ILIAS  release_10 Revision v10.1-43-ga1241a92c2f
class.ilLDAPServer.php
Go to the documentation of this file.
1 <?php
2 
19 declare(strict_types=1);
20 
24 class ilLDAPServer
25 {
26  private static array $instances = [];
27 
28  public const LDAP_BIND_ANONYMOUS = 0;
29  public const LDAP_BIND_USER = 1;
30 
31  public const LDAP_SCOPE_SUB = 0;
32  public const LDAP_SCOPE_ONE = 1;
33  public const LDAP_SCOPE_BASE = 2;
34 
35  private const DEBUG = false;
36  private const DEFAULT_VERSION = 3;
37  public const DEFAULT_NETWORK_TIMEOUT = 5;
38 
39  private string $role_bind_dn = '';
40  private string $role_bind_pass = '';
41  private bool $role_sync_active = false;
42 
43  private int $server_id;
44  private array $fallback_urls = array();
45  private string $url = '';
46  private string $url_string = '';
47 
48  private bool $enabled_authentication = true;
49  private int $authentication_mapping = 0;
50  private bool $escape_dn = false;
51 
52  private bool $active = false;
53 
54  private string $name = '';
55  private int $version = self::DEFAULT_VERSION;
56  private string $base_dn = '';
57  private bool $referrals = false;
58  private bool $tls = false;
59  private int $binding_type = self::LDAP_BIND_ANONYMOUS;
60  private string $bind_user = '';
61  private string $bind_password = '';
62  private string $search_base = '';
63  private string $user_attribute = '';
64  private int $user_scope = self::LDAP_SCOPE_ONE;
65  private string $group_filter = '';
66  private string $filter = '';
67  private string $group_dn = '';
68  private string $group_member = '';
69  private int $group_scope = self::LDAP_SCOPE_ONE;
70  private string $group_name = '';
71  private bool $memberisdn = false;
72  private string $group_attribute = '';
73  private bool $group_optional = true;
74  private string $group_user_filter = '';
75  private bool $sync_on_login = false;
76  private bool $sync_per_cron = false;
77  private bool $account_migration = false;
78  private string $username_filter = '';
79  private int $global_role = 0;
80 
81  private ilDBInterface $db;
82  private ilLanguage $lng;
83  private ilErrorHandling $ilErr;
84 
85  public function __construct(int $a_server_id = 0)
86  {
87  global $DIC;
88 
89  $this->db = $DIC->database();
90  $this->lng = $DIC->language();
91  $this->ilErr = $DIC['ilErr'];
92 
93  $this->server_id = $a_server_id;
94 
95  $this->read();
96  }
97 
101  public static function getInstanceByServerId(int $a_server_id): ilLDAPServer
102  {
103  return self::$instances[$a_server_id] ?? (self::$instances[$a_server_id] = new ilLDAPServer($a_server_id));
104  }
105 
109  public function rotateFallbacks(): bool
110  {
111  if (!$this->fallback_urls) {
112  return false;
113  }
114 
115  $all_urls = array_merge($this->fallback_urls);
116  $all_urls[] = $this->getUrl();
117 
118  $query = 'UPDATE ldap_server_settings SET ' .
119  'url = ' . $this->db->quote(implode(',', $all_urls), 'text') . ' ' .
120  'WHERE server_id = ' . $this->db->quote($this->getServerId(), 'integer');
121  $this->db->manipulate($query);
122  return true;
123  }
124 
125 
129  public static function checkLDAPLib(): bool
130  {
131  return function_exists('ldap_bind');
132  }
133 
139  public static function _getActiveServerList(): array
140  {
141  global $DIC;
142 
143  $ilDB = $DIC['ilDB'];
144 
145  $query = "SELECT server_id FROM ldap_server_settings " .
146  "WHERE active = 1 AND authentication = 1 " .
147  "ORDER BY name ";
148  $res = $ilDB->query($query);
149 
150  $server_ids = [];
151 
152  while ($row = $ilDB->fetchObject($res)) {
153  $server_ids[] = (int) $row->server_id;
154  }
155  return $server_ids;
156  }
157 
163  public static function _getCronServerIds(): array
164  {
165  global $DIC;
166 
167  $ilDB = $DIC['ilDB'];
168 
169  $query = "SELECT server_id FROM ldap_server_settings " .
170  "WHERE active = 1 " .
171  "AND sync_per_cron = 1 " .
172  "ORDER BY name";
173 
174  $res = $ilDB->query($query);
175 
176  $server_ids = [];
177 
178  while ($row = $ilDB->fetchObject($res)) {
179  $server_ids[] = (int) $row->server_id;
180  }
181  return $server_ids;
182  }
183 
188  public static function _getRoleSyncServerIds(): array
189  {
190  global $DIC;
191 
192  $ilDB = $DIC['ilDB'];
193 
194  $query = "SELECT server_id FROM ldap_server_settings " .
195  "WHERE active = 1 " .
