ILIAS  release_10 Revision v10.1-43-ga1241a92c2f
class.ilLDAPQuery.php
Go to the documentation of this file.
1 <?php
2 
19 declare(strict_types=1);
20 
25 class ilLDAPQuery
26 {
27  public const LDAP_BIND_DEFAULT = 0;
28  public const LDAP_BIND_ADMIN = 1;
29  public const LDAP_BIND_TEST = 2;
30  public const LDAP_BIND_AUTH = 10;
31 
32  private const IL_LDAP_SUPPORTED_CONTROL = 'supportedControl';
33  private const PAGINATION_SIZE = 100;
34 
35  private string $ldap_server_url;
36  private ilLDAPServer $settings;
37 
38  private ilLogger $logger;
39 
40  private ilLDAPAttributeMapping $mapping;
41 
42  private array $user_fields = [];
43  private array $users = [];
44 
48  private $lh = false;
49 
53  public function __construct(ilLDAPServer $a_server, string $a_url = '')
54  {
55  global $DIC;
56  $this->logger = $DIC->logger()->auth();
57 
58  $this->settings = $a_server;
59 
60  if ($a_url !== '') {
61  $this->ldap_server_url = $a_url;
62  } else {
63  $this->ldap_server_url = $this->settings->getUrl();
64  }
65 
66  $this->mapping = ilLDAPAttributeMapping::_getInstanceByServerId($this->settings->getServerId());
67 
68  $this->fetchUserProfileFields();
69  $this->connect();
70  }
71 
75  public function getServer(): ilLDAPServer
76  {
77  return $this->settings;
78  }
79 
86  public function fetchUser(string $a_name): array
87  {
88  if (!$this->readUserData($a_name)) {
89  return [];
90  }
91 
92  return $this->users;
93  }
94 
95 
101  public function fetchUsers(): array
102  {
103  // First of all check if a group restriction is enabled
104  // YES: => fetch all group members
105  // No: => fetch all users
106  if ($this->settings->getGroupName() !== '') {
107  $this->logger->debug('Searching for group members.');
108 
109  $groups = $this->settings->getGroupNames();
110  if (count($groups) <= 1) {
111  $this->fetchGroupMembers();
112  } else {
113  foreach ($groups as $group) {
114  $this->fetchGroupMembers($group);
115  }
116  }
117  }
118  if ($this->settings->getGroupName() === '' || $this->settings->isMembershipOptional()) {
119  $this->logger->info('Start reading all users...');
120  $this->readAllUsers();
121  #throw new ilLDAPQueryException('LDAP: Called import of users without specifying group restrictions. NOT IMPLEMENTED YET!');
122  }
123  return $this->users;
124  }
125 
130  public function query(string $a_search_base, string $a_filter, int $a_scope, array $a_attributes): ilLDAPResult
131  {
132  $res = $this->queryByScope($a_scope, $a_search_base, $a_filter, $a_attributes);
133  if ($res === false) {
134  throw new ilLDAPQueryException(__METHOD__ . ' ' . ldap_error($this->lh) . ' ' .
