5 define(
'IL_LDAP_BIND_ANONYMOUS',0);
6 define(
'IL_LDAP_BIND_USER',1);
8 define(
'IL_LDAP_SCOPE_SUB',0);
9 define(
'IL_LDAP_SCOPE_ONE',1);
10 define(
'IL_LDAP_SCOPE_BASE',2);
48 $this->server_id = $a_server_id;
60 if(isset(self::$instances[$a_server_id]))
62 return self::$instances[$a_server_id];
64 return self::$instances[$a_server_id] =
new ilLDAPServer($a_server_id);
75 if(!$this->fallback_urls)
80 $all_urls = array_merge($this->fallback_urls);
81 $all_urls[] = $this->
getUrl();
83 $query =
'UPDATE ldap_server_settings SET '.
84 'url = '.$ilDB->quote(implode(
',', $all_urls),
'text').
' '.
85 'WHERE server_id = '.$ilDB->quote($this->
getServerId(),
'integer');
97 return function_exists(
'ldap_bind');
109 $query =
"SELECT server_id FROM ldap_server_settings ".
110 "WHERE active = 1 AND authentication = 1 ".
113 $server_ids = array();
114 while(
$row = $ilDB->fetchObject(
$res))
116 $server_ids[] =
$row->server_id;
130 $query =
"SELECT server_id FROM ldap_server_settings ".
132 "AND sync_per_cron = 1 ".
136 while(
$row = $ilDB->fetchObject(
$res))
138 $server_ids[] =
$row->server_id;
140 return $server_ids ? $server_ids : array();
154 $query =
"SELECT server_id FROM ldap_server_settings ".
156 "AND role_sync_active = 1 ";
159 $server_ids = array();
160 while(
$row = $ilDB->fetchObject(
$res))
162 $server_ids[] =
$row->server_id;
204 $query =
"SELECT server_id FROM ldap_server_settings ORDER BY name";
207 while(
$row = $ilDB->fetchObject(
$res))
209 $server_ids[] =
$row->server_id;
211 return $server_ids ? $server_ids : array();
223 $query =
"SELECT server_id FROM ldap_server_settings ORDER BY name";
245 $query =
"SELECT * FROM ldap_server_settings ORDER BY name";
250 while(
$row = $ilDB->fetchAssoc(
$res))
278 $query =
"SELECT server_id FROM ldap_server_settings ".
279 "WHERE active = ".$ilDB->quote(1,
'integer').
" ".
280 "AND authentication = ".$ilDB->quote(0,
'integer').
" ".
281 "AND ( authentication_type = ".$ilDB->quote($a_auth_mode,
'integer').
" ".
282 "OR authentication_type = ".$ilDB->quote(0,
'integer').
")";
285 $server_ids = array();
288 $server_ids[] =
$row->server_id;
303 $query =
"SELECT server_id FROM ldap_server_settings ".
304 "WHERE authentication_type = ".$ilDB->quote($a_auth_mode,
'integer').
" ".
305 "AND authentication = ".$ilDB->quote(0,
'integer');
318 $query =
"SELECT server_id FROM ldap_server_settings ".
319 "WHERE authentication_type = ".$ilDB->quote($a_auth_mode,
'integer').
" ";
323 return $row->server_id;
335 $query =
'UPDATE ldap_server_settings '.
336 'SET authentication_type = '. $ilDB->quote(0,
'integer').
' '.
337 'WHERE authentication_type = '.$ilDB->quote($a_authmode,
'integer');
338 $ilDB->manipulate(
$query);
354 self::disableDataSourceForAuthMode($a_auth_mode);
358 $query =
"UPDATE ldap_server_settings ".
359 'SET authentication_type = '.$ilDB->quote($a_auth_mode,
'integer').
" ".
360 'WHERE server_id = '.$ilDB->quote($a_ldap_server_id,
'integer');
361 $ilDB->manipulate(
$query);
375 $GLOBALS[
'ilLog']->write(__METHOD__.
