapping()
705  {
706  if(!count($_POST['mappings']))
707  {
708  ilUtil::sendFailure($this->lng->txt('select_one'));
709  $this->roleMapping();
710  return false;
711  }
712 
713  $this->initRoleMapping();
714 
715  foreach($_POST['mappings'] as $mapping_id)
716  {
717  $this->role_mapping->delete($mapping_id);
718  }
719  ilUtil::sendSuccess($this->lng->txt('ldap_deleted_role_mapping'));
720  $this->roleMapping();
721  return true;
722  }
723 
724  public function reset()
725  {
726  unset($_POST['mapping_template']);
727  $this->userMapping();
728  }
729 
730  public function saveRoleMapping()
731  {
732  global $ilErr;
733 
734  $this->server->setRoleBindDN(ilUtil::stripSlashes($_POST['role_bind_user']));
735  $this->server->setRoleBindPassword(ilUtil::stripSlashes($_POST['role_bind_pass']));
736  $this->server->enableRoleSynchronization((int) $_POST['role_sync_active']);
737 
738  // Update or create
739  if($this->server->getServerId())
740  {
741  $this->server->update();
742  }
743  else
744  {
745  $_GET['ldap_server_id'] = $this->server->create();
746  }
747 
748  $this->initRoleMapping();
749  $this->role_mapping->loadFromPost($_POST['mapping']);
750  if(!$this->role_mapping->validate())
751  {
752  ilUtil::sendFailure($ilErr->getMessage());
753  $this->roleMapping();
754  return false;
755  }
756  $this->role_mapping->save();
757 
758  ilUtil::sendSuccess($this->lng->txt('settings_saved'));
759  $this->roleMapping();
760  return true;
761  }
762 
763  public function userMapping($a_show_defaults = false)
764  {
765  $this->initAttributeMapping();
766 
767  $this->setSubTabs();
768  $this->tabs_gui->setSubTabActive('ldap_user_mapping');
769 
770  $this->tpl->addBlockFile('ADM_CONTENT','adm_content','tpl.ldap_user_mapping.html','Services/LDAP');
771  $this->tpl->setVariable("FORMACTION",$this->ctrl->getFormAction($this));
772 
773  $this->tpl->setVariable('TXT_LDAP_MAPPING',$this->lng->txt('ldap_mapping_table'));
774  $this->tpl->setVariable('SELECT_MAPPING',$this->prepareMappingSelect());
775 
776  if($_POST['mapping_template'])
777  {
778  $this->tpl->setCurrentBlock('reset');
779  $this->tpl->setVariable('TXT_RESET',$this->lng->txt('reset'));
780  $this->tpl->parseCurrentBlock();
781  }
782 
783  foreach($this->getMappingFields() as $mapping => $translation)
784  {
785  $this->tpl->setCurrentBlock('attribute_row');
786  $this->tpl->setVariable('TXT_NAME',$translation);
787  $this->tpl->setVariable('FIELD_NAME',$mapping.'_value');
788  $this->tpl->setVariable('FIELD_VALUE',$this->mapping->getValue($mapping));
789  $this->tpl->setVariable('CHECK_FIELD',ilUtil::formCheckbox($this->mapping->enabledUpdate($mapping),$mapping.'_update',1));
790  $this->tpl->setVariable('UPDATE_INFO',$this->lng->txt('ldap_update_field_info'));
791  $this->tpl->parseCurrentBlock();
792  }
793 
794  // Show user defined fields
795  $this->initUserDefinedFields();
796  foreach($this->udf->getDefinitions() as $definition)
797  {
798  $this->tpl->setCurrentBlock('attribute_row');
799  $this->tpl->setVariable('TXT_NAME',$definition['field_name']);
800  $this->tpl->setVariable('FIELD_NAME','udf_'.$definition['field_id'].'_value');
801  $this->tpl->setVariable('FIELD_VALUE',$this->mapping->getValue('udf_'.$definition['field_id']));
802  $this->tpl->setVariable('CHECK_FIELD',ilUtil::formCheckbox($this->mapping->enabledUpdate('udf_'.$definition['field_id']),
803  'udf_'.$definition['field_id'].'_update',1));
804  $this->tpl->setVariable('UPDATE_INFO',$this->lng->txt('ldap_update_field_info'));
805  $this->tpl->parseCurrentBlock();
806 
807  }
808 
809  $this->tpl->setVariable('TXT_SAVE',$this->lng->txt('save'));
810  $this->tpl->setVariable('TXT_SHOW',$this->lng->txt('show'));
811  }
812 
813  public function chooseMapping()
814  {
815  if(!$_POST['mapping_template'])
816  {
817  $this->userMapping();
818  return;
819  }
820 
821  $this->initAttributeMapping();
822  $this->mapping->clearRules();
823 