135  sprintf(
136  'DN: %s, Filter: %s, Scope: %s',
137  $a_search_base,
138  $a_filter,
139  $a_scope
140  ));
141  }
142 
143  return (new ilLDAPResult($this->lh, $res))->run();
144  }
145 
151  public function modAdd(string $a_dn, array $a_attribute): bool
152  {
153  if (ldap_mod_add($this->lh, $a_dn, $a_attribute)) {
154  return true;
155  }
156 
157  throw new ilLDAPQueryException(__METHOD__ . ' ' . ldap_error($this->lh));
158  }
159 
165  public function modDelete(string $a_dn, array $a_attribute): bool
166  {
167  if (ldap_mod_del($this->lh, $a_dn, $a_attribute)) {
168  return true;
169  }
170  throw new ilLDAPQueryException(__METHOD__ . ' ' . ldap_error($this->lh));
171  }
172 
178  private function readAllUsers(): void
179  {
180  // Build search base
181  $this->logger->debug($this->settings->getSearchBase());
182  $this->logger->debug($this->settings->getBaseDN());
183  if (($dn = $this->settings->getSearchBase()) && substr($dn, -1) !== ',') {
184  $dn .= ',';
185  }
186  $dn .= $this->settings->getBaseDN();
187  if ($this->checkPaginationEnabled()) {
188  try {
189  $tmp_result = $this->runReadAllUsersPaged($dn);
190  } catch (ilLDAPPagingException $e) {
191  $this->logger->warning('Using LDAP with paging failed. Trying to use fallback.');
192  $tmp_result = $this->runReadAllUsersPartial($dn);
193  }
194  } else {
195  $tmp_result = $this->runReadAllUsersPartial($dn);
196  }
197 
198  if (!$tmp_result->numRows()) {
199  $this->logger->notice('No users found. Aborting.');
200  }
201  $this->logger->info('Found ' . $tmp_result->numRows() . ' users.');
202  $attribute = strtolower($this->settings->getUserAttribute());
203  foreach ($tmp_result->getRows() as $data) {
204  if (isset($data[$attribute]) && is_scalar($data[$attribute]) && (string) $data[$attribute] !== '') {
205  $this->readUserData((string) $data[$attribute]);
206  continue;
207  }
208 
209  $this->logger->warning(sprintf(
210  'Unknown error. No or invalid value found for attribute %s: %s',
211  $this->settings->getUserAttribute(),
212  var_export($data[$attribute] ?? null, true)
213  ));
214  }
215  unset($tmp_result);
216  }
217 
223  private function runReadAllUsersPaged(string $dn): ilLDAPResult
224  {
225  $filter = '(&' . $this->settings->getFilter();
226  $filter .= ('(' . $this->settings->getUserAttribute() . '=*))');
227  $this->logger->info('Searching with ldap search and filter ' . $filter . ' in ' . $dn);
228 
229  $tmp_result = new ilLDAPResult($this->lh);
230  $cookie = '';
231  $estimated_results = 0;
232  do {
233  // Setup our paged results control.
234  $controls = [
235  LDAP_CONTROL_PAGEDRESULTS => [
236  'oid' => LDAP_CONTROL_PAGEDRESULTS,
237  'isCritical' => true,
238  'value' => [
239  'size' => self::PAGINATION_SIZE,
240  'cookie' => $cookie,
241  ],
242  ],
243  ];
244  $res = $this->queryByScope(
245  $this->settings->getUserScope(),
246  $dn,
247  $filter,
248  array($this->settings->getUserAttribute()),
249  $controls
250  );
251 
252  $tmp_result->setResult($res);
253  $tmp_result->run();
254  try {
255  $errcode = 0;
256  $matcheddn = '';
257  $errmsg = '';
258  $referrals = [];
259  ldap_parse_result($this->lh, $res, $errcode, $matcheddn, $errmsg, $referrals, $controls);
260  $cookie = $controls[LDAP_CONTROL_PAGEDRESULTS]['value']['cookie'] ?? '';
261  $this->logger->debug('Estimated number of results: ' . $estimated_results);
262  } catch (Exception $e) {
263  $this->logger->warning('Result pagination failed with message: ' . $e->getMessage());
264  throw new ilLDAPPagingException($e->getMessage());
265  }
266  } while (!empty($cookie));
267 
268  // finally reset cookie
269  return $tmp_result;
270  }
271 
