24 define(
'IL_LDAP_BIND_DEFAULT',0);
25 define(
'IL_LDAP_BIND_ADMIN',1);
26 define(
'IL_LDAP_BIND_TEST',2);
28 include_once(
'Services/LDAP/classes/class.ilLDAPAttributeMapping.php');
29 include_once(
'Services/LDAP/classes/class.ilLDAPResult.php');
30 include_once(
'Services/LDAP/classes/class.ilLDAPQueryException.php');
61 $this->settings = $a_server;
65 $this->ldap_server_url = $a_url;
69 $this->ldap_server_url = $this->settings->
getUrl();
98 $this->user_fields = array_merge(array($this->settings->getUserAttribute()),$this->mapping->getFields());
122 if(strlen($this->settings->getGroupName()))
124 $this->log->debug(
'Searching for group members.');
126 $groups = $this->settings->getGroupNames();
127 if(count($groups) <= 1)
133 foreach($groups as $group)
140 if(!strlen($this->settings->getGroupName()) or $this->settings->isMembershipOptional())
142 $this->log->info(
'Start reading all users...');
144 #throw new ilLDAPQueryException('LDAP: Called import of users without specifying group restrictions. NOT IMPLEMENTED YET!'); 146 return $this->users ? $this->users : array();
160 public function query($a_search_base,$a_filter,$a_scope,$a_attributes)
162 $res = $this->
queryByScope($a_scope,$a_search_base,$a_filter,$a_attributes);
166 sprintf(
'DN: %s, Filter: %s, Scope: %s',
180 public function modAdd($a_dn,$a_attribute)
182 if(@ldap_mod_add($this->lh,$a_dn,$a_attribute))
197 if(@ldap_mod_del($this->lh,$a_dn,$a_attribute))
215 if(($dn = $this->settings->getSearchBase()) && substr($dn,-1) !=
',')
219 $dn .= $this->settings->getBaseDN();
222 $filter = $this->settings->getFilter();
223 $page_filter = array(
'a',
'b',
'c',
'd',
'e',
'f',
'g',
'h',
'i',
'j',
'k',
'l',
'm',
'n',
'o',
'p',
'q',
'r',
's',
't',
'u',
'v',
'w',
'x',
'y',
'z',
'-');
224 $chars = array(
'a',
'b',
'c',
'd',
'e',
'f',
'g',
'h',
'i',
'j',
'k',
'l',
'm',
'n',
'o',
'p',
'q',
'r',
's',
't',
'u',
'v',
'w',
'x',
'y',
'z');
226 foreach($page_filter as $letter)
229 $new_filter .= $filter;
234 $new_filter .= (
'(!(|');
235 foreach($chars as $char)
237 $new_filter .= (
'('.$this->settings->getUserAttribute().
'='.$char.
'*)');
239 $new_filter .=
')))';
243 $new_filter .= (
'('.$this->settings->getUserAttribute().
'='.$letter.
'*))');
247 $this->log->info(
'Searching with ldap search and filter '.$new_filter.
' in '.$dn);
251 array($this->settings->getUserAttribute()));
254 if(!$tmp_result->numRows())
256 $this->log->notice(
'No users found. Aborting.');
259 $this->log->info(
'Found '.$tmp_result->numRows().
' users.');
260 $attribute = strtolower($this->settings->getUserAttribute());
261 foreach($tmp_result->getRows() as
$data)
263 if(isset(
$data[$attribute]))
269 $this->log->warning(
'Unknown error. No user attribute found.');
286 $group_name = strlen($a_name) ? $a_name : $this->settings->getGroupName();
289 $filter = sprintf(
'(&(%s=%s)%s)',
290 $this->settings->getGroupAttribute(),
292 $this->settings->getGroupFilter());
296 if(($gdn = $this->settings->getGroupDN()) && substr($gdn,-1) !=
',')
300 $gdn .= $this->settings->getBaseDN();
302 $this->log->debug(
'Using filter '.$filter);
303 $this->log->debug(
'Using DN '.$gdn);
307 array($this->settings->getGroupMember()));
310 $group_data = $tmp_result->getRows();
313 if(!$tmp_result->numRows())
315 $this->log->info(
'No group found.');
319 $attribute_name = strtolower($this->settings->getGroupMember());
322 foreach($group_data as
$data)
324 $this->log->debug(
'Found '.count($data[$attribute_name]).
' group members for group '.$data[
'dn']);
325 if(is_array($data[$attribute_name]))
327 foreach($data[$attribute_name] as $name)
347 private function readUserData($a_name,$a_check_dn =
true,$a_try_group_user_filter =
false)
349 $filter = $this->settings->getFilter();
350 if($a_try_group_user_filter)
352 if($this->settings->isMembershipOptional())
354 $filter = $this->settings->getGroupUserFilter();
359 if($this->settings->enabledGroupMemberIsDN() and $a_check_dn)
362 #$res = $this->queryByScope(IL_LDAP_SCOPE_BASE,$dn,$filter,$this->user_fields); 364 $fields = array_merge($this->user_fields,array(
'useraccountcontrol'));
369 $filter = sprintf(
'(&(%s=%s)%s)',
370 $this->settings->getUserAttribute(),
375 if(($dn = $this->settings->getSearchBase()) && substr($dn,-1) !=
',')
379 $dn .= $this->settings->getBaseDN();
380 $fields = array_merge($this->user_fields,array(
'useraccountcontrol'));
381 $res = $this->
queryByScope($this->settings->getUserScope(),strtolower($dn),$filter,$fields);
386 if(!$tmp_result->numRows())
388 $this->log->info(
'LDAP: No user data found for: '.$a_name);
393 if($user_data = $tmp_result->get())
395 if(isset($user_data[
'useraccountcontrol']))
397 if(($user_data[
'useraccountcontrol'] & 0x02))
399 $this->log->notice(
'LDAP: '.$a_name.
