24define(
'IL_LDAP_BIND_DEFAULT',0);
 
   25define(
'IL_LDAP_BIND_ADMIN',1);
 
   26define(
'IL_LDAP_BIND_TEST',2);
 
   28include_once(
'Services/LDAP/classes/class.ilLDAPAttributeMapping.php');
 
   29include_once(
'Services/LDAP/classes/class.ilLDAPResult.php');
 
   30include_once(
'Services/LDAP/classes/class.ilLDAPQueryException.php');
 
   61                $this->settings = $a_server;
 
   65                        $this->ldap_server_url = $a_url;
 
   69                        $this->ldap_server_url = $this->settings->
getUrl();
 
   88                $this->user_fields = array_merge(array($this->settings->getUserAttribute()),$this->mapping->getFields());
 
  112                if(strlen($this->settings->getGroupName()))
 
  114                        $this->log->write(__METHOD__.
': Searching for group members.');
 
  116                        $groups = $this->settings->getGroupNames();
 
  117                        if(count($groups) <= 1)
 
  123                                foreach($groups as $group)
 
  130                if(!strlen($this->settings->getGroupName()) or $this->settings->isMembershipOptional())
 
  132                        $this->log->write(__METHOD__.
': Start reading all users...');
 
  134                        #throw new ilLDAPQueryException('LDAP: Called import of users without specifying group restrictions. NOT IMPLEMENTED YET!'); 
  136                return $this->users ? $this->users : array();
 
  150        public function query($a_search_base,$a_filter,$a_scope,$a_attributes)
 
  152                $res = $this->
queryByScope($a_scope,$a_search_base,$a_filter,$a_attributes);
 
  156                                sprintf(
'DN: %s, Filter: %s, Scope: %s',
 
  170        public function modAdd($a_dn,$a_attribute)
 
  172                if(@ldap_mod_add($this->lh,$a_dn,$a_attribute))
 
  187                if(@ldap_mod_del($this->lh,$a_dn,$a_attribute))
 
  205                if(($dn = $this->settings->getSearchBase()) && substr($dn,-1) != 
',')
 
  209                $dn .=  $this->settings->getBaseDN();
 
  212                $filter = $this->settings->getFilter();
 
  213                $page_filter = array(
'a',
'b',
'c',
'd',
'e',
'f',
'g',
'h',
'i',
'j',
'k',
'l',
'm',
'n',
'o',
'p',
'q',
'r',
's',
't',
'u',
'v',
'w',
'x',
'y',
'z',
'-');
 
  214                $chars = array(
'a',
'b',
'c',
'd',
'e',
'f',
'g',
'h',
'i',
'j',
'k',
'l',
'm',
'n',
'o',
'p',
'q',
'r',
's',
't',
'u',
'v',
'w',
'x',
'y',
'z');
 
  216                foreach($page_filter as $letter)
 
  219                        $new_filter .= $filter;
 
  224                                        $new_filter .= (
'(!(|');
 
  225                                        foreach($chars as $char)
 
  227                                                $new_filter .= (
'('.$this->settings->getUserAttribute().
'='.$char.
'*)');
 
  229                                        $new_filter .= 
')))';
 
  233                                        $new_filter .= (
'('.$this->settings->getUserAttribute().
'='.$letter.
'*))');
 
  237                        $this->log->write(__METHOD__.
': Searching with ldap search and filter '.$new_filter.
' in '.$dn);
 
  241                                array($this->settings->getUserAttribute()));
 
  244                        if(!$tmp_result->numRows())
 
  246                                $this->log->write(__METHOD__.
': No users found. Aborting.');
 
  249                        $this->log->write(__METHOD__.
': Found '.$tmp_result->numRows().
' users.');
 
  250                        foreach($tmp_result->getRows() as 
$data)
 
  252                                if(isset(
$data[$this->settings->getUserAttribute()]))
 
  254                                        $this->
readUserData($data[$this->settings->getUserAttribute()],
false,
false);
 
  258                                        $this->log->write(__METHOD__.
': Unknown error. No user attribute found.');
 
  275                $group_name = strlen($a_name) ? $a_name : $this->settings->getGroupName();
 