196  "AND role_sync_active = 1 ";
197 
198  $res = $ilDB->query($query);
199 
200  $server_ids = [];
201 
202  while ($row = $ilDB->fetchObject($res)) {
203  $server_ids[] = (int) $row->server_id;
204  }
205  return $server_ids;
206  }
207 
213  public static function _getFirstActiveServer(): int
214  {
215  $servers = self::_getActiveServerList();
216  if (count($servers)) {
217  return $servers[0];
218  }
219  return 0;
220  }
221 
227  public static function _getServerList(): array
228  {
229  global $DIC;
230 
231  $ilDB = $DIC['ilDB'];
232 
233  $query = "SELECT server_id FROM ldap_server_settings ORDER BY name";
234  $res = $ilDB->query($query);
235 
236  $server_ids = [];
237 
238  while ($row = $ilDB->fetchObject($res)) {
239  $server_ids[] = $row->server_id;
240  }
241  return $server_ids;
242  }
243 
248  public static function getServerIds(): array
249  {
250  global $DIC;
251 
252  $ilDB = $DIC['ilDB'];
253 
254  $query = "SELECT server_id FROM ldap_server_settings ORDER BY name";
255 
256  $res = $ilDB->query($query);
257 
258  $server = [];
259  while ($row = $res->fetchRow(ilDBConstants::FETCHMODE_OBJECT)) {
260  $server[] = (int) $row->server_id;
261  }
262  return $server;
263  }
264 
270  public static function _getAllServer(): array
271  {
272  global $DIC;
273 
274  $ilDB = $DIC['ilDB'];
275 
276  $query = "SELECT * FROM ldap_server_settings ORDER BY name";
277 
278  $server = [];
279 
280  $res = $ilDB->query($query);
281  while ($row = $ilDB->fetchAssoc($res)) {
282  $server[] = $row;
283  }
284  return $server;
285  }
286 
287  public static function getAvailableDataSources(int $a_auth_mode): array
288  {
289  global $DIC;
290 
291  $ilDB = $DIC['ilDB'];
292 
293  $query = "SELECT server_id FROM ldap_server_settings " .
294  "WHERE active = " . $ilDB->quote(1, 'integer') . " " .
295  "AND authentication = " . $ilDB->quote(0, 'integer') . " " .
296  "AND ( authentication_type = " . $ilDB->quote($a_auth_mode, 'integer') . " " .
297  "OR authentication_type = " . $ilDB->quote(0, 'integer') . ")";
298  $res = $ilDB->query($query);
299 
300  $server_ids = array();
301  while ($row = $res->fetchRow(ilDBConstants::FETCHMODE_OBJECT)) {
302  $server_ids[] = $row->server_id;
303  }
304  return $server_ids;
305  }
306 
310  public static function isDataSourceActive(int $a_auth_mode): bool
311  {
312  global $DIC;
313 
314  $ilDB = $DIC['ilDB'];
315 
316  $query = "SELECT server_id FROM ldap_server_settings " .
317  "WHERE authentication_type = " . $ilDB->quote($a_auth_mode, 'integer') . " " .
318  "AND authentication = " . $ilDB->quote(0, 'integer');
319  $res = $ilDB->query($query);
320  if ($res->fetchRow(ilDBConstants::FETCHMODE_OBJECT)) {
321  return true;
322  }
323  return false;
324  }
325 
326  public static function getDataSource(int $a_auth_mode): int
327  {
328  global $DIC;
329 
330  $ilDB = $DIC['ilDB'];
331 
332  $query = "SELECT server_id FROM ldap_server_settings " .
333  "WHERE authentication_type = " . $ilDB->quote($a_auth_mode, 'integer') . " ";
334  $res = $ilDB->query($query);
335  if ($row = $res->fetchRow(ilDBConstants::FETCHMODE_OBJECT)) {
336  return $row->server_id;
337  }
338  return 0;
339  }
340 
344  public static function disableDataSourceForAuthMode(int $a_authmode): bool
345  {
346  global $DIC;
347 
348  $ilDB = $DIC['ilDB'];
349 
350  $query = 'UPDATE ldap_server_settings ' .
351  'SET authentication_type = ' . $ilDB->quote(0, 'integer') . ' ' .
352  'WHERE authentication_type = ' . $ilDB->quote($a_authmode, 'integer');
353  $ilDB->manipulate($query);
354  return true;
355  }
356 
357 
358 
363  public static function toggleDataSource(int $a_ldap_server_id, int $a_auth_mode, int $a_status): bool
364  {
365  global $DIC;
366 
367  $ilDB = $DIC['ilDB'];
368 
369  self::disableDataSourceForAuthMode($a_auth_mode);
370 
371  if ($a_status) {
372  $query = "UPDATE ldap_server_settings " .
373  'SET authentication_type = ' . $ilDB->quote($a_auth_mode, 'integer') . " " .
374  'WHERE server_id = ' . $ilDB->quote($a_ldap_server_id, 'integer');
375  $ilDB->manipulate($query);
376  }
377  return true;
378  }
379 
383  public static function isAuthModeLDAP(string $a_auth_mode): bool
384  {
385  global $DIC;
386 
387  $logger = $DIC->logger()->auth();
388 
389  if ($a_auth_mode === '') {
390  $logger->error(__METHOD__ . ': No auth mode given..............');
391  return false;
392  }
393 
394  $auth_arr = explode('_', $a_auth_mode);
395 
396  return ((int) $auth_arr[0] === ilAuthUtils::AUTH_LDAP) && (isset($auth_arr[1]) && $auth_arr[1]);
397  }
398 
402  public static function getServerIdByAuthMode(string $a_auth_mode): ?int
403  {
404  if (self::isAuthModeLDAP($a_auth_mode)) {
405  $auth_arr = explode('_', $a_auth_mode);
406  return (int) $auth_arr[1];
407  }
408 
409  return null;
410  }
411 
415  public static function getAuthModeByKey(string $a_auth_key): string
416  {
417  $auth_arr = explode('_', $a_auth_key);
418  if (count($auth_arr) > 1) {
419  return 'ldap_' . $auth_arr[1];
420  }
421  return 'ldap';
422  }
423 
428  public static function getKeyByAuthMode(string $a_auth_mode)
429  {
430  $auth_arr = explode('_', $a_auth_mode);
431  if (count($auth_arr) > 1) {
432  return ilAuthUtils::AUTH_LDAP . '_' . $auth_arr[1];
433  }
434  return ilAuthUtils::AUTH_LDAP;
435  }
436 
437  // Set/Get
438  public function getServerId(): int
439  {
440  return $this->server_id;
441  }
442 
446  public function enableAuthentication(bool $a_status): void
447  {
448  $this->enabled_authentication = $a_status;
449  }
450 
454  public function isAuthenticationEnabled(): bool
455  {
456  return $this->enabled_authentication;
457  }
458 
462  public function setAuthenticationMapping(int $a_map): void
463  {
464  $this->authentication_mapping = $a_map;
465  }
466 
470  public function getAuthenticationMapping(): int
471  {
472  return $this->authentication_mapping;
473  }
474 
479  public function getAuthenticationMappingKey(): string
480  {
481  if ($this->isAuthenticationEnabled() || !$this->getAuthenticationMapping()) {
482  return 'ldap_' . $this->getServerId();
483  }
484  return ilAuthUtils::_getAuthModeName($this->getAuthenticationMapping());
485  }
486 
487  public function toggleActive(bool $a_status): void
488  {
489  $this->active = $a_status;
490  }
491  public function isActive(): bool
492  {
493  return $this->active;
494  }
495  public function getUrl(): string
496  {
497  return $this->url;
498  }
499  public function setUrl(string $a_url): void
500  {
501  $this->url_string = $a_url;
502 
503  // Maybe there are more than one url's (comma seperated).