824  include_once('Services/LDAP/classes/class.ilLDAPAttributeMappingUtils.php');
825  foreach(ilLDAPAttributeMappingUtils::_getMappingRulesByClass($_POST['mapping_template']) as $key => $value)
826  {
827  $this->mapping->setRule($key,$value,0);
828  }
829  $this->userMapping();
830  return true;
831  }
832 
833  public function saveMapping()
834  {
835  $this->initAttributeMapping();
836  foreach($this->getMappingFields() as $key => $mapping)
837  {
838  $this->mapping->setRule($key,ilUtil::stripSlashes($_POST[$key.'_value']),(int) $_POST[$key.'_update']);
839  }
840  $this->initUserDefinedFields();
841  foreach($this->udf->getDefinitions() as $definition)
842  {
843  $key = 'udf_'.$definition['field_id'];
844  $this->mapping->setRule($key,ilUtil::stripSlashes($_POST[$key.'_value']),(int) $_POST[$key.'_update']);
845  }
846 
847  $this->mapping->save();
848  $this->userMapping();
849 
850  ilUtil::sendSuccess($this->lng->txt('settings_saved'));
851  unset($_POST['mapping_template']);
852  return;
853  }
854 
855  public function serverList()
856  {
857  global $ilAccess, $ilErr;
858 
859  if(!$ilAccess->checkAccess('read','',$this->ref_id) && $cmd != "serverList")
860  {
861  $ilErr->raiseError($this->lng->txt('msg_no_perm_write'),$ilErr->WARNING);
862  }
863 
864  if(!ilLDAPServer::checkLDAPLib() and $this->server->isActive())
865  {
866  ilUtil::sendFailure('Missing LDAP libraries. Please ensure that the PHP LDAP module is installed on your server.');
867  }
868 
869  $this->setSubTabs();
870  $this->tabs_gui->setSubTabActive('ldap_settings');
871 
872  $this->initForm();
873  $this->setServerFormValues();
874  return $this->tpl->setContent($this->form_gui->getHtml());
875  }
876 
877  public function setServerFormValues()
878  {
879  $this->form_gui->setValuesByArray(array(
880  'active' => $this->server->isActive(),
881  'ds' => !$this->server->isAuthenticationEnabled(),
882  'server_name' => $this->server->getName(),
883  'server_url' => $this->server->getUrlString(),
884  'version' => $this->server->getVersion(),
885  'base_dn' => $this->server->getBaseDN(),
886  'referrals' => $this->server->isActiveReferrer(),
887  'tls' => $this->server->isActiveTLS(),
888  'binding_type' => $this->server->getBindingType(),
889  'bind_dn' => $this->server->getBindUser(),
890  'bind_pass' => $this->server->getBindPassword(),
891  'bind_pass_retype' => $this->server->getBindPassword(),
892  'search_base' => $this->server->getSearchBase(),
893  'user_scope' => $this->server->getUserScope(),
894  'user_attribute' => $this->server->getUserAttribute(),
895  'filter' => $this->server->getFilter(),
896  'group_dn' => $this->server->getGroupDN(),
897  'group_scope' => $this->server->getGroupScope(),
898  'group_filter' => $this->server->getGroupFilter(),
899  'group_member' => $this->server->getGroupMember(),
900  'memberisdn' => $this->server->enabledGroupMemberIsDN(),
901  'group' => $this->server->getGroupName(),
902  'group_attribute' => $this->server->getGroupAttribute(),
903  'group_optional' => $this->server->isMembershipOptional(),
904  'group_user_filter' => $this->server->getGroupUserFilter(),
905  'sync_on_login' => $this->server->enabledSyncOnLogin(),
906  'sync_per_cron' => $this->server->enabledSyncPerCron(),
907  'global_role' => ilLDAPAttributeMapping::_lookupGlobalRole($this->server->getServerId()),
908  'migration' => (int)$this->server->isAccountMigrationEnabled(),
909  ));
910  }
911 
912  private function initForm()
913  {
914  include_once 'Services/Form/classes/class.ilPropertyFormGUI.php';
915 
916  $this->form_gui = new ilPropertyFormGUI();
917  $this->form_gui->setFormAction($this->ctrl->getFormAction($this, 'save'));
918  $this->form_gui->setTitle($this->lng->txt('ldap_configure'));
919 
920  $active = new ilCheckboxInputGUI($this->lng->txt('auth_ldap_enable'), 'active');
921  $active->setValue(1);
922  $this->form_gui->addItem($active);
923 
924  $ds = new ilCheckboxInputGUI($this->lng->txt('ldap_as_ds'), 'ds');