  278                $filter = sprintf(
'(&(%s=%s)%s)',
 
  279                        $this->settings->getGroupAttribute(),
 
  281                        $this->settings->getGroupFilter());
 
  285                if(($gdn = $this->settings->getGroupDN()) && substr($gdn,-1) != 
',')
 
  289                $gdn .= $this->settings->getBaseDN();
 
  291                $this->log->write(
'LDAP: Using filter '.$filter);
 
  292                $this->log->write(
'LDAP: Using DN '.$gdn);
 
  296                        array($this->settings->getGroupMember()));
 
  299                $group_data = $tmp_result->getRows();
 
  302                if(!$tmp_result->numRows())
 
  304                        $this->log->write(__METHOD__.
': No group found.');
 
  308                $attribute_name = strtolower($this->settings->getGroupMember());
 
  311                foreach($group_data as 
$data)
 
  313                        $this->log->write(__METHOD__.
': found '.count(
$data[$attribute_name]).
' group members for group '.
$data[
'dn']);
 
  314                        if(is_array(
$data[$attribute_name]))
 
  316                                foreach(
$data[$attribute_name] as $name)
 
  336        private function readUserData($a_name,$a_check_dn = 
true,$a_try_group_user_filter = 
false)
 
  338                $filter = $this->settings->getFilter();
 
  339                if($a_try_group_user_filter)
 
  341                        if($this->settings->isMembershipOptional())
 
  343                                $filter = $this->settings->getGroupUserFilter();
 
  348                if($this->settings->enabledGroupMemberIsDN() and $a_check_dn)
 
  351                        #$res = $this->queryByScope(IL_LDAP_SCOPE_BASE,$dn,$filter,$this->user_fields); 
  353                        $fields = array_merge($this->user_fields,array(
'useraccountcontrol'));
 
  358                        $filter = sprintf(
'(&(%s=%s)%s)',
 
  359                                $this->settings->getUserAttribute(),
 
  364                        if(($dn = $this->settings->getSearchBase()) && substr($dn,-1) != 
',')
 
  368                        $dn .=  $this->settings->getBaseDN();
 
  369                        $fields = array_merge($this->user_fields,array(
'useraccountcontrol'));
 
  370                        $res = $this->
queryByScope($this->settings->getUserScope(),strtolower($dn),$filter,$fields);
 
  375                if(!$tmp_result->numRows())
 
  377                        $this->log->write(
'LDAP: No user data found for: '.$a_name);
 
  382                if($user_data = $tmp_result->get())
 
  384                        if(isset($user_data[
'useraccountcontrol']))
 
  386                                if(($user_data[
'useraccountcontrol'] & 0x02))
 
  388                                        $this->log->write(__METHOD__.
': '.$a_name.
' account disabled.');
 
  393                        $user_ext = $user_data[strtolower($this->settings->getUserAttribute())];
 
  399                        $this->users[$user_ext] = $user_data;
 
  410                if($this->settings->isAuthenticationEnabled() or !$this->settings->getAuthenticationMapping())
 
  426        private function queryByScope($a_scope,$a_base_dn,$a_filter,$a_attributes)
 
  428                $a_filter = $a_filter ? $a_filter : 
"(objectclass=*)";
 
  433                                $res = @ldap_search($this->lh,$a_base_dn,$a_filter,$a_attributes);
 
  437                                $res = @ldap_list($this->lh,$a_base_dn,$a_filter,$a_attributes);
 
  442                                $res = ldap_read($this->lh,$a_base_dn,$a_filter,$a_attributes);
 
  446                                $this->log->write(
"LDAP: LDAPQuery: Unknown search scope");
 
  462                $this->lh = @ldap_connect($this->ldap_server_url);
 
  467                        throw new ilLDAPQueryException(
"LDAP: Cannot connect to LDAP Server: ".$this->settings->getUrl());
 
  470                if(!ldap_set_option($this->lh,LDAP_OPT_PROTOCOL_VERSION,$this->settings->getVersion()))
 
  475                if($this->settings->isActiveReferrer())
 
  477                        if(!ldap_set_option($this->lh,LDAP_OPT_REFERRALS,
true))
 