504  $urls = explode(',', $a_url);
505 
506  $counter = 0;
507  foreach ($urls as $url) {
508  $url = trim($url);
509  if (!$counter++) {
510  $this->url = $url;
511  } else {
512  $this->fallback_urls[] = $url;
513  }
514  }
515  }
516  public function getUrlString(): string
517  {
518  return $this->url_string;
519  }
520 
528  public function doConnectionCheck(): bool
529  {
530  foreach (array_merge(array(0 => $this->url), $this->fallback_urls) as $url) {
531  try {
532  ilLoggerFactory::getLogger('auth')->debug('Using url: ' . $url);
533  // Need to do a full bind, since openldap return valid connection links for invalid hosts
534  $query = new ilLDAPQuery($this, $url);
535  $query->bind(ilLDAPQuery::LDAP_BIND_TEST);
536  $this->url = $url;
537  return true;
538  } catch (ilLDAPQueryException $exc) {
539  $this->rotateFallbacks();
540  ilLoggerFactory::getLogger('auth')->error('Cannot connect to LDAP server: ' . $url . ' ' . $exc->getCode() . ' ' . $exc->getMessage());
541  }
542  }
543  ilLoggerFactory::getLogger('auth')->warning('No valid LDAP server found');
544  return false;
545  }
546 
547 
548  public function getName(): string
549  {
550  return $this->name;
551  }
552  public function setName(string $a_name): void
553  {
554  $this->name = $a_name;
555  }
556  public function getVersion(): int
557  {
558  return $this->version;
559  }
560  public function setVersion(int $a_version): void
561  {
562  $this->version = $a_version;
563  }
564  public function getBaseDN(): string
565  {
566  return $this->base_dn;
567  }
568  public function setBaseDN(string $a_base_dn): void
569  {
570  $this->base_dn = $a_base_dn;
571  }
572  public function isActiveReferrer(): bool
573  {
574  return $this->referrals;
575  }
576  public function toggleReferrer(bool $a_status): void
577  {
578  $this->referrals = $a_status;
579  }
580  public function isActiveTLS(): bool
581  {
582  return $this->tls;
583  }
584  public function toggleTLS(bool $a_status): void
585  {
586  $this->tls = $a_status;
587  }
588  public function getBindingType(): int
589  {
590  return $this->binding_type;
591  }
592  public function setBindingType(int $a_type): void
593  {
594  if ($a_type === self::LDAP_BIND_USER) {
595  $this->binding_type = self::LDAP_BIND_USER;
596  } else {
597  $this->binding_type = self::LDAP_BIND_ANONYMOUS;
598  }
599  }
600  public function getBindUser(): string
601  {
602  return $this->bind_user;
603  }
604  public function setBindUser(string $a_user): void
605  {
606  $this->bind_user = $a_user;
607  }
608  public function getBindPassword(): string
609  {
610  return $this->bind_password;
611  }
612  public function setBindPassword(string $a_password): void
613  {
614  $this->bind_password = $a_password;
615  }
616  public function getSearchBase(): string
617  {
618  return $this->search_base;
619  }
620  public function setSearchBase(string $a_search_base): void
621  {
622  $this->search_base = $a_search_base;
623  }
624  public function getUserAttribute(): string
625  {
626  return $this->user_attribute;
627  }
628  public function setUserAttribute(string $a_user_attr): void
629  {
630  $this->user_attribute = $a_user_attr;
631  }
632  public function getFilter(): string
633  {
634  return $this->prepareFilter($this->filter);
635  }
636  public function setFilter(string $a_filter): void
637  {
638  $this->filter = $a_filter;
639  }
640  public function getGroupDN(): string
641  {
642  return $this->group_dn;
643  }
644  public function setGroupDN(string $a_value): void
645  {
646  $this->group_dn = $a_value;
647  }
648  public function getGroupFilter(): string
649  {
650  return $this->prepareFilter($this->group_filter);
651  }
652  public function setGroupFilter(string $a_value): void
653  {
654  $this->group_filter = $a_value;
655  }
656  public function getGroupMember(): string
657  {
658  return $this->group_member;
659  }
660  public function setGroupMember(string $a_value): void
661  {
662  $this->group_member = $a_value;
663  }
664  public function getGroupName(): string
665  {
666  return $this->group_name;
667  }
668  public function setGroupName(string $a_value): void
669  {
670  $this->group_name = $a_value;
671  }
672 
677  public function getGroupNames(): array
678  {
679  $names = explode(',', $this->getGroupName());
680 
681  if (!is_array($names)) {
682  return [];
683  }
684 
685  return array_filter(array_map('trim', $names));
686  }
687 
688 
689  public function getGroupAttribute(): string
690  {
691  return $this->group_attribute;