277  private function runReadAllUsersPartial(string $dn): ilLDAPResult
278  {
279  $filter = $this->settings->getFilter();
280  $page_filter = array('a', 'b', 'c', 'd', 'e', 'f', 'g', 'h', 'i', 'j', 'k', 'l', 'm', 'n', 'o', 'p', 'q', 'r', 's', 't', 'u', 'v', 'w', 'x', 'y', 'z', '-');
281  $chars = array('a', 'b', 'c', 'd', 'e', 'f', 'g', 'h', 'i', 'j', 'k', 'l', 'm', 'n', 'o', 'p', 'q', 'r', 's', 't', 'u', 'v', 'w', 'x', 'y', 'z');
282  $tmp_result = new ilLDAPResult($this->lh);
283 
284  foreach ($page_filter as $letter) {
285  $new_filter = '(&';
286  $new_filter .= $filter;
287 
288  if ($letter === '-') {
289  $new_filter .= ('(!(|');
290  foreach ($chars as $char) {
291  $new_filter .= ('(' . $this->settings->getUserAttribute() . '=' . $char . '*)');
292  }
293  $new_filter .= ')))';
294  } else {
295  $new_filter .= ('(' . $this->settings->getUserAttribute() . '=' . $letter . '*))');
296  }
297 
298  $this->logger->info('Searching with ldap search and filter ' . $new_filter . ' in ' . $dn);
299  $res = $this->queryByScope(
300  $this->settings->getUserScope(),
301  $dn,
302  $new_filter,
303  array($this->settings->getUserAttribute())
304  );
305  $tmp_result->setResult($res);
306  $tmp_result->run();
307  }
308 
309  return $tmp_result;
310  }
311 
318  public function checkGroupMembership(string $a_ldap_user_name, array $ldap_user_data): bool
319  {
320  $group_names = $this->getServer()->getGroupNames();
321 
322  if (!count($group_names)) {
323  $this->logger->debug('No LDAP group restrictions found');
324  return true;
325  }
326 
327  $group_dn = $this->getServer()->getGroupDN();
328  if (
329  $group_dn &&
330  (substr($group_dn, -1) !== ',')
331  ) {
332  $group_dn .= ',';
333  }
334  $group_dn .= $this->getServer()->getBaseDN();
335 
336  foreach ($group_names as $group) {
337  $user = $a_ldap_user_name;
338  if ($this->getServer()->enabledGroupMemberIsDN()) {
339  if ($this->getServer()->enabledEscapeDN()) {
340  $user = ldap_escape($ldap_user_data['dn'], "", LDAP_ESCAPE_FILTER);
341  } else {
342  $user = $ldap_user_data['dn'];
343  }
344  }
345 
346  $filter = sprintf(
347  '(&(%s=%s)(%s=%s)%s)',
348  $this->getServer()->getGroupAttribute(),
349  $group,
350  $this->getServer()->getGroupMember(),
351  $user,
352  $this->getServer()->getGroupFilter()
353  );
354  $this->logger->debug('Current group search base: ' . $group_dn);
355  $this->logger->debug('Current group filter: ' . $filter);
356 
357  $res = $this->queryByScope(
358  $this->getServer()->getGroupScope(),
359  $group_dn,
360  $filter,
361  [$this->getServer()->getGroupMember()]
362  );
363 
364  $this->logger->dump($res);
365 
366  $tmp_result = new ilLDAPResult($this->lh, $res);
367  $tmp_result->run();
368  $group_result = $tmp_result->getRows();
369 
370  $this->logger->debug('Group query returned: ');
371  $this->logger->dump($group_result, ilLogLevel::DEBUG);
372 
373  if (count($group_result)) {
374  return true;
375  }
376  }
377 
378  // group restrictions failed check optional membership
379  if ($this->getServer()->isMembershipOptional()) {
380  $this->logger->debug('Group restrictions failed, checking user filter.');
381  if ($this->readUserData($a_ldap_user_name, true, true)) {
382  $this->logger->debug('User filter matches.');
383  return true;
384  }
385  }
386  $this->logger->debug('Group restrictions failed.');
387  return false;
388  }
389 
390 
394  private function fetchGroupMembers(string $a_name = ''): void
395  {
396  $group_name = $a_name !== '' ? $a_name : $this->settings->getGroupName();
397 
398  // Build filter
399  $filter = sprintf(
400  '(&(%s=%s)%s)',
401  $this->settings->getGroupAttribute(),
402  $group_name,
403  $this->settings->getGroupFilter()
404  );
405 
406 