  481                        #@ldap_set_rebind_proc($this->lh,'referralRebind'); 
  485                        ldap_set_option($this->lh,LDAP_OPT_REFERRALS,
false);
 
  486                        $this->log->write(__METHOD__.
': Switching referrals to false.');
 
  489                if($this->settings->isActiveTLS())
 
  491                        if(!ldap_start_tls($this->lh))
 
  508                switch($a_binding_type)
 
  517                                        strlen($this->settings->getBindUser())
 
  520                                        $user = $this->settings->getBindUser();
 
  521                                        $pass = $this->settings->getBindPassword();
 
  523                                        define(
'IL_LDAP_REBIND_USER',$user);
 
  524                                        define(
'IL_LDAP_REBIND_PASS',
$pass);
 
  525                                        $this->log->write(__METHOD__.
': Bind as '.$user);
 
  530                                        $this->log->write(__METHOD__.
': Bind anonymous');
 
  535                                $user = $this->settings->getRoleBindDN();
 
  536                                $pass = $this->settings->getRoleBindPassword();
 
  538                                if(!strlen($user) or !strlen(
$pass))
 
  540                                        $user = $this->settings->getBindUser();
 
  541                                        $pass = $this->settings->getBindPassword();
 
  544                                define(
'IL_LDAP_REBIND_USER',$user);
 
  545                                define(
'IL_LDAP_REBIND_PASS',
$pass);
 
  552                if(!@ldap_bind($this->lh,$user,
$pass))
 
  554                        throw new ilLDAPQueryException(
'LDAP: Cannot bind as '.$user.
' with message: '. ldap_err2str(ldap_errno($this->lh)).
' Trying fallback...', ldap_errno($this->lh));
 
  558                        $this->log->write(__METHOD__.
': Bind successful.');
 
  571                include_once(
'Services/LDAP/classes/class.ilLDAPRoleAssignmentRules.php');
 
  573                $this->user_fields = array_merge(
 
  574                        array($this->settings->getUserAttribute()),
 
  576                        $this->mapping->getFields(),
 
  593                        @ldap_unbind($this->lh);
 
  609                        @ldap_unbind($this->lh);
 
  618        $ilLog->write(
'LDAP: Called referralRebind.');
 
  620        ldap_set_option($a_ds, LDAP_OPT_PROTOCOL_VERSION, 3);
 
  622        if (!ldap_bind($a_ds,IL_LDAP_REBIND_USER,IL_LDAP_REBIND_PASS))
 
  624                $ilLog->write(
'LDAP: Rebind failed');
 
const IL_LDAP_BIND_DEFAULT
referralRebind($a_ds, $a_url)
static _getAuthModeName($a_auth_key)
static _getInstanceByServerId($a_server_id)
Get instance of class.
modAdd($a_dn, $a_attribute)
Add value to an existing attribute.
fetchUsers()
Fetch all users.
readUserData($a_name, $a_check_dn=true, $a_try_group_user_filter=false)
Read user data.
queryByScope($a_scope, $a_base_dn, $a_filter, $a_attributes)
Query by scope IL_SCOPE_SUB => ldap_search IL_SCOPE_ONE => ldap_list.
fetchGroupMembers($a_name='')
Fetch group member ids.
fetchUserProfileFields()
fetch required fields of user profile data
bind($a_binding_type=IL_LDAP_BIND_DEFAULT, $a_user_dn='', $a_password='')
Bind to LDAP server.
connect()
Connect to LDAP server.
parseAuthMode()
Parse authentication mode.
__destruct()
Destructor unbind from ldap server.
readAllUsers()
Fetch all users This function splits the query to filters like e.g (uid=a*) (uid=b*)....
__construct(ilLDAPServer $a_server, $a_url='')
Constructur.
fetchUser($a_name)
Get one user by login name.
query($a_search_base, $a_filter, $a_scope, $a_attributes)
Perform a query.
modDelete($a_dn, $a_attribute)
Delete value from an existing attribute.
static getAttributeNames()
get all possible attribute names
const DEFAULT_NETWORK_TIMEOUT
static _checkExternalAuthAccount($a_auth, $a_account)
check whether external account and authentication method matches with a user