692  }
693  public function setGroupAttribute(string $a_value): void
694  {
695  $this->group_attribute = $a_value;
696  }
697  public function toggleMembershipOptional(bool $a_status): void
698  {
699  $this->group_optional = $a_status;
700  }
701  public function isMembershipOptional(): bool
702  {
703  return $this->group_optional;
704  }
705  public function setGroupUserFilter(string $a_filter): void
706  {
707  $this->group_user_filter = $a_filter;
708  }
709  public function getGroupUserFilter(): string
710  {
711  return $this->group_user_filter;
712  }
713 
714  public function enabledGroupMemberIsDN(): bool
715  {
716  return $this->memberisdn;
717  }
718  public function enableGroupMemberIsDN(bool $a_value): void
719  {
720  $this->memberisdn = $a_value;
721  }
722  public function setGroupScope(int $a_value): void
723  {
724  $this->group_scope = $a_value;
725  }
726  public function getGroupScope(): int
727  {
728  return $this->group_scope;
729  }
730  public function setUserScope(int $a_value): void
731  {
732  $this->user_scope = $a_value;
733  }
734  public function getUserScope(): int
735  {
736  return $this->user_scope;
737  }
738  public function enabledSyncOnLogin(): bool
739  {
740  return $this->sync_on_login;
741  }
742  public function enableSyncOnLogin(bool $a_value): void
743  {
744  $this->sync_on_login = $a_value;
745  }
746  public function enabledSyncPerCron(): bool
747  {
748  return $this->sync_per_cron;
749  }
750  public function enableSyncPerCron(bool $a_value): void
751  {
752  $this->sync_per_cron = $a_value;
753  }
754  public function setGlobalRole(int $a_role): void
755  {
756  $this->global_role = $a_role;
757  }
758  public function getRoleBindDN(): string
759  {
760  return $this->role_bind_dn;
761  }
762  public function setRoleBindDN(string $a_value): void
763  {
764  $this->role_bind_dn = $a_value;
765  }
766  public function getRoleBindPassword(): string
767  {
768  return $this->role_bind_pass;
769  }
770  public function setRoleBindPassword(string $a_value): void
771  {
772  $this->role_bind_pass = $a_value;
773  }
774  public function enabledRoleSynchronization(): bool
775  {
776  return $this->role_sync_active;
777  }
778  public function enableRoleSynchronization(bool $a_value): void
779  {
780  $this->role_sync_active = $a_value;
781  }
782 
783  public function getUsernameFilter(): string
784  {
785  return $this->username_filter;
786  }
787  public function setUsernameFilter(string $a_value): void
788  {
789  $this->username_filter = $a_value;
790  }
791 
792  public function enableEscapeDN(bool $a_value): void
793  {
794  $this->escape_dn = $a_value;
795  }
796 
797  public function enabledEscapeDN(): bool
798  {
799  return $this->escape_dn;
800  }
801 
805  public function enableAccountMigration(bool $a_status): void
806  {
807  $this->account_migration = $a_status;
808  }
809 
813  public function isAccountMigrationEnabled(): bool
814  {
815  return $this->account_migration;
816  }
817 
818 
822  public function validate(): bool
823  {
824  $this->ilErr->setMessage('');
825  if ($this->getName() === '' ||
826  $this->getUrl() === '' ||
827  $this->getBaseDN() === '' ||
828  $this->getUserAttribute() === '') {
829  $this->ilErr->setMessage($this->lng->txt('fill_out_all_required_fields'));
830  }
831 
832  if ($this->getBindingType() === self::LDAP_BIND_USER
833  && ($this->getBindUser() === '' || $this->getBindPassword() === '')) {
834  $this->ilErr->appendMessage($this->lng->txt('ldap_missing_bind_user'));
835  }
836 
837  if (!$this->global_role && ($this->enabledSyncPerCron() || $this->enabledSyncOnLogin())) {
838  $this->ilErr->appendMessage($this->lng->txt('ldap_missing_role_assignment'));
839  }
840  if ($this->getVersion() === 2 && $this->isActiveTLS()) {
841  $this->ilErr->appendMessage($this->lng->txt('ldap_tls_conflict'));
842  }
843 
844  return $this->ilErr->getMessage() === '';
845  }
846 
847  public function create(): int
848  {
849  $next_id = $this->db->nextId('ldap_server_settings');
850 
851  $query = 'INSERT INTO ldap_server_settings (server_id,active,name,url,version,base_dn,referrals,tls,bind_type,bind_user,bind_pass,' .
852  'search_base,user_scope,user_attribute,filter,group_dn,group_scope,group_filter,group_member,group_memberisdn,group_name,' .
853  'group_attribute,group_optional,group_user_filter,sync_on_login,sync_per_cron,role_sync_active,role_bind_dn,role_bind_pass,migration, ' .
854  'authentication,authentication_type,username_filter, escape_dn) ' .