407  // Build search base
408  if (($gdn = $this->settings->getGroupDN()) && substr($gdn, -1) !== ',') {
409  $gdn .= ',';
410  }
411  $gdn .= $this->settings->getBaseDN();
412 
413  $this->logger->debug('Using filter ' . $filter);
414  $this->logger->debug('Using DN ' . $gdn);
415  $res = $this->queryByScope(
416  $this->settings->getGroupScope(),
417  $gdn,
418  $filter,
419  array($this->settings->getGroupMember())
420  );
421 
422  $tmp_result = new ilLDAPResult($this->lh, $res);
423  $tmp_result->run();
424  $group_data = $tmp_result->getRows();
425 
426 
427  if (!$tmp_result->numRows()) {
428  $this->logger->info('No group found.');
429  return;
430  }
431 
435  $readUserData = function (array $members): void {
436  if ($members === []) {
437  $this->logger->warning(sprintf(
438  'No valid member values found for group member attribute: %s',
439  $this->settings->getGroupMember()
440  ));
441  return;
442  }
443 
444  foreach ($members as $member) {
445  $this->readUserData($member, true, true);
446  }
447  };
448 
449  // All groups
450  $attribute_name = strtolower($this->settings->getGroupMember());
451  foreach ($group_data as $data) {
452  $members = [];
453  if (isset($data[$attribute_name])) {
454  if (is_array($data[$attribute_name])) {
455  $members = array_map('strval', array_filter($data[$attribute_name]));
456  $this->logger->debug('Found ' . count($members) . ' group members for group ' . $data['dn']);
457  } elseif (is_scalar($data[$attribute_name]) && (string) $data[$attribute_name] !== '') {
458  $members = [
459  (string) $data[$attribute_name]
460  ];
461  }
462  }
463 
464  $readUserData($members);
465  }
466  unset($tmp_result);
467  }
468 
474  private function readUserData(string $a_name, bool $a_check_dn = false, bool $a_try_group_user_filter = false): bool
475  {
476  $filter = $this->settings->getFilter();
477  if ($a_try_group_user_filter && $this->settings->isMembershipOptional()) {
478  $filter = $this->settings->getGroupUserFilter();
479  }
480 
481  // Build filter
482  if ($a_check_dn && $this->settings->enabledGroupMemberIsDN()) {
483  $dn = $a_name;
484 
485  $fields = array_merge($this->user_fields, array('useraccountcontrol'));
486  $res = $this->queryByScope(ilLDAPServer::LDAP_SCOPE_BASE, strtolower($dn), $filter, $fields);
487  } else {
488  $filter = sprintf(
489  '(&(%s=%s)%s)',
490  $this->settings->getUserAttribute(),
491  $a_name,
492  $filter
493  );
494 
495  // Build search base
496  if (($dn = $this->settings->getSearchBase()) && substr($dn, -1) !== ',') {
497  $dn .= ',';
498  }
499  $dn .= $this->settings->getBaseDN();
500  $fields = array_merge($this->user_fields, array('useraccountcontrol'));
501  $res = $this->queryByScope($this->settings->getUserScope(), strtolower($dn), $filter, $fields);
502  }
503 
504 
505  $tmp_result = new ilLDAPResult($this->lh, $res);
506  $tmp_result->run();
507  if (!$tmp_result->numRows()) {
508  $this->logger->info('LDAP: No user data found for: ' . $a_name);
509  unset($tmp_result);
510  return false;
511  }
512 
513  if ($user_data = $tmp_result->get()) {
514  if (isset($user_data['useraccountcontrol']) && ($user_data['useraccountcontrol'] & 0x02)) {
515  $this->logger->notice('LDAP: ' . $a_name . ' account disabled.');
516  return false;
517  }
518 
519  $account = $user_data[strtolower($this->settings->getUserAttribute())] ?? '';
520  if (is_array($account)) {
521  $account = array_shift($account) ?? '';
522  }
523 
524  $user_ext = strtolower((string) $account);
525  if ($user_ext === '') {
526  $this->logger->notice('LDAP: Could not find user attribute ' . $this->settings->getUserAttribute() . '.');
527  return false;
528  }
529 