925  $ds->setValue(1);
926  $ds->setInfo($this->lng->txt('ldap_as_ds_info'));
927  $this->form_gui->addItem($ds);
928 
929  $servername = new ilTextInputGUI($this->lng->txt('ldap_server_name'), 'server_name');
930  $servername->setRequired(true);
931  $servername->setInfo($this->lng->txt('ldap_server_name_info'));
932  $servername->setSize(32);
933  $servername->setMaxLength(32);
934  $this->form_gui->addItem($servername);
935 
936  $serverurl = new ilTextInputGUI($this->lng->txt('ldap_server'), 'server_url');
937  $serverurl->setRequired(true);
938  $serverurl->setInfo($this->lng->txt('ldap_server_url_info'));
939  $serverurl->setSize(64);
940  $serverurl->setMaxLength(255);
941  $this->form_gui->addItem($serverurl);
942 
943  $version = new ilSelectInputGUI($this->lng->txt('ldap_version'), 'version');
944  $version->setOptions(array(2 => 2, 3 => 3));
945  $version->setInfo($this->lng->txt('ldap_server_version_info'));
946  $this->form_gui->addItem($version);
947 
948  $basedsn = new ilTextInputGUI($this->lng->txt('basedn'), 'base_dn');
949  $basedsn->setRequired(true);
950  $basedsn->setSize(64);
951  $basedsn->setMaxLength(255);
952  $this->form_gui->addItem($basedsn);
953 
954  $referrals = new ilCheckboxInputGUI($this->lng->txt('ldap_referrals'), 'referrals');
955  $referrals->setValue(1);
956  $referrals->setInfo($this->lng->txt('ldap_referrals_info'));
957  $this->form_gui->addItem($referrals);
958 
959  $section_security = new ilFormSectionHeaderGUI();
960  $section_security->setTitle($this->lng->txt('ldap_server_security_settings'));
961  $this->form_gui->addItem($section_security);
962 
963  $tls = new ilCheckboxInputGUI($this->lng->txt('ldap_tls'), 'tls');
964  $tls->setValue(1);
965  $this->form_gui->addItem($tls);
966 
967  $binding = new ilRadioGroupInputGUI($this->lng->txt('ldap_server_binding'), 'binding_type' );
968  $anonymous = new ilRadioOption($this->lng->txt('ldap_bind_anonymous'), IL_LDAP_BIND_ANONYMOUS);
969  $binding->addOption($anonymous);
970  $user = new ilRadioOption($this->lng->txt('ldap_bind_user'), IL_LDAP_BIND_USER);
971  $dn = new ilTextInputGUI($this->lng->txt('ldap_server_bind_dn'), 'bind_dn');
972  $dn->setSize(64);
973  $dn->setMaxLength(255);
974  $user->addSubItem($dn);
975  $pass = new ilPasswordInputGUI($this->lng->txt('ldap_server_bind_pass'), 'bind_pass');
976  $pass->setSkipSyntaxCheck(true);
977  $pass->setSize(12);
978  $pass->setMaxLength(36);
979  $user->addSubItem($pass);
980  $binding->addOption($user);
981  $this->form_gui->addItem($binding);
982 
983  $section_auth = new ilFormSectionHeaderGUI();
984  $section_auth->setTitle($this->lng->txt('ldap_authentication_settings'));
985  $this->form_gui->addItem($section_auth);
986 
987  $search_base = new ilTextInputGUI($this->lng->txt('ldap_user_dn'), 'search_base');
988  $search_base->setInfo($this->lng->txt('ldap_search_base_info'));
989  $search_base->setSize(64);
990  $search_base->setMaxLength(255);
991  $this->form_gui->addItem($search_base);
992 
993  $user_scope = new ilSelectInputGUI($this->lng->txt('ldap_user_scope'), 'user_scope');
994  $user_scope->setOptions(array(IL_LDAP_SCOPE_ONE => $this->lng->txt('ldap_scope_one'),
995  IL_LDAP_SCOPE_SUB => $this->lng->txt('ldap_scope_sub')));
996  $user_scope->setInfo($this->lng->txt('ldap_user_scope_info'));
997  $this->form_gui->addItem($user_scope);
998 
999  $user_attribute = new ilTextInputGUI($this->lng->txt('ldap_user_attribute'), 'user_attribute');
1000  $user_attribute->setSize(16);
1001  $user_attribute->setMaxLength(64);
1002  $user_attribute->setRequired(true);
1003  $this->form_gui->addItem($user_attribute);
1004 
1005  $filter = new ilTextInputGUI($this->lng->txt('ldap_search_filter'), 'filter');
1006  $filter->setInfo($this->lng->txt('ldap_filter_info'));
1007  $filter->setSize(64);
1008  $filter->setMaxLength(512);
1009  $this->form_gui->addItem($filter);
1010 
1011  $section_restrictions = new ilFormSectionHeaderGUI();