855  'VALUES (%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s)';
856  $this->db->queryF(
857  $query,
858  array(
859  'integer','integer','text','text','integer','text','integer','integer','integer','text','text','text','integer',
860  'text','text','text','integer','text','text','integer','text','text','integer','text','integer','integer','integer',
861  'text','text', 'integer','integer','integer',"text", 'integer'),
862  array(
863  $next_id,
864  $this->isActive(),
865  $this->getName(),
866  $this->getUrlString(),
867  $this->getVersion(),
868  $this->getBaseDN(),
869  $this->isActiveReferrer(),
870  $this->isActiveTLS(),
871  $this->getBindingType(),
872  $this->getBindUser(),
873  $this->getBindPassword(),
874  $this->getSearchBase(),
875  $this->getUserScope(),
876  $this->getUserAttribute(),
877  $this->getFilter(),
878  $this->getGroupDN(),
879  $this->getGroupScope(),
880  $this->getGroupFilter(),
881  $this->getGroupMember(),
882  $this->enabledGroupMemberIsDN(),
883  $this->getGroupName(),
884  $this->getGroupAttribute(),
885  $this->isMembershipOptional(),
886  $this->getGroupUserFilter(),
887  $this->enabledSyncOnLogin(),
888  $this->enabledSyncPerCron(),
889  $this->enabledRoleSynchronization(),
890  $this->getRoleBindDN(),
891  $this->getRoleBindPassword(),
892  $this->isAccountMigrationEnabled(),
893  $this->isAuthenticationEnabled(),
894  $this->getAuthenticationMapping(),
895  $this->getUsernameFilter(),
896  (int) $this->enabledEscapeDN()
897  )
898  );
899  // end Patch Name Filter
900  $this->server_id = $next_id;
901  return $next_id;
902  }
903 
904  public function update(): bool
905  {
906  $query = "UPDATE ldap_server_settings SET " .
907  "active = " . $this->db->quote($this->isActive(), 'integer') . ", " .
908  "name = " . $this->db->quote($this->getName(), 'text') . ", " .
909  "url = " . $this->db->quote($this->getUrlString(), 'text') . ", " .
910  "version = " . $this->db->quote($this->getVersion(), 'integer') . ", " .
911  "base_dn = " . $this->db->quote($this->getBaseDN(), 'text') . ", " .
912  "referrals = " . $this->db->quote($this->isActiveReferrer(), 'integer') . ", " .
913  "tls = " . $this->db->quote($this->isActiveTLS(), 'integer') . ", " .
914  "bind_type = " . $this->db->quote($this->getBindingType(), 'integer') . ", " .
915  "bind_user = " . $this->db->quote($this->getBindUser(), 'text') . ", " .
916  "bind_pass = " . $this->db->quote($this->getBindPassword(), 'text') . ", " .
917  "search_base = " . $this->db->quote($this->getSearchBase(), 'text') . ", " .
918  "user_scope = " . $this->db->quote($this->getUserScope(), 'integer') . ", " .
919  "user_attribute = " . $this->db->quote($this->getUserAttribute(), 'text') . ", " .
920  "filter = " . $this->db->quote($this->getFilter(), 'text') . ", " .
921  "group_dn = " . $this->db->quote($this->getGroupDN(), 'text') . ", " .
922  "group_scope = " . $this->db->quote($this->getGroupScope(), 'integer') . ", " .
923  "group_filter = " . $this->db->quote($this->getGroupFilter(), 'text') . ", " .
924  "group_member = " . $this->db->quote($this->getGroupMember(), 'text') . ", " .
925  "group_memberisdn =" . $this->db->quote((int) $this->enabledGroupMemberIsDN(), 'integer') . ", " .
926  "group_name = " . $this->db->quote($this->getGroupName(), 'text') . ", " .
927  "group_attribute = " . $this->db->quote($this->getGroupAttribute(), 'text') . ", " .
928  "group_optional = " . $this->db->quote((int) $this->isMembershipOptional(), 'integer') . ", " .
929  "group_user_filter = " . $this->db->quote($this->getGroupUserFilter(), 'text') . ", " .
930  "sync_on_login = " . $this->db->quote(($this->enabledSyncOnLogin() ? 1 : 0), 'integer') . ", " .
931  "sync_per_cron = " . $this->db->quote(($this->enabledSyncPerCron() ? 1 : 0), 'integer') . ", " .
932  "role_sync_active = " . $this->db->quote($this->enabledRoleSynchronization(), 'integer') . ", " .
933  "role_bind_dn = " . $this->db->quote($this->getRoleBindDN(), 'text') . ", " .
934  "role_bind_pass = " . $this->db->quote($this->getRoleBindPassword(), 'text') . ", " .
935  "migration = " . $this->db->quote((int) $this->isAccountMigrationEnabled(), 'integer') . ", " .
936  'authentication = ' . $this->db->quote((int) $this->isAuthenticationEnabled(), 'integer') . ', ' .
937  'authentication_type = ' . $this->db->quote($this->getAuthenticationMapping(), 'integer') . ' ' .
938  ", username_filter = " . $this->db->quote($this->getUsernameFilter(), "text") . " " .
939  ", escape_dn = " . $this->db->quote($this->enabledEscapeDN() ? 1 : 0, 'integer') . " " .
940  "WHERE server_id = " . $this->db->quote($this->getServerId(), 'integer');
941 
942  $this->db->manipulate($query);
943  return true;
944  }
945 
949  public function delete(): void
950  {
951  if (!$this->getServerId()) {
952  //TODO check if we need return false
953  return;
954  }
955 
956  ilLDAPAttributeMapping::_delete($this->getServerId());
957 
958  $rules = ilLDAPRoleAssignmentRule::_getRules($this->getServerId());
959 
960  foreach ($rules as $ruleAssigment) {
961  $ruleAssigment->delete();
962  }
963 
964  ilLDAPRoleGroupMappingSettings::_deleteByServerId($this->getServerId());
965 
966  $query = "DELETE FROM ldap_server_settings " .