': No auth mode given..............');
378 $auth_arr = explode(
'_', $a_auth_mode);
379 return ($auth_arr[0] ==
AUTH_LDAP) and $auth_arr[1];
389 if(self::isAuthModeLDAP($a_auth_mode))
391 $auth_arr = explode(
'_', $a_auth_mode);
403 $auth_arr = explode(
'_', $a_auth_key);
404 if(count((array) $auth_arr) > 1)
406 return 'ldap_'.$auth_arr[1];
418 $auth_arr = explode(
'_', $a_auth_mode);
419 if(count((array) $auth_arr) > 1)
440 $this->enabled_authentication = (bool) $a_status;
458 $this->authentication_mapping = $a_map;
480 return 'ldap_'.$this->getServerId();
489 $this->active = $a_status;
493 return $this->active;
501 $this->url_string = $a_url;
504 $urls = explode(
',',$a_url);
507 foreach($urls as
$url)
516 $this->fallback_urls[] =
$url;
522 return $this->url_string;
534 include_once(
'Services/LDAP/classes/class.ilLDAPQuery.php');
536 foreach(array_merge(array(0 => $this->url),$this->fallback_urls) as
$url)
550 ilLoggerFactory::getLogger(
'auth')->error(
'Cannot connect to LDAP server: '. $url .
' '. $exc->getCode().
' '. $exc->getMessage());
564 $this->name = $a_name;
568 return $this->version ? $this->version : self::DEFAULT_VERSION;
572 $this->version = $a_version;
576 return $this->base_dn;
580 $this->base_dn = $a_base_dn;
584 return $this->referrals ? true :
false;
588 $this->referrals = $a_status;
592 return $this->tls ? true :
false;
596 $this->tls = $a_status;
600 return $this->binding_type;
615 return $this->bind_user;
619 $this->bind_user = $a_user;
623 return $this->bind_password;
627 $this->bind_password = $a_password;
631 return $this->search_base;
635 $this->search_base = $a_search_base;
639 return $this->user_attribute;
643 $this->user_attribute = $a_user_attr;
651 $this->filter = $a_filter;
655 return $this->group_dn;
659 $this->group_dn = $a_value;
667 $this->group_filter = $a_value;
671 return $this->group_member;
675 $this->group_member = $a_value;
679 return $this->group_name;
683 $this->group_name = $a_value;
696 if(!is_array($names))
700 foreach($names as $name)
702 $new_names[] = trim($name);
710 return $this->group_attribute;
714 $this->group_attribute = $a_value;
719 $this->group_optional = (bool) $a_status;
723 return (
bool) $this->group_optional;
727 $this->group_user_filter = $a_filter;
731 return $this->group_user_filter;
736 return (
bool) $this->memberisdn;
740 $this->memberisdn = (bool) $a_value;
744 $this->group_scope = $a_value;
748 return $this->group_scope;
752 $this->user_scope = $a_value;
756 return $this->user_scope;
760 return $this->sync_on_login;
764 $this->sync_on_login = (int) $a_value;
768 return $this->sync_per_cron;
772 $this->sync_per_cron = (int) $a_value;
776 $this->global_role = $a_role;
784 $this->role_bind_dn = $a_value;
792 $this->role_bind_pass = $a_value;
800 $this->role_sync_active = $a_value;
805 return $this->username_filter;
809 $this->username_filter = $a_value;
821 $this->account_migration = $a_status;
832 return $this->account_migration ? true :
false;
845 $ilErr->setMessage(
'');
846 if(!strlen($this->
getName()) ||
847 !strlen($this->
getUrl()) ||
851 $ilErr->setMessage($this->lng->txt(
'fill_out_all_required_fields'));
857 $ilErr->appendMessage($this->lng->txt(
'ldap_missing_bind_user'));
862 $ilErr->appendMessage($this->lng->txt(
'ldap_missing_role_assignment'));
866 $ilErr->appendMessage($this->lng->txt(
'ldap_tls_conflict'));
869 return strlen($ilErr->getMessage()) ?
false :
true;
876 $next_id = $ilDB->nextId(
'ldap_server_settings');
878 $query =
'INSERT INTO ldap_server_settings (server_id,active,name,url,version,base_dn,referrals,tls,bind_type,bind_user,bind_pass,'.
