4 require_once
'Auth/Container/MDB2.php';
24 parent::__construct();
32 self::$force_creation = $value;
42 function fetchData($a_username, $password, $isChallengeResponse =
false)
55 if(!$settings->get(
'apache_enable_auth'))
60 if(!$settings->get(
'apache_auth_indicator_name') || !$settings->get(
'apache_auth_indicator_value'))
71 if($a_username ==
'anonymous' && $password ==
'anonymous')
73 $query =
'SELECT * FROM usr_data WHERE login = %s';
74 $qres = $ilDB->queryF(
$query, array(
'text'), array($a_username));
75 $userRow = $ilDB->fetchAssoc($qres);
77 if(is_array($userRow) && $userRow[
'usr_id'])
81 $this->activeUser = $userRow[
'login'];
82 foreach($userRow as $key => $value)
84 if($key == $this->options[
'passwordcol'] || $key == $this->options[
'usernamecol'])
90 $this->_auth_obj->setAuthData($key, $value);
93 $this->_auth_obj->setAuth($userRow[
'login']);
103 $_SERVER[$settings->get(
'apache_auth_indicator_name')],
104 array_filter(array_map(
'trim', str_getcsv($settings->get(
'apache_auth_indicator_value'))))
110 $ilSetting->get(
'auth_mode')
114 include_once(
'./Services/Authentication/classes/class.ilAuthModeDetermination.php');
116 if(!$det->isManualSelection() && $det->getCountActiveAuthModes() > 1)
121 $list[] = $auth_mode;
126 include_once
'./Services/LDAP/classes/class.ilLDAPServer.php';
127 if($settings->get(
'apache_enable_ldap'))
133 foreach($list as $auth_mode)
141 if($settings->get(
'apache_enable_ldap'))
143 include_once
'Services/LDAP/classes/class.ilLDAPServer.php';
144 $this->server =
new ilLDAPServer($settings->get(
'apache_ldap_sid'));
147 $config = $this->server->toPearAuthArray();
151 $ldapUser =
$query->fetchUser($a_username);
153 if($ldapUser && $ldapUser[$a_username] && $ldapUser[$a_username][$config[
'userattr']] == $a_username)
156 $user_data = $ldapUser[$a_username];
157 if($this->server->enabledSyncOnLogin())
159 if(!$user_data[
'ilInternalAccount'] && $this->server->isAccountMigrationEnabled() && !self::$force_creation)
161 $this->_auth_obj->logout();
163 $_SESSION[
'tmp_auth_mode_type'] =
'apache';
164 $_SESSION[
'tmp_external_account'] = $a_username;
167 include_once(
'./Services/LDAP/classes/class.ilLDAPRoleAssignmentRules.php');
169 $this->server->getServerId(),
173 foreach($roles as
$info)
177 $_SESSION[
'tmp_roles'][] = $info[
'id'];
181 ilUtil::redirect(
'ilias.php?baseClass=ilStartUpGUI&cmdClass=ilstartupgui&cmd=showAccountMigration');
187 $this->ldap_attr_to_user->setUserData($ldapUser);
188 $this->ldap_attr_to_user->refresh();
197 if($user_data[
'ilInternalAccount'])
199 $this->_auth_obj->setAuth($user_data[
'ilInternalAccount']);
200 $this->_auth_obj->username = $user_data[
'ilInternalAccount'];
206 else if(
AUTH_APACHE != $auth_mode && $settings->get(
'apache_enable_local'))
209 if($ilSetting->get(
"auth_mode") && $ilSetting->get(
"auth_mode") ==
'ldap')
211 $condition =
" AND auth_mode != " . $ilDB->quote(
'default',
'text') .
" ";
213 $query =
"SELECT * FROM usr_data WHERE login = %s AND auth_mode != %s $condition";
214 $qres = $ilDB->queryF(
$query, array(
'text',
'text'), array($a_username,
'ldap'));
215 $userRow = $ilDB->fetchAssoc($qres);
217 if(is_array($userRow) && $userRow[
'usr_id'])
221 $this->activeUser = $userRow[
'login'];
222 foreach($userRow as $key => $value)
224 if($key == $this->options[
'passwordcol'] || $key == $this->options[
'usernamecol'])
230 $this->_auth_obj->setAuthData($key, $value);
232 $this->_auth_obj->setAuth($userRow[
'login']);
238 if($settings->get(
'apache_enable_local') && $settings->get(
'apache_local_autocreate'))
246 $user->setLogin($a_username);
247 $user->setExternalAccount($a_username);
248 $user->setProfileIncomplete(
true);
250 $user->setAuthMode(
'apache');
253 $user->setLastPasswordChangeTS(time());
254 $user->setTimeLimitUnlimited(1);
260 $rbacadmin->assignUser($settings->get(
'apache_default_role', 4), $user->getId(),
true);
284 include_once
'./Services/LDAP/classes/class.ilLDAPAttributeMapping.php';
289 include_once
'./Services/LDAP/classes/class.ilLDAPRoleAssignmentRule.php';
303 include_once(
'Services/LDAP/classes/class.ilLDAPAttributeToUser.php');
315 include_once
'./Services/LDAP/classes/class.ilLDAPServer.php';
317 $settings->get(
'apache_ldap_sid')
322 include_once
'./Services/LDAP/classes/class.ilLDAPUserSynchronisation.php';
325 $sync->setUserData(array());
326 $sync->forceCreation(self::$force_creation);
327 $sync->forceReadLdapData(
true);
330 $internal_account = $sync->sync();
348 ilUtil::redirect(
'ilias.php?baseClass=ilStartUpGUI&cmdClass=ilstartupgui&cmd=showAccountMigration');
351 $a_auth->setAuth($internal_account);
static getAssignmentsForCreation($a_server_id, $a_usr_name, $a_usr_data)
Description of ilLDAPSyncronisationException.
static hasRulesForUpdate()
Check if there any rule for updates.
if((!isset($_SERVER['DOCUMENT_ROOT'])) OR(empty($_SERVER['DOCUMENT_ROOT']))) $_SERVER['DOCUMENT_ROOT']
static hasRulesForUpdate($a_server_id)
Check if there is ldap attribute -> user data mapping which which is updated on login.
Synchronization of user accounts used in auth container ldap, radius , cas,...
const AUTH_RADIUS_NO_ILIAS_USER
setExternalAccount($a_ext)
Set external account (unique for each auth mode)
Description of ilLDAPAccountMigrationRequiredException.
__construct()
Constructor.
static getInstanceByServerId($a_server_id)
Get instance by server id.
fetchData($username, $password, $isChallengeResponse=false)
Fetch data from storage container.
handleLDAPDataSource($a_auth, $ext_account, $settings)
Handle ldap as data source.
doConnectionCheck()
Check ldap connection and do a fallback to the next server if no connection is possible.
static _getInstance()
Get instance.
static _checkExternalAuthAccount($a_auth, $a_account)
check whether external account and authentication method matches with a user
Authentication against ILIAS database.
initLDAPAttributeToUser()
Init LDAP attribute mapping private.
static getLogger($a_component_id)
Get component logger.
const AUTH_WRONG_LOGIN
Returned if container is unable to authenticate user/password pair.
Update/create ILIAS user account by given LDAP attributes according to user attribute mapping setting...
static redirect($a_script)
http redirect to other script
updateRequired($a_username)
Check if an update is required.
static forceCreation($value)