967  "WHERE server_id = " . $this->db->quote($this->getServerId(), 'integer');
968  $this->db->manipulate($query);
969  }
970 
971  //TODO check if this is still needed
977  public function toPearAuthArray(): array
978  {
979  $options = array(
980  'url' => $this->getUrl(),
981  'version' => $this->getVersion(),
982  'referrals' => $this->isActiveReferrer());
983 
984  if ($this->getBindingType() === self::LDAP_BIND_USER) {
985  $options['binddn'] = $this->getBindUser();
986  $options['bindpw'] = $this->getBindPassword();
987  }
988  $options['basedn'] = $this->getBaseDN();
989  $options['start_tls'] = $this->isActiveTLS();
990  $options['userdn'] = $this->getSearchBase();
991  if ($this->getUserScope() === self::LDAP_SCOPE_ONE) {
992  $options['userscope'] = 'one';
993  } else {
994  $options['userscope'] = 'sub';
995  }
996 
997  $options['userattr'] = $this->getUserAttribute();
998  $options['userfilter'] = $this->getFilter();
999  $options['attributes'] = $this->getPearAtributeArray();
1000  $options['debug'] = self::DEBUG;
1001 
1002 
1003  $options['enableLogging'] = true;
1004 
1005  switch ($this->getGroupScope()) {
1006  case self::LDAP_SCOPE_BASE:
1007  $options['groupscope'] = 'base';
1008  break;
1009  case self::LDAP_SCOPE_ONE:
1010  $options['groupscope'] = 'one';
1011  break;
1012  default:
1013  $options['groupscope'] = 'sub';
1014  break;
1015  }
1016  $options['escape_dn'] = $this->enabledEscapeDN();
1017  $options['groupdn'] = $this->getGroupDN();
1018  $options['groupattr'] = $this->getGroupAttribute();
1019  $options['groupfilter'] = $this->getGroupFilter();
1020  $options['memberattr'] = $this->getGroupMember();
1021  $options['memberisdn'] = $this->enabledGroupMemberIsDN();
1022  $options['group'] = $this->getGroupName();
1023 
1024 
1025  return $options;
1026  }
1027 
1031  private function prepareFilter(string $a_filter): string
1032  {
1033  $filter = trim($a_filter);
1034 
1035  if ($filter === '') {
1036  return $filter;
1037  }
1038 
1039  if (strpos($filter, '(') !== 0) {
1040  $filter = ('(' . $filter);
1041  }
1042  if (substr($filter, -1) !== ')') {
1043  $filter .= ')';
1044  }
1045  return $filter;
1046  }
1047 
1051  private function getPearAtributeArray(): array
1052  {
1053  if ($this->enabledSyncOnLogin()) {
1054  $mapping = ilLDAPAttributeMapping::_getInstanceByServerId($this->getServerId());
1055  return array_merge(
1056  array($this->getUserAttribute()),
1057  $mapping->getFields(),
1058  array('dn'),
1059  ilLDAPRoleAssignmentRules::getAttributeNames($this->getServerId())
1060  );
1061  }
1062 
1063  return array($this->getUserAttribute());
1064  }
1065 
1070  private function read(): void
1071  {
1072  if (!$this->server_id) {
1073  return;
1074  }
1075  $query = "SELECT * FROM ldap_server_settings WHERE server_id = " . $this->db->quote($this->server_id, ilDBConstants::T_INTEGER);
1076 
1077  $res = $this->db->query($query);
1078  while ($row = $res->fetchRow(ilDBConstants::FETCHMODE_OBJECT)) {
1079  $this->toggleActive((bool) $row->active);
1080  $this->setName($row->name ?? '');
1081  $this->setUrl($row->url ?? '');
1082  $this->setVersion((int) $row->version);
1083  $this->setBaseDN($row->base_dn ?? '');
1084  $this->toggleReferrer((bool) $row->referrals);
1085  $this->toggleTLS((bool) $row->tls);
1086  $this->setBindingType((int) $row->bind_type);
1087  $this->setBindUser($row->bind_user ?? '');
1088  $this->setBindPassword($row->bind_pass ?? '');
1089  $this->setSearchBase($row->search_base ?? '');
1090  $this->setUserScope((int) $row->user_scope);
1091  $this->setUserAttribute($row->user_attribute ?? '');
1092  $this->setFilter($row->filter ?? '');
1093  $this->setGroupDN($row->group_dn ?? '');
1094  $this->setGroupScope((int) $row->group_scope);
1095  $this->setGroupFilter($row->group_filter ?? '');
1096  $this->setGroupMember($row->group_member ?? '');
1097  $this->setGroupAttribute($row->group_attribute ?? '');
1098  $this->toggleMembershipOptional((bool) $row->group_optional);
1099  $this->setGroupUserFilter($row->group_user_filter ?? '');
1100  $this->enableGroupMemberIsDN((bool) $row->group_memberisdn);
1101  $this->setGroupName($row->group_name ?? '');
1102  $this->enableSyncOnLogin((bool) $row->sync_on_login);
1103  $this->enableSyncPerCron((bool) $row->sync_per_cron);
1104  $this->enableRoleSynchronization((bool) $row->role_sync_active);
1105  $this->setRoleBindDN($row->role_bind_dn ?? '');
1106  $this->setRoleBindPassword($row->role_bind_pass ?? '');
1107  $this->enableAccountMigration((bool) $row->migration);
1108  $this->enableAuthentication((bool) $row->authentication);
1109  $this->setAuthenticationMapping((int) $row->authentication_type);
1110  $this->setUsernameFilter($row->username_filter ?? '');
1111  $this->enableEscapeDN((bool) $row->escape_dn);
1112  }
1113  }
1114 }
ilLDAPServer\checkLDAPLib
static checkLDAPLib()
Check if ldap module is installed.