1012  $section_restrictions->setTitle($this->lng->txt('ldap_group_restrictions'));
1013  $this->form_gui->addItem($section_restrictions);
1014 
1015  $group_dn = new ilTextInputGUI($this->lng->txt('ldap_group_search_base'), 'group_dn');
1016  $group_dn->setInfo($this->lng->txt('ldap_group_dn_info'));
1017  $group_dn->setSize(64);
1018  $group_dn->setMaxLength(255);
1019  $this->form_gui->addItem($group_dn);
1020 
1021  $group_scope = new ilSelectInputGUI($this->lng->txt('ldap_group_scope'), 'group_scope');
1022  $group_scope->setOptions(array(IL_LDAP_SCOPE_ONE => $this->lng->txt('ldap_scope_one'),
1023  IL_LDAP_SCOPE_SUB => $this->lng->txt('ldap_scope_sub')));
1024  $group_scope->setInfo($this->lng->txt('ldap_group_scope_info'));
1025  $this->form_gui->addItem($group_scope);
1026 
1027  $group_filter = new ilTextInputGUI($this->lng->txt('ldap_group_filter'), 'group_filter');
1028  $group_filter->setInfo($this->lng->txt('ldap_group_filter_info'));
1029  $group_filter->setSize(64);
1030  $group_filter->setMaxLength(255);
1031  $this->form_gui->addItem($group_filter);
1032 
1033  $group_member = new ilTextInputGUI($this->lng->txt('ldap_group_member'), 'group_member');
1034  $group_member->setInfo($this->lng->txt('ldap_group_member_info'));
1035  $group_member->setSize(32);
1036  $group_member->setMaxLength(255);
1037  $this->form_gui->addItem($group_member);
1038 
1039 
1040  $group_member_isdn = new ilCheckboxInputGUI($this->lng->txt('ldap_memberisdn'), 'memberisdn');
1041  #$group_member_isdn->setInfo($this->lng->txt('ldap_group_member_info'));
1042  $this->form_gui->addItem($group_member_isdn);
1043  #$group_member->addSubItem($group_member_isdn);
1044 
1045  $group = new ilTextInputGUI($this->lng->txt('ldap_group_name'), 'group');
1046  $group->setInfo($this->lng->txt('ldap_group_name_info'));
1047  $group->setSize(32);
1048  $group->setMaxLength(255);
1049  $this->form_gui->addItem($group);
1050 
1051  $group_atrr = new ilTextInputGUI($this->lng->txt('ldap_group_attribute'), 'group_attribute');
1052  $group_atrr->setInfo($this->lng->txt('ldap_group_attribute_info'));
1053  $group_atrr->setSize(16);
1054  $group_atrr->setMaxLength(64);
1055  $this->form_gui->addItem($group_atrr);
1056 
1057  $group_optional = new ilCheckboxInputGUI($this->lng->txt('ldap_group_membership'), 'group_optional');
1058  $group_optional->setOptionTitle($this->lng->txt('ldap_group_member_optional'));
1059  $group_optional->setInfo($this->lng->txt('ldap_group_optional_info'));
1060  $group_optional->setValue(1);
1061  $group_user_filter = new ilTextInputGUI($this->lng->txt('ldap_group_user_filter'), 'group_user_filter');
1062  $group_user_filter->setSize(64);
1063  $group_user_filter->setMaxLength(255);
1064  $group_optional->addSubItem($group_user_filter);
1065  $this->form_gui->addItem($group_optional);
1066 
1067  $section_sync = new ilFormSectionHeaderGUI();
1068  $section_sync->setTitle($this->lng->txt('ldap_user_sync'));
1069  $this->form_gui->addItem($section_sync);
1070 
1071  $ci_gui = new ilCustomInputGUI($this->lng->txt('ldap_moment_sync'));
1072  $sync_on_login = new ilCheckboxInputGUI($this->lng->txt('ldap_sync_login'), 'sync_on_login');
1073  $sync_on_login->setValue(1);
1074  $ci_gui->addSubItem($sync_on_login);
1075  $sync_per_cron = new ilCheckboxInputGUI($this->lng->txt('ldap_sync_cron'), 'sync_per_cron');
1076  $sync_per_cron->setValue(1);
1077  $ci_gui->addSubItem($sync_per_cron);
1078  $ci_gui->setInfo($this->lng->txt('ldap_user_sync_info'));
1079  $this->form_gui->addItem($ci_gui);
1080 
1081  $global_role = new ilSelectInputGUI($this->lng->txt('ldap_global_role_assignment'), 'global_role');
1082  $global_role->setOptions($this->prepareRoleSelect(false));
1083  $global_role->setInfo($this->lng->txt('ldap_global_role_info'));
1084  $this->form_gui->addItem($global_role);
1085 
1086  $migr = new ilCheckboxInputGUI($this->lng->txt('auth_ldap_migration'), 'migration');
1087  $migr->setInfo($this->lng->txt('auth_ldap_migration_info'));