879 'search_base,user_scope,user_attribute,filter,group_dn,group_scope,group_filter,group_member,group_memberisdn,group_name,'.
880 'group_attribute,group_optional,group_user_filter,sync_on_login,sync_per_cron,role_sync_active,role_bind_dn,role_bind_pass,migration, '.
881 'authentication,authentication_type,username_filter) '.
882 'VALUES (%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s)';
885 'integer',
'integer',
'text',
'text',
'integer',
'text',
'integer',
'integer',
'integer',
'text',
'text',
'text',
'integer',
886 'text',
'text',
'text',
'integer',
'text',
'text',
'integer',
'text',
'text',
'integer',
'text',
'integer',
'integer',
'integer',
887 'text',
'text',
'integer',
'integer',
'integer',
"text"),
924 $this->server_id = $next_id;
932 $query =
"UPDATE ldap_server_settings SET ".
933 "active = ".$this->db->quote($this->
isActive(),
'integer').
", ".
934 "name = ".$this->db->quote($this->
getName(),
'text').
", ".
935 "url = ".$this->db->quote($this->
getUrlString(),
'text').
", ".
936 "version = ".$this->db->quote($this->
getVersion(),
'integer').
", ".
937 "base_dn = ".$this->db->quote($this->
getBaseDN(),
'text').
", ".
939 "tls = ".$this->db->quote($this->
isActiveTLS(),
'integer').
", ".
940 "bind_type = ".$this->db->quote($this->
getBindingType(),
'integer').
", ".
941 "bind_user = ".$this->db->quote($this->
getBindUser(),
'text').
", ".
943 "search_base = ".$this->db->quote($this->
getSearchBase(),
'text').
", ".
944 "user_scope = ".$this->db->quote($this->
getUserScope(),
'integer').
", ".
945 "user_attribute = ".$this->db->quote($this->
getUserAttribute(),
'text').
", ".
946 "filter = ".$this->db->quote($this->
getFilter(),
'text').
", ".
947 "group_dn = ".$this->db->quote($this->
getGroupDN(),
'text').
", ".
948 "group_scope = ".$this->db->quote($this->
getGroupScope(),
'integer').
", ".
949 "group_filter = ".$this->db->quote($this->
getGroupFilter(),
'text').
", ".
950 "group_member = ".$this->db->quote($this->
getGroupMember(),
'text').
", ".
952 "group_name = ".$this->db->quote($this->
getGroupName(),
'text').
", ".
956 "sync_on_login = ".$this->db->quote(($this->
enabledSyncOnLogin() ? 1 : 0),
'integer').
", ".
957 "sync_per_cron = ".$this->db->quote(($this->
enabledSyncPerCron() ? 1 : 0),
'integer').
", ".
959 "role_bind_dn = ".$this->db->quote($this->
getRoleBindDN(),
'text').
", ".
967 "WHERE server_id = ".$this->db->quote($this->
getServerId(),
'integer');
976 public function delete()
983 include_once
'Services/LDAP/classes/class.ilLDAPAttributeMapping.php';
986 include_once
'Services/LDAP/classes/class.ilLDAPRoleAssignmentRule.php';
989 foreach($rules as $ruleAssigment)
991 $ruleAssigment->delete();
994 include_once
'Services/LDAP/classes/class.ilLDAPRoleGroupMappingSettings.php';
997 $query =
"DELETE FROM ldap_server_settings ".
998 "WHERE server_id = ".$this->db->quote($this->
getServerId(),
'integer');
1011 'url' => $this->
getUrl(),
1038 if(@include_once(
'Log.php'))
1040 if(@include_once(
'Log/observer.php'))
1077 $filter = trim($a_filter);
1079 if(!strlen($filter))
1084 if(strpos($filter,
'(') !== 0)
1086 $filter = (
'('.$filter);
1088 if(substr($filter,-1) !=
')')
1090 $filter = ($filter.