Definition: class.ilLDAPServer.php:129
ilLDAPServer\_getFirstActiveServer
static _getFirstActiveServer()
Get first active server.
Definition: class.ilLDAPServer.php:213
ilLDAPServer\disableDataSourceForAuthMode
static disableDataSourceForAuthMode(int $a_authmode)
Disable data source.
Definition: class.ilLDAPServer.php:344
$res
$res
Definition: ltiservices.php:69
ilLDAPServer\toggleMembershipOptional
toggleMembershipOptional(bool $a_status)
Definition: class.ilLDAPServer.php:697
ilLDAPServer\read
read()
Read server settings.
Definition: class.ilLDAPServer.php:1070
ilLDAPServer\setBindingType
setBindingType(int $a_type)
Definition: class.ilLDAPServer.php:592
ilLDAPServer\getDataSource
static getDataSource(int $a_auth_mode)
Definition: class.ilLDAPServer.php:326
ilLDAPServer\getAvailableDataSources
static getAvailableDataSources(int $a_auth_mode)
Definition: class.ilLDAPServer.php:287
ilLDAPServer\setAuthenticationMapping
setAuthenticationMapping(int $a_map)
Set mapped authentication mapping.
Definition: class.ilLDAPServer.php:462
ilLoggerFactory\getLogger
static getLogger(string $a_component_id)
Get component logger.
Definition: class.ilLoggerFactory.php:90
ilLDAPServer\_getServerList
static _getServerList()
Get list of all configured servers.
Definition: class.ilLDAPServer.php:227
ilLDAPServer\enableAuthentication
enableAuthentication(bool $a_status)
Enable authentication for this ldap server.
Definition: class.ilLDAPServer.php:446
ilLDAPServer\getInstanceByServerId
static getInstanceByServerId(int $a_server_id)
Get instance by server id.
Definition: class.ilLDAPServer.php:101
ilLDAPServer\enableSyncPerCron
enableSyncPerCron(bool $a_value)
Definition: class.ilLDAPServer.php:750
array_map
ilLDAPServer\_getAllServer
static _getAllServer()
Get list of all configured servers.
Definition: class.ilLDAPServer.php:270
ilLDAPServer\validate
validate()
Validate user input.
Definition: class.ilLDAPServer.php:822
ilLDAPServer\setFilter
setFilter(string $a_filter)
Definition: class.ilLDAPServer.php:636
ilLDAPServer\_getActiveServerList
static _getActiveServerList()
Get active server list.
Definition: class.ilLDAPServer.php:139
ilLDAPServer\getPearAtributeArray
getPearAtributeArray()
Get attribute array for pear auth data.
Definition: class.ilLDAPServer.php:1051
ilLDAPServer\toggleDataSource
static toggleDataSource(int $a_ldap_server_id, int $a_auth_mode, int $a_status)
Toggle Data Source.
Definition: class.ilLDAPServer.php:363
ilAuthUtils\_getAuthModeName
static _getAuthModeName($a_auth_key)
Definition: class.ilAuthUtils.php:208
ilLDAPRoleAssignmentRules\getAttributeNames
static getAttributeNames($a_server_id)
get all possible attribute names
Definition: class.ilLDAPRoleAssignmentRules.php:69
ilLDAPServer\setGroupMember
setGroupMember(string $a_value)
Definition: class.ilLDAPServer.php:660
ilLDAPRoleAssignmentRule\_getRules
static _getRules($a_server_id)
Get all rules.
Definition: class.ilLDAPRoleAssignmentRule.php:196
ilLDAPServer\setGroupAttribute
setGroupAttribute(string $a_value)
Definition: class.ilLDAPServer.php:693
ilLDAPServer\setGroupName
setGroupName(string $a_value)
Definition: class.ilLDAPServer.php:668
ilLDAPServer\toggleReferrer
toggleReferrer(bool $a_status)
Definition: class.ilLDAPServer.php:576
ilLDAPServer\setUrl
setUrl(string $a_url)
Definition: class.ilLDAPServer.php:499
ilLDAPServer\$db
ilDBInterface $db
Definition: class.ilLDAPServer.php:81
ilLDAPServer\getServerIdByAuthMode
static getServerIdByAuthMode(string $a_auth_mode)
Get auth id by auth mode.
Definition: class.ilLDAPServer.php:402
ilLDAPServer\isDataSourceActive
static isDataSourceActive(int $a_auth_mode)
Check if a data source is active for a specific auth mode.
Definition: class.ilLDAPServer.php:310
ilLDAPServer\DEFAULT_NETWORK_TIMEOUT
const DEFAULT_NETWORK_TIMEOUT
Definition: class.ilLDAPServer.php:37
ilLDAPServer\getGroupNames
getGroupNames()
Get group names as array.
Definition: class.ilLDAPServer.php:677
ilLDAPServer\$ilErr
ilErrorHandling $ilErr
Definition: class.ilLDAPServer.php:83
ilLDAPServer\getKeyByAuthMode
static getKeyByAuthMode(string $a_auth_mode)
Get auth id by auth mode.
Definition: class.ilLDAPServer.php:428
ilLDAPServer\getServerIds
static getServerIds()
Get all server ids.
Definition: class.ilLDAPServer.php:248
ilLDAPServer\$instances
static array $instances
Definition: class.ilLDAPServer.php:26
ilLDAPServer\getAuthenticationMapping
getAuthenticationMapping()
Get authentication mode that is mapped.