1088  $migr->setValue(1);
1089  $this->form_gui->addItem($migr);
1090 
1091  $this->form_gui->addCommandButton('save', $this->lng->txt('save'));
1092  }
1093 
1094  /*
1095  * Update Settings
1096  */
1097  function save()
1098  {
1099  global $ilErr;
1100 
1101  $this->setSubTabs();
1102  $this->tabs_gui->setSubTabActive('ldap_settings');
1103 
1104  $this->initForm();
1105  if($this->form_gui->checkInput())
1106  {
1107  $this->server->toggleActive((int)$this->form_gui->getInput('active'));
1108  $this->server->enableAuthentication(!$this->form_gui->getInput('ds'));
1109  $this->server->setName($this->form_gui->getInput('server_name'));
1110  $this->server->setUrl($this->form_gui->getInput('server_url'));
1111  $this->server->setVersion($this->form_gui->getInput('version'));
1112  $this->server->setBaseDN($this->form_gui->getInput('base_dn'));
1113  $this->server->toggleReferrer($this->form_gui->getInput('referrals'));
1114  $this->server->toggleTLS($this->form_gui->getInput('tls'));
1115  $this->server->setBindingType((int)$this->form_gui->getInput('binding_type'));
1116  $this->server->setBindUser($this->form_gui->getInput('bind_dn'));
1117  $this->server->setBindPassword($this->form_gui->getInput('bind_pass'));
1118  $this->server->setSearchBase($this->form_gui->getInput('search_base'));
1119  $this->server->setUserScope($this->form_gui->getInput('user_scope'));
1120  $this->server->setUserAttribute($this->form_gui->getInput('user_attribute'));
1121  $this->server->setFilter($this->form_gui->getInput('filter'));
1122  $this->server->setGroupDN($this->form_gui->getInput('group_dn'));
1123  $this->server->setGroupScope((int)$this->form_gui->getInput('group_scope'));
1124  $this->server->setGroupFilter($this->form_gui->getInput('group_filter'));
1125  $this->server->setGroupMember($this->form_gui->getInput('group_member'));
1126  $this->server->enableGroupMemberIsDN((int)$this->form_gui->getInput('memberisdn'));
1127  $this->server->setGroupName($this->form_gui->getInput('group'));
1128  $this->server->setGroupAttribute($this->form_gui->getInput('group_attribute'));
1129  $this->server->setGroupUserFilter($this->form_gui->getInput('group_user_filter'));
1130  $this->server->toggleMembershipOptional((int)$this->form_gui->getInput('group_optional'));
1131  $this->server->enableSyncOnLogin((int)$this->form_gui->getInput('sync_on_login'));
1132  $this->server->enableSyncPerCron((int)$this->form_gui->getInput('sync_per_cron'));
1133  $this->server->setGlobalRole((int)$this->form_gui->getInput('global_role'));
1134  $this->server->enableAccountMigration((int)$this->form_gui->getInput('migration'));
1135 
1136  if(!$this->server->validate())
1137  {
1138  ilUtil::sendFailure($ilErr->getMessage());
1139  $this->form_gui->setValuesByPost();
1140  return $this->tpl->setContent($this->form_gui->getHtml());
1141  }
1142 
1143  // Update or create
1144  if($this->server->getServerId())
1145  {
1146  $this->server->update();
1147  }
1148  else
1149  {
1150  $_GET['ldap_server_id'] = $this->server->create();
1151  }
1152 
1153  // Now server_id exists => update LDAP attribute mapping
1154  $this->initAttributeMapping();
1155  $this->mapping->setRule('global_role', (int)$this->form_gui->getInput('global_role'), false);
1156  $this->mapping->save();
1157 
1158  ilUtil::sendSuccess($this->lng->txt('settings_saved'),true);
1159  $this->ctrl->redirect($this,'serverList');
1160  return true;
1161  #$this->form_gui->setValuesByPost();
1162  #return $this->tpl->setContent($this->form_gui->getHtml());
1163  }
1164 
1165  $this->form_gui->setValuesByPost();
1166  return $this->tpl->setContent($this->form_gui->getHtml());
1167  }
1168 
1169 
1170 
1176  private function setSubTabs()
1177  {
1178  $this->tabs_gui->addSubTabTarget("ldap_settings",
1179  $this->ctrl->getLinkTarget($this,'serverList'),
1180  "serverList",get_class($this));
1181 
1182  // Disable all other tabs, if server hasn't been configured.