530  // auth mode depends on ldap server settings
531  $auth_mode = $this->settings->getAuthenticationMappingKey();
532  $user_data['ilInternalAccount'] = ilObjUser::_checkExternalAuthAccount($auth_mode, $user_ext);
533  $this->users[$user_ext] = $user_data;
534  }
535  return true;
536  }
537 
545  private function queryByScope(
546  int $a_scope,
547  string $a_base_dn,
548  string $a_filter,
549  array $a_attributes,
550  array $controls = null
551  ) {
552  $a_filter = $a_filter ?: "(objectclass=*)";
553 
554  set_error_handler(static function (int $severity, string $message, string $file, int $line): void {
555  throw new ErrorException($message, $severity, $severity, $file, $line);
556  });
557 
558  $result = null; // We should ensure the similar behaviour of using the @ operator in PHP < 8.x
559 
560  try {
561  switch ($a_scope) {
562  case ilLDAPServer::LDAP_SCOPE_SUB:
563  $result = ldap_search(
564  $this->lh,
565  $a_base_dn,
566  $a_filter,
567  $a_attributes,
568  0,
569  0,
570  0,
571  LDAP_DEREF_NEVER,
572  $controls
573  );
574  break;
575 
576  case ilLDAPServer::LDAP_SCOPE_ONE:
577  $result = ldap_list(
578  $this->lh,
579  $a_base_dn,
580  $a_filter,
581  $a_attributes,
582  0,
583  0,
584  0,
585  LDAP_DEREF_NEVER,
586  $controls
587  );
588  break;
589 
590  case ilLDAPServer::LDAP_SCOPE_BASE:
591  $result = ldap_read(
592  $this->lh,
593  $a_base_dn,
594  $a_filter,
595  $a_attributes,
596  0,
597  0,
598  0,
599  LDAP_DEREF_NEVER,
600  $controls
601  );
602  break;
603 
604  default:
605  throw new ilLDAPUndefinedScopeException(
606  "Undefined LDAP Search Scope: " . $a_scope
607  );
608  }
609  } catch (ErrorException $e) {
610  $this->logger->warning($e->getMessage());
611  $this->logger->warning($e->getTraceAsString());
612  } finally {
613  restore_error_handler();
614  }
615 
616  $error = ldap_errno($this->lh);
617  if ($error) {
618  $this->logger->warning("LDAP Error Code: " . $error . "(" . ldap_err2str($error) . ")");
619  $this->logger->warning('Base DN:' . $a_base_dn);
620  $this->logger->warning('Filter: ' . $a_filter);
621  }
622 
623  return $result;
624  }
625 
632  private function connect(): void
633  {
634  $this->lh = ldap_connect($this->ldap_server_url);
635 
636  // LDAP Connect
637  if (!$this->lh) {
638  throw new ilLDAPQueryException("LDAP: Cannot connect to LDAP Server: " . $this->settings->getUrl());
639  }
640  // LDAP Version
641  if (!ldap_set_option($this->lh, LDAP_OPT_PROTOCOL_VERSION, $this->settings->getVersion())) {
642  throw new ilLDAPQueryException("LDAP: Cannot set version to: " . $this->settings->getVersion());
643  }
644  // Switch on referrals
645  if ($this->settings->isActiveReferrer()) {
646  if (!ldap_set_option($this->lh, LDAP_OPT_REFERRALS, true)) {
647  throw new ilLDAPQueryException("LDAP: Cannot switch on LDAP referrals");
648  }
649  } else {
650  ldap_set_option($this->lh, LDAP_OPT_REFERRALS, false);
651  $this->logger->debug('Switching referrals to false.');
652  }
653  // Start TLS
654  if ($this->settings->isActiveTLS() && !ldap_start_tls($this->lh)) {
655  throw new ilLDAPQueryException("LDAP: Cannot start LDAP TLS");
656  }
657  }
658 
667  public function bind(int $a_binding_type = ilLDAPQuery::LDAP_BIND_DEFAULT, string $a_user_dn = '', string $a_password = ''): void
668  {
669  switch ($a_binding_type) {
671  case self::LDAP_BIND_TEST:
672  ldap_set_option($this->lh, LDAP_OPT_NETWORK_TIMEOUT, ilLDAPServer::DEFAULT_NETWORK_TIMEOUT);
673  // fall through
674  // no break
675  case self::LDAP_BIND_DEFAULT:
676  // Now bind anonymously or as user
677  if (
678  ilLDAPServer::LDAP_BIND_USER === $this->settings->getBindingType() &&
679  $this->settings->getBindUser() !== ''
680  ) {