' account disabled.');
404 $user_ext = $user_data[strtolower($this->settings->getUserAttribute())];
407 $auth_mode = $this->settings->getAuthenticationMappingKey();
409 $this->users[$user_ext] = $user_data;
420 return $this->settings->getAuthenticationMappingKey();
432 private function queryByScope($a_scope,$a_base_dn,$a_filter,$a_attributes)
434 $a_filter = $a_filter ? $a_filter :
"(objectclass=*)";
439 $res = @ldap_search($this->lh,$a_base_dn,$a_filter,$a_attributes);
443 $res = @ldap_list($this->lh,$a_base_dn,$a_filter,$a_attributes);
448 $res = @ldap_read($this->lh,$a_base_dn,$a_filter,$a_attributes);
452 $this->log->warning(
"LDAP: LDAPQuery: Unknown search scope");
468 $this->lh = @ldap_connect($this->ldap_server_url);
473 throw new ilLDAPQueryException(
"LDAP: Cannot connect to LDAP Server: ".$this->settings->getUrl());
476 if(!ldap_set_option($this->lh,LDAP_OPT_PROTOCOL_VERSION,$this->settings->getVersion()))
481 if($this->settings->isActiveReferrer())
483 if(!ldap_set_option($this->lh,LDAP_OPT_REFERRALS,
true))
487 #@ldap_set_rebind_proc($this->lh,'referralRebind'); 491 ldap_set_option($this->lh,LDAP_OPT_REFERRALS,
false);
492 $this->log->debug(
'Switching referrals to false.');
495 if($this->settings->isActiveTLS())
497 if(!ldap_start_tls($this->lh))
514 switch($a_binding_type)
523 strlen($this->settings->getBindUser())
526 $user = $this->settings->getBindUser();
527 $pass = $this->settings->getBindPassword();
529 define(
'IL_LDAP_REBIND_USER',$user);
530 define(
'IL_LDAP_REBIND_PASS',
$pass);
531 $this->log->debug(
'Bind as '.$user);
536 $this->log->debug(
'Bind anonymous');
541 $user = $this->settings->getRoleBindDN();
542 $pass = $this->settings->getRoleBindPassword();
544 if(!strlen($user) or !strlen(
$pass))
546 $user = $this->settings->getBindUser();
547 $pass = $this->settings->getBindPassword();
550 define(
'IL_LDAP_REBIND_USER',$user);
551 define(
'IL_LDAP_REBIND_PASS',
$pass);
558 if(!@ldap_bind($this->lh,$user,
$pass))
560 throw new ilLDAPQueryException(
'LDAP: Cannot bind as '.$user.
' with message: '. ldap_err2str(ldap_errno($this->lh)).
' Trying fallback...', ldap_errno($this->lh));
564 $this->log->debug(
'Bind successful.');
577 include_once(
'Services/LDAP/classes/class.ilLDAPRoleAssignmentRules.php');
579 $this->user_fields = array_merge(
580 array($this->settings->getUserAttribute()),
582 $this->mapping->getFields(),
599 @ldap_unbind($this->lh);
615 @ldap_unbind($this->lh);
624 $ilLog->write(
'LDAP: Called referralRebind.');
626 ldap_set_option($a_ds, LDAP_OPT_PROTOCOL_VERSION, 3);
628 if (!ldap_bind($a_ds,IL_LDAP_REBIND_USER,IL_LDAP_REBIND_PASS))
630 $ilLog->write(
'LDAP: Rebind failed');
fetchUsers()
Fetch all users.
modAdd($a_dn, $a_attribute)
Add value to an existing attribute.
static _getInstanceByServerId($a_server_id)
Get instance of class.
readUserData($a_name, $a_check_dn=true, $a_try_group_user_filter=false)
Read user data.
const IL_LDAP_BIND_DEFAULT
__construct(ilLDAPServer $a_server, $a_url='')
Constructur.
connect()
Connect to LDAP server.
static getAttributeNames($a_server_id)
get all possible attribute names
readAllUsers()
Fetch all users This function splits the query to filters like e.g (uid=a*) (uid=b*)...
fetchGroupMembers($a_name='')
Fetch group member ids.
const DEFAULT_NETWORK_TIMEOUT
parseAuthMode()
Parse authentication mode.
query($a_search_base, $a_filter, $a_scope, $a_attributes)
Perform a query.
fetchUserProfileFields()
fetch required fields of user profile data
referralRebind($a_ds, $a_url)
fetchUser($a_name)
Get one user by login name.
modDelete($a_dn, $a_attribute)
Delete value from an existing attribute.
__destruct()
Destructor unbind from ldap server.
static _checkExternalAuthAccount($a_auth, $a_account)
check whether external account and authentication method matches with a user
static getLogger($a_component_id)
Get component logger.
bind($a_binding_type=IL_LDAP_BIND_DEFAULT, $a_user_dn='', $a_password='')
Bind to LDAP server.
queryByScope($a_scope, $a_base_dn, $a_filter, $a_attributes)
Query by scope IL_SCOPE_SUB => ldap_search IL_SCOPE_ONE => ldap_list.