1183  include_once('Services/LDAP/classes/class.ilLDAPServer.php');
1184  if(!count(ilLDAPServer::_getServerList()))
1185  {
1186  return true;
1187  }
1188 
1189  $this->tabs_gui->addSubTabTarget("ldap_user_mapping",
1190  $this->ctrl->getLinkTarget($this,'userMapping'),
1191  "userMapping",get_class($this));
1192 
1193  $this->tabs_gui->addSubTabTarget('ldap_role_assignments',
1194  $this->ctrl->getLinkTarget($this,'roleAssignments'),
1195  "roleAssignments",get_class($this));
1196 
1197  $this->tabs_gui->addSubTabTarget("ldap_role_mapping",
1198  $this->ctrl->getLinkTarget($this,'roleMapping'),
1199  "roleMapping",get_class($this));
1200 
1201  }
1202 
1203 
1204  private function initServer()
1205  {
1206  include_once './Services/LDAP/classes/class.ilLDAPServer.php';
1207  if(!$_GET['ldap_server_id'])
1208  {
1209  $_GET['ldap_server_id'] = ilLDAPServer::_getFirstServer();
1210  }
1211  $this->server = new ilLDAPServer((int) $_GET['ldap_server_id']);
1212  }
1213 
1214  private function initAttributeMapping()
1215  {
1216  include_once './Services/LDAP/classes/class.ilLDAPAttributeMapping.php';
1217  $this->mapping = ilLDAPAttributeMapping::_getInstanceByServerId((int) $_GET['ldap_server_id']);
1218  }
1219 
1220  private function initRoleMapping()
1221  {
1222  include_once './Services/LDAP/classes/class.ilLDAPRoleGroupMappingSettings.php';
1223  $this->role_mapping = ilLDAPRoleGroupMappingSettings::_getInstanceByServerId((int) $_GET['ldap_server_id']);
1224  }
1225 
1231  private function prepareGlobalRoleSelection($a_as_select = true)
1232  {
1233  global $rbacreview,$ilObjDataCache;
1234 
1235  $global_roles = ilUtil::_sortIds($rbacreview->getGlobalRoles(),
1236  'object_data',
1237  'title',
1238  'obj_id');
1239 
1240  $select[0] = $this->lng->txt('links_select_one');
1241  foreach($global_roles as $role_id)
1242  {
1243  $select[$role_id] = ilObject::_lookupTitle($role_id);
1244  }
1245  return $select;
1246  }
1247 
1248 
1255  private function prepareRoleSelect($a_as_select = true)
1256  {
1257  global $rbacreview,$ilObjDataCache;
1258 
1259  include_once('./Services/LDAP/classes/class.ilLDAPAttributeMapping.php');
1260 
1261  $global_roles = ilUtil::_sortIds($rbacreview->getGlobalRoles(),
1262  'object_data',
1263  'title',
1264  'obj_id');
1265 
1266  $select[0] = $this->lng->txt('links_select_one');
1267  foreach($global_roles as $role_id)
1268  {
1269  $select[$role_id] = ilObject::_lookupTitle($role_id);
1270  }
1271 
1272  if($a_as_select)
1273  {
1274  return ilUtil::formSelect(ilLDAPAttributeMapping::_lookupGlobalRole($this->server->getServerId()),
1275  'global_role',$select,false,true);
1276  }
1277  else
1278  {
1279  return $select;
1280  }
1281  }
1282 
1283 
1284  private function getMappingFields()
1285  {
1286  return array('gender' => $this->lng->txt('gender'),
1287  'firstname' => $this->lng->txt('firstname'),
1288  'lastname' => $this->lng->txt('lastname'),
1289  'title' => $this->lng->txt('person_title'),
1290  'institution' => $this->lng->txt('institution'),
1291  'department' => $this->lng->txt('department'),
1292  'street' => $this->lng->txt('street'),
1293  'city' => $this->lng->txt('city'),
1294  'zipcode' => $this->lng->txt('zipcode'),
1295  'country' => $this->lng->txt('country'),
1296  'phone_office' => $this->lng->txt('phone_office'),
1297  'phone_home' => $this->lng->txt('phone_home'),
1298  'phone_mobile' => $this->lng->txt('phone_mobile'),
1299  'fax' => $this->lng->txt('fax'),
1300  'email' => $this->lng->txt('email'),
1301  'hobby' => $this->lng->txt('hobby'),
1302  'matriculation' => $this->lng->txt('matriculation'));
1303  #'photo' => $this->lng->txt('photo'));
1304  }
1305 
1306  private function initUserDefinedFields()
1307  {