681  $user = $this->settings->getBindUser();
682  $pass = $this->settings->getBindPassword();
683 
684  $this->logger->debug('Bind as ' . $user);
685  } else {
686  $user = $pass = '';
687  $this->logger->debug('Bind anonymous');
688  }
689  break;
690 
691  case self::LDAP_BIND_ADMIN:
692  $user = $this->settings->getRoleBindDN();
693  $pass = $this->settings->getRoleBindPassword();
694 
695  if ($user === '' || $pass === '') {
696  $user = $this->settings->getBindUser();
697  $pass = $this->settings->getBindPassword();
698  }
699  break;
700 
701  case self::LDAP_BIND_AUTH:
702  $this->logger->debug('Trying to bind as: ' . $a_user_dn);
703  $user = $a_user_dn;
704  $pass = $a_password;
705  break;
706 
707 
708  default:
709  throw new ilLDAPQueryException('LDAP: unknown binding type in: ' . __METHOD__);
710  }
711 
712  try {
713  set_error_handler(static function (int $severity, string $message, string $file, int $line): void {
714  throw new ErrorException($message, $severity, $severity, $file, $line);
715  });
716 
717  if (!ldap_bind($this->lh, $user, $pass)) {
718  throw new ilLDAPQueryException('LDAP: Cannot bind as ' . $user . ' with message: ' . ldap_err2str(ldap_errno($this->lh)) . ' Trying fallback...', ldap_errno($this->lh));
719  }
720  } catch (Throwable $e) {
721  throw new ilLDAPQueryException('LDAP: Cannot bind as ' . $user . ' with message: ' . $e->getMessage());
722  } finally {
723  restore_error_handler();
724  }
725 
726  $this->logger->debug('Bind successful.');
727  }
728 
732  private function fetchUserProfileFields(): void
733  {
734  $this->user_fields = array_merge(
735  array($this->settings->getUserAttribute()),
736  array('dn'),
737  $this->mapping->getFields(),
738  ilLDAPRoleAssignmentRules::getAttributeNames($this->getServer()->getServerId())
739  );
740  }
741 
745  public function __destruct()
746  {
747  if ($this->lh) {
748  ldap_unbind($this->lh);
749  }
750  }
751 
755  public function checkPaginationEnabled(): bool
756  {
757  if ($this->getServer()->getVersion() !== 3) {
758  $this->logger->info('Pagination control unavailable for ldap v' . $this->getServer()->getVersion());
759  return false;
760  }
761 
762  $result = ldap_read($this->lh, '', '(objectClass=*)', [self::IL_LDAP_SUPPORTED_CONTROL]);
763  if ($result === false) {
764  $this->logger->warning('Failed to query for pagination control');
765  return false;
766  }
767  $entries = (array) (ldap_get_entries($this->lh, $result)[0] ?? []);
768  if (
769  array_key_exists(strtolower(self::IL_LDAP_SUPPORTED_CONTROL), $entries) &&
770  is_array($entries[strtolower(self::IL_LDAP_SUPPORTED_CONTROL)]) &&
771  in_array(LDAP_CONTROL_PAGEDRESULTS, $entries[strtolower(self::IL_LDAP_SUPPORTED_CONTROL)], true)
772  ) {
773  $this->logger->info('Using paged control');
774  return true;
775  }
776  $this->logger->info('Paged control disabled');
777  return false;
778  }
779 }
$res
$res
Definition: ltiservices.php:69
ilLDAPQuery\fetchUsers
fetchUsers()
Fetch all users.
Definition: class.ilLDAPQuery.php:101
ilLDAPResult
Class ilLDAPPagedResult.
Definition: class.ilLDAPResult.php:26
ilLDAPQuery\query
query(string $a_search_base, string $a_filter, int $a_scope, array $a_attributes)
Perform a query.
Definition: class.ilLDAPQuery.php:130
array_map
ilLDAPQuery\runReadAllUsersPaged
runReadAllUsersPaged(string $dn)
read all users with ldap paging
Definition: class.ilLDAPQuery.php:223
ilLDAPQuery\$ldap_server_url
string $ldap_server_url
Definition: class.ilLDAPQuery.php:35
ilLDAPQuery\IL_LDAP_SUPPORTED_CONTROL
const IL_LDAP_SUPPORTED_CONTROL
Definition: class.ilLDAPQuery.php:32
ilLDAPQuery\modAdd
modAdd(string $a_dn, array $a_attribute)
Add value to an existing attribute.