')');
1106 include_once(
'Services/LDAP/classes/class.ilLDAPAttributeMapping.php');
1107 include_once(
'Services/LDAP/classes/class.ilLDAPRoleAssignmentRules.php');
1111 $mapping->getFields(),
1130 if(!$this->server_id)
1134 $query =
"SELECT * FROM ldap_server_settings WHERE server_id = ".$this->db->quote($this->server_id).
"";
static checkLDAPLib()
Check if ldap module is installed.
__construct($a_server_id=0)
_getRules($a_server_id)
Get all rules.
static _getFirstActiveServer()
Get first active server.
prepareFilter($a_filter)
Create brackets for filters if they do not exist.
read()
Read server settings.
enableSyncOnLogin($a_value)
static isAuthModeLDAP($a_auth_mode)
Check if user auth mode is LDAP.
enabledRoleSynchronization()
static _getInstanceByServerId($a_server_id)
Get instance of class.
static _getServerList()
Get list of all configured servers.
setAuthenticationMapping($a_map)
Set mapped authentication mapping.
enableGroupMemberIsDN($a_value)
enableAccountMigration($a_status)
Enable account migration.
static getAuthModeByKey($a_auth_key)
get auth mode by key
const IL_LDAP_BIND_ANONYMOUS
enableRoleSynchronization($a_value)
static _getAllServer()
Get list of all configured servers.
validate()
Validate user input.
static getAvailableDataSources($a_auth_mode)
enableSyncPerCron($a_value)
static _getActiveServerList()
Get active server list.
getPearAtributeArray()
Get attribute array for pear auth data.
toggleReferrer($a_status)
static _getAuthModeName($a_auth_key)
static getInstanceByServerId($a_server_id)
Get instance by server id.
static getAttributeNames($a_server_id)
get all possible attribute names
static disableDataSourceForAuthMode($a_authmode)
Disable data source.
toggleMembershipOptional($a_status)
const DB_FETCHMODE_OBJECT
static _deleteByServerId($a_server_id)
setRoleBindPassword($a_value)
const DEFAULT_NETWORK_TIMEOUT
getGroupNames()
Get group names as array.
static isDataSourceActive($a_auth_mode)
Check if a data source is active for a specific auth mode ilDB $ilDB.
static getServerIds()
Get all server ids ilDB $ilDB.
if(!is_array($argv)) $options
setGroupUserFilter($a_filter)
getAuthenticationMapping()
Get authentication mode that is mapped.
doConnectionCheck()
Check ldap connection and do a fallback to the next server if no connection is possible.
static _getCronServerIds()
Get list of acticve servers with option 'SyncCron'.
static _delete($a_server_id)
Delete mapping rules by server id.
static getDataSource($a_auth_mode)
setBindPassword($a_password)
toPearAuthArray()
Creates an array of options compatible to PEAR Auth.
static getServerIdByAuthMode($a_auth_mode)
Get auth id by auth mode.
isAuthenticationEnabled()
Check if authentication is enabled.
setSearchBase($a_search_base)
static getKeyByAuthMode($a_auth_mode)
Get auth id by auth mode.
enableAuthentication($a_status)
Enable authentication for this ldap server.
setUserAttribute($a_user_attr)
rotateFallbacks()
Rotate fallback urls in case of connect timeouts.
static _getPasswordServers()
Checks whether password synchronistation is enabled for an user.
setUsernameFilter($a_value)
getAuthenticationMappingKey()
Get authentication mapping key Default is ldap.
static getLogger($a_component_id)
Get component logger.
$GLOBALS['PHPCAS_CLIENT']
This global variable is used by the interface class phpCAS.
setGroupAttribute($a_value)
static _getRoleSyncServerIds()
Check whether there if there is an active server with option role_sync_active.
static toggleDataSource($a_ldap_server_id, $a_auth_mode, $a_status)
Toggle Data Source.
isAccountMigrationEnabled()
enabled account migration