1308  include_once("./Services/User/classes/class.ilUserDefinedFields.php");
1309  $this->udf = ilUserDefinedFields::_getInstance();
1310  }
1311 
1312  private function prepareMappingSelect()
1313  {
1314  return ilUtil::formSelect($_POST['mapping_template'],'mapping_template',array(0 => $this->lng->txt('ldap_mapping_template'),
1315  "inetOrgPerson" => 'inetOrgPerson',
1316  "organizationalPerson" => 'organizationalPerson',
1317  "person" => 'person',
1318  "ad_2003" => 'Active Directory (Win 2003)'),false,true);
1319  }
1320 
1329  private function loadMappingCopy($a_mapping_data)
1330  {
1331  if(!isset($_GET['mapping_id']))
1332  {
1333  return $a_mapping_data;
1334  }
1335  $mapping_id = $_GET['mapping_id'];
1336  $a_mapping_data[0] = $a_mapping_data[$mapping_id];
1337 
1338  return $a_mapping_data;
1339  }
1340 
1347  private function loadMappingDetails()
1348  {
1349  if(!isset($_SESSION['ldap_mapping_details']))
1350  {
1351  $_SESSION['ldap_mapping_details'] = array();
1352  }
1353  if(isset($_GET['details_show']))
1354  {
1355  $_SESSION['ldap_mapping_details'][$_GET['details_show']] = $_GET['details_show'];
1356  }
1357  if(isset($_GET['details_hide']))
1358  {
1359  unset($_SESSION['ldap_mapping_details'][$_GET['details_hide']]);
1360  }
1361  }
1362 
1370  private function sortMappingData($a_mapping_data)
1371  {
1372  global $rbacreview,$ilObjDataCache;
1373 
1374  $new_mapping = array();
1375  $new_mapping = array();
1376  foreach($a_mapping_data as $mapping_id => $data)
1377  {
1378  $new_mapping[$mapping_id] = $data;
1379  $new_mapping[$mapping_id]['obj_id'] = $obj_id = $rbacreview->getObjectOfRole($data['role']);
1380  $new_mapping[$mapping_id]['obj_title'] = $ilObjDataCache->lookupTitle($obj_id);
1381  $new_mapping[$mapping_id]['mapping_id'] = $mapping_id;
1382  }
1383  return ilUtil::sortArray($new_mapping,'obj_title','DESC');
1384 
1385  }
1386 
1395  protected function initFormRoleAssignments($a_mode)
1396  {
1397  include_once('Services/Form/classes/class.ilPropertyFormGUI.php');
1398  include_once('Services/LDAP/classes/class.ilLDAPRoleAssignmentRule.php');
1399 
1400  $this->form = new ilPropertyFormGUI();
1401  $this->form->setFormAction($this->ctrl->getFormAction($this));
1402 
1403  switch($a_mode)
1404  {
1405  case 'edit':
1406  $this->form->setTitle($this->lng->txt('ldap_edit_role_ass_rule'));
1407  $this->form->addCommandButton('updateRoleAssignment',$this->lng->txt('save'));
1408  $this->form->addCommandButton('roleAssignments',$this->lng->txt('cancel'));
1409  break;
1410  case 'create':
1411  $this->form->setTitle($this->lng->txt('ldap_add_role_ass_rule'));
1412  $this->form->addCommandButton('addRoleAssignment',$this->lng->txt('ldap_btn_add_role_ass'));
1413  $this->form->addCommandButton('roleAssignments',$this->lng->txt('cancel'));
1414  break;
1415  }
1416 
1417  // Role Selection
1418  $role = new ilRadioGroupInputGUI($this->lng->txt('ldap_ilias_role'),'role_name');
1419  $role->setRequired(true);
1420 
1421  $global = new ilRadioOption($this->lng->txt('ldap_global_role'),0);
1422  $role->addOption($global);
1423 
1424  $role_select = new ilSelectInputGUI('','role_id');
1425  $role_select->setOptions($this->prepareGlobalRoleSelection());
1426  $global->addSubItem($role_select);
1427 
1428  $local = new ilRadioOption($this->lng->txt('ldap_local_role'),1);
1429  $role->addOption($local);
1430 
1431  include_once './Services/Form/classes/class.ilRoleAutoCompleteInputGUI.php';
1432  $role_search = new ilRoleAutoCompleteInputGUI('','role_search',$this,'addRoleAutoCompleteObject');
1433  $role_search->setSize(40);
1434  $local->addSubItem($role_search);
1435 
1436  $role->setInfo($this->lng->txt('ldap_role_name_info'));
1437  $this->form->addItem($role);
1438 
1439  // Update options