Definition: class.ilLDAPServer.php:470
ilLDAPServer\doConnectionCheck
doConnectionCheck()
Check ldap connection and do a fallback to the next server if no connection is possible.
Definition: class.ilLDAPServer.php:528
ilLDAPServer\toggleActive
toggleActive(bool $a_status)
Definition: class.ilLDAPServer.php:487
ilLDAPServer\enableEscapeDN
enableEscapeDN(bool $a_value)
Definition: class.ilLDAPServer.php:792
$DIC
global $DIC
Definition: shib_login.php:25
ilLDAPServer\_getCronServerIds
static _getCronServerIds()
Get list of acticve servers with option &#39;SyncCron&#39;.
Definition: class.ilLDAPServer.php:163
ilLDAPServer\enableSyncOnLogin
enableSyncOnLogin(bool $a_value)
Definition: class.ilLDAPServer.php:742
ilLDAPServer\setGroupUserFilter
setGroupUserFilter(string $a_filter)
Definition: class.ilLDAPServer.php:705
ilLDAPServer\__construct
__construct(int $a_server_id=0)
Definition: class.ilLDAPServer.php:85
ilLDAPServer\toPearAuthArray
toPearAuthArray()
Creates an array of options compatible to PEAR Auth.
Definition: class.ilLDAPServer.php:977
ilLDAPServer\setUserAttribute
setUserAttribute(string $a_user_attr)
Definition: class.ilLDAPServer.php:628
ilLDAPServer\isAuthenticationEnabled
isAuthenticationEnabled()
Check if authentication is enabled.
Definition: class.ilLDAPServer.php:454
ilLDAPServer\setVersion
setVersion(int $a_version)
Definition: class.ilLDAPServer.php:560
ilLDAPServer\enableGroupMemberIsDN
enableGroupMemberIsDN(bool $a_value)
Definition: class.ilLDAPServer.php:718
ilLDAPServer\enableRoleSynchronization
enableRoleSynchronization(bool $a_value)
Definition: class.ilLDAPServer.php:778
ilLDAPServer\setBindPassword
setBindPassword(string $a_password)
Definition: class.ilLDAPServer.php:612
ilLDAPServer\toggleTLS
toggleTLS(bool $a_status)
Definition: class.ilLDAPServer.php:584
ilLDAPServer\setRoleBindDN
setRoleBindDN(string $a_value)
Definition: class.ilLDAPServer.php:762
ilLDAPServer\setName
setName(string $a_name)
Definition: class.ilLDAPServer.php:552
ilLDAPServer\setGroupFilter
setGroupFilter(string $a_value)
Definition: class.ilLDAPServer.php:652
ilLDAPServer\setGlobalRole
setGlobalRole(int $a_role)
Definition: class.ilLDAPServer.php:754
ilLDAPServer\setBindUser
setBindUser(string $a_user)
Definition: class.ilLDAPServer.php:604
ilLDAPServer\isAuthModeLDAP
static isAuthModeLDAP(string $a_auth_mode)
Check if user auth mode is LDAP.
Definition: class.ilLDAPServer.php:383
ilLDAPServer\setGroupDN
setGroupDN(string $a_value)
Definition: class.ilLDAPServer.php:644
ilLDAPServer\setGroupScope
setGroupScope(int $a_value)
Definition: class.ilLDAPServer.php:722
ilLDAPServer\rotateFallbacks
rotateFallbacks()
Rotate fallback urls in case of connect timeouts.
Definition: class.ilLDAPServer.php:109
ilLDAPServer\setUserScope
setUserScope(int $a_value)
Definition: class.ilLDAPServer.php:730
ilLDAPServer\setSearchBase
setSearchBase(string $a_search_base)
Definition: class.ilLDAPServer.php:620
ilLDAPServer\getAuthenticationMappingKey
getAuthenticationMappingKey()
Get authentication mapping key Default is ldap.
Definition: class.ilLDAPServer.php:479
ilLDAPServer\setUsernameFilter
setUsernameFilter(string $a_value)
Definition: class.ilLDAPServer.php:787
ilLDAPAttributeMapping\_delete
static _delete(int $a_server_id)
Definition: class.ilLDAPAttributeMapping.php:54
$server
$server
Definition: shib_login.php:27
ILIAS\Repository\filter
filter(string $filter_id, $class_path, string $cmd, bool $activated=true, bool $expanded=true)
Definition: trait.GlobalDICGUIServices.php:178
ilLDAPServer\setRoleBindPassword
setRoleBindPassword(string $a_value)
Definition: class.ilLDAPServer.php:770
ilLDAPAttributeMapping\_getInstanceByServerId
static _getInstanceByServerId(int $a_server_id)
Definition: class.ilLDAPAttributeMapping.php:45
ilLDAPServer\setBaseDN
setBaseDN(string $a_base_dn)
Definition: class.ilLDAPServer.php:568
ilLDAPServer\_getRoleSyncServerIds
static _getRoleSyncServerIds()
Check whether there if there is an active server with option role_sync_active.
Definition: class.ilLDAPServer.php:188
ilLDAPServer\getAuthModeByKey
static getAuthModeByKey(string $a_auth_key)
get auth mode by key
Definition: class.ilLDAPServer.php:415
ilLDAPServer\enableAccountMigration
enableAccountMigration(bool $a_status)
Enable account migration.
Definition: class.ilLDAPServer.php:805
ilLDAPServer\prepareFilter
prepareFilter(string $a_filter)
Create brackets for filters if they do not exist.
Definition: class.ilLDAPServer.php:1031
ilLDAPServer\isAccountMigrationEnabled
isAccountMigrationEnabled()
enabled account migration
Definition: class.ilLDAPServer.php:813