Definition: class.ilLDAPQuery.php:151
ilObjUser\_checkExternalAuthAccount
static _checkExternalAuthAccount(string $a_auth, string $a_account, bool $tryFallback=true)
check whether external account and authentication method matches with a user
Definition: class.ilObjUser.php:2745
ilLDAPQuery\connect
connect()
Connect to LDAP server.
Definition: class.ilLDAPQuery.php:632
ilLDAPRoleAssignmentRules\getAttributeNames
static getAttributeNames($a_server_id)
get all possible attribute names
Definition: class.ilLDAPRoleAssignmentRules.php:69
ilLDAPQuery\$mapping
ilLDAPAttributeMapping $mapping
Definition: class.ilLDAPQuery.php:40
ilLDAPQuery\readAllUsers
readAllUsers()
Fetch all users This function splits the query to filters like e.g (uid=a*) (uid=b*)...
Definition: class.ilLDAPQuery.php:178
ilLDAPQuery\modDelete
modDelete(string $a_dn, array $a_attribute)
Delete value from an existing attribute.
Definition: class.ilLDAPQuery.php:165
ilLDAPServer\DEFAULT_NETWORK_TIMEOUT
const DEFAULT_NETWORK_TIMEOUT
Definition: class.ilLDAPServer.php:37
ilLDAPQuery\runReadAllUsersPartial
runReadAllUsersPartial(string $dn)
Read all users partial by alphabet.
Definition: class.ilLDAPQuery.php:277
ilLDAPQuery\fetchUserProfileFields
fetchUserProfileFields()
fetch required fields of user profile data
Definition: class.ilLDAPQuery.php:732
ilLDAPQuery\checkPaginationEnabled
checkPaginationEnabled()
Check if pagination is enabled (rfc: 2696)
Definition: class.ilLDAPQuery.php:755
ilLDAPQuery\getServer
getServer()
Get server.
Definition: class.ilLDAPQuery.php:75
ilLDAPQuery\readUserData
readUserData(string $a_name, bool $a_check_dn=false, bool $a_try_group_user_filter=false)
Read user data.
Definition: class.ilLDAPQuery.php:474
$DIC
global $DIC
Definition: shib_login.php:25
ilLDAPQuery\fetchGroupMembers
fetchGroupMembers(string $a_name='')
Fetch group member ids.
Definition: class.ilLDAPQuery.php:394
ilLDAPAttributeMapping
This class stores the settings that define the mapping between LDAP attribute and user profile fields...
Definition: class.ilLDAPAttributeMapping.php:26
ilLDAPQuery\__construct
__construct(ilLDAPServer $a_server, string $a_url='')
Definition: class.ilLDAPQuery.php:53
ilLDAPQuery\__destruct
__destruct()
Destructor unbind from ldap server.
Definition: class.ilLDAPQuery.php:745
ilLDAPQuery\checkGroupMembership
checkGroupMembership(string $a_ldap_user_name, array $ldap_user_data)
check group membership
Definition: class.ilLDAPQuery.php:318
ilLDAPQuery\queryByScope
queryByScope(int $a_scope, string $a_base_dn, string $a_filter, array $a_attributes, array $controls=null)
Query by scope IL_SCOPE_SUB => ldap_search IL_SCOPE_ONE => ldap_list.
Definition: class.ilLDAPQuery.php:545
ilLDAPQuery\bind
bind(int $a_binding_type=ilLDAPQuery::LDAP_BIND_DEFAULT, string $a_user_dn='', string $a_password='')
Bind to LDAP server.
Definition: class.ilLDAPQuery.php:667
ilLDAPQuery\$settings
ilLDAPServer $settings
Definition: class.ilLDAPQuery.php:36
ilLDAPAttributeMapping\_getInstanceByServerId
static _getInstanceByServerId(int $a_server_id)
Definition: class.ilLDAPAttributeMapping.php:45
ilLDAPQuery\fetchUser
fetchUser(string $a_name)
Get one user by login name.
Definition: class.ilLDAPQuery.php:86