1440  $update = new ilNonEditableValueGUI($this->lng->txt('ldap_update_roles'),'update_roles');
1441  $update->setValue($this->lng->txt('ldap_check_role_assignment'));
1442 
1443  $add = new ilCheckboxInputGUI('','add_missing');
1444  $add->setOptionTitle($this->lng->txt('ldap_add_missing'));
1445  $update->addSubItem($add);
1446 
1447  $remove = new ilCheckboxInputGUI('','remove_deprecated');
1448  $remove->setOptionTitle($this->lng->txt('ldap_remove_deprecated'));
1449  $update->addSubItem($remove);
1450 
1451  $this->form->addItem($update);
1452 
1453 
1454 
1455  // Assignment Type
1456  $group = new ilRadioGroupInputGUI($this->lng->txt('ldap_assignment_type'),'type');
1457  #$group->setValue($current_rule->getType());
1458  $group->setRequired(true);
1459 
1460  // Option by group
1461  $radio_group = new ilRadioOption($this->lng->txt('ldap_role_by_group'),ilLDAPRoleAssignmentRule::TYPE_GROUP);
1462 
1463  $dn = new ilTextInputGUI($this->lng->txt('ldap_group_dn'),'dn');
1464  #$dn->setValue($current_rule->getDN());
1465  $dn->setSize(32);
1466  $dn->setMaxLength(512);
1467  $dn->setInfo($this->lng->txt('ldap_role_grp_dn_info'));
1468  $radio_group->addSubItem($dn);
1469  $at = new ilTextInputGUI($this->lng->txt('ldap_role_grp_at'),'at');
1470  #$at->setValue($current_rule->getMemberAttribute());
1471  $at->setSize(16);
1472  $at->setMaxLength(128);
1473  $radio_group->addSubItem($at);
1474  $isdn = new ilCheckboxInputGUI($this->lng->txt('ldap_role_grp_isdn'),'isdn');
1475  #$isdn->setChecked($current_rule->isMemberAttributeDN());
1476  $isdn->setInfo($this->lng->txt('ldap_group_member_info'));
1477  $radio_group->addSubItem($isdn);
1478  $radio_group->setInfo($this->lng->txt('ldap_role_grp_info'));
1479 
1480  $group->addOption($radio_group);
1481 
1482  // Option by Attribute
1483  $radio_attribute = new ilRadioOption($this->lng->txt('ldap_role_by_attribute'),ilLDAPRoleAssignmentRule::TYPE_ATTRIBUTE);
1484  $name = new ilTextInputGUI($this->lng->txt('ldap_role_at_name'),'name');
1485  #$name->setValue($current_rule->getAttributeName());
1486  $name->setSize(32);
1487  $name->setMaxLength(128);
1488  #$name->setInfo($this->lng->txt('ldap_role_at_name_info'));
1489  $radio_attribute->addSubItem($name);
1490 
1491  // Radio Attribute
1492  $val = new ilTextInputGUI($this->lng->txt('ldap_role_at_value'),'value');
1493  #$val->setValue($current_rule->getAttributeValue());
1494  $val->setSize(32);
1495  $val->setMaxLength(128);
1496  #$val->setInfo($this->lng->txt('ldap_role_at_value_info'));
1497  $radio_attribute->addSubItem($val);
1498  $radio_attribute->setInfo($this->lng->txt('ldap_role_at_info'));
1499 
1500  $group->addOption($radio_attribute);
1501 
1502  // Option by Plugin
1503  $pl_active = (bool) $this->hasActiveRoleAssignmentPlugins();
1504  $pl = new ilRadioOption($this->lng->txt('ldap_plugin'),3);
1505  $pl->setInfo($this->lng->txt('ldap_plugin_info'));
1506  $pl->setDisabled(!$pl_active);
1507 
1508  $id = new ilNumberInputGUI($this->lng->txt('ldap_plugin_id'),'plugin_id');
1509  $id->setDisabled(!$pl_active);
1510  $id->setSize(3);
1511  $id->setMaxLength(3);
1512  $id->setMaxValue(999);
1513  $id->setMinValue(1);
1514  $pl->addSubItem($id);
1515 
1516  $group->addOption($pl);
1517  $this->form->addItem($group);
1518  }
1519 
1524  private function hasActiveRoleAssignmentPlugins()
1525  {
1526  global $ilPluginAdmin;
1527 
1528  return count($ilPluginAdmin->getActivePluginsForSlot(IL_COMP_SERVICE,'LDAP','ldaphk')) ? true : false;
1529  }
1530 
1531 
1535  function addRoleAutoCompleteObject()
1536  {
1537  include_once("./Services/Form/classes/class.ilRoleAutoCompleteInputGUI.php");
1538  ilRoleAutoCompleteInputGUI::echoAutoCompleteList();
1539  }
1540 
1541 }
1542 ?>