ILIAS  release_5-1 Revision 5.0.0-5477-g43f3e3fab5f
Public Member Functions | Static Public Member Functions | Static Public Attributes | Protected Member Functions | Private Member Functions
ilAuthContainerApache Class Reference
Services/Database

Authentication against ILIAS database. More...

+ Inheritance diagram for ilAuthContainerApache:
+ Collaboration diagram for ilAuthContainerApache:

Public Member Functions

 __construct ()
 Constructor. More...
 
- Public Member Functions inherited from Auth_Container
 Auth_Container ()
 Constructor. More...
 
 fetchData ($username, $password, $isChallengeResponse=false)
 Fetch data from storage container. More...
 
 verifyPassword ($password1, $password2, $cryptType="md5")
 Crypt and verfiy the entered password. More...
 
 supportsChallengeResponse ()
 Returns true if the container supports Challenge Response password authentication. More...
 
 getCryptType ()
 Returns the crypt current crypt type of the container. More...
 
 listUsers ()
 List all users that are available from the storage container. More...
 
 getUser ($username)
 Returns a user assoc array. More...
 
 addUser ($username, $password, $additional=null)
 Add a new user to the storage container. More...
 
 removeUser ($username)
 Remove user from the storage container. More...
 
 changePassword ($username, $password)
 Change password for user in the storage container. More...
 
 log ($message, $level=AUTH_LOG_DEBUG)
 Log a message to the Auth log. More...
 
- Public Member Functions inherited from ilAuthContainerBase
 loginObserver ($a_username, $a_auth)
 Called after successful login. More...
 
 failedLoginObserver ($a_username, $a_auth)
 Called after failed login. More...
 
 checkAuthObserver ($a_username, $a_auth)
 Called after check auth requests. More...
 
 logoutObserver ($a_username, $a_auth)
 Called after logout. More...
 
 supportsCaptchaVerification ()
 Returns whether or not the auth container supports the verification of captchas This should be true for those auth methods, which are available in the default login form. More...
 

Static Public Member Functions

static forceCreation ($value)
 

Static Public Attributes

static $force_creation = false
 

Protected Member Functions

 updateRequired ($a_username)
 Check if an update is required. More...
 
 handleLDAPDataSource ($a_auth, $ext_account, $settings)
 Handle ldap as data source. More...
 

Private Member Functions

 initLDAPAttributeToUser ()
 Init LDAP attribute mapping private. More...
 

Additional Inherited Members

- Data Fields inherited from Auth_Container
 $activeUser = ""
 User that is currently selected from the storage container. More...
 
 $_auth_obj = null
 The Auth object this container is attached to. More...
 

Detailed Description

Authentication against ILIAS database.

Author
Stefan Meyer meyer.nosp@m.@lei.nosp@m.fos.c.nosp@m.om
Version
$Id$

Definition at line 12 of file class.ilAuthContainerApache.php.

Constructor & Destructor Documentation

◆ __construct()

ilAuthContainerApache::__construct ( )

Constructor.

Definition at line 22 of file class.ilAuthContainerApache.php.

23  {
24  parent::__construct();
25  }

Member Function Documentation

◆ forceCreation()

static ilAuthContainerApache::forceCreation (   $value)
static
Parameters
boolean$value

Definition at line 30 of file class.ilAuthContainerApache.php.

References $_GET, $_POST, $_SERVER, $_SESSION, $ilDB, $ilSetting, $info, $query, ilObjUser\_checkExternalAuthAccount(), ilAuthModeDetermination\_getInstance(), AUTH_APACHE, AUTH_APACHE_FAILED, AUTH_LDAP, ilLDAPServer\doConnectionCheck(), Auth_Container\fetchData(), ilLDAPRoleAssignmentRules\getAssignmentsForCreation(), ilLoggerFactory\getLogger(), handleLDAPDataSource(), IL_CERT_SSO, initLDAPAttributeToUser(), ilUtil\isLogin(), ilUtil\redirect(), ilLDAPRoleAssignmentRules\ROLE_ACTION_ASSIGN, and updateRequired().

31  {
32  self::$force_creation = $value;
33  }
+ Here is the call graph for this function:

◆ handleLDAPDataSource()

ilAuthContainerApache::handleLDAPDataSource (   $a_auth,
  $ext_account,
  $settings 
)
protected

Handle ldap as data source.

Parameters
Auth$auth
string$ext_account

Definition at line 313 of file class.ilAuthContainerApache.php.

References $server, AUTH_RADIUS_NO_ILIAS_USER, AUTH_WRONG_LOGIN, ilLDAPServer\getInstanceByServerId(), ilLoggerFactory\getLogger(), ilUtil\redirect(), and ilLDAPUserSynchronisation\setExternalAccount().

Referenced by forceCreation().

314  {
315  include_once './Services/LDAP/classes/class.ilLDAPServer.php';
316  $server = ilLDAPServer::getInstanceByServerId(
317  $settings->get('apache_ldap_sid')
318  );
319 
320  ilLoggerFactory::getLogger('auth')->debug('Using ldap data source with server configuration: ' . $server->getName());
321 
322  include_once './Services/LDAP/classes/class.ilLDAPUserSynchronisation.php';
323  $sync = new ilLDAPUserSynchronisation('ldap_'.$server->getServerId(), $server->getServerId());
324  $sync->setExternalAccount($ext_account);
325  $sync->setUserData(array());
326  $sync->forceCreation(self::$force_creation);
327  $sync->forceReadLdapData(true);
328 
329  try {
330  $internal_account = $sync->sync();
331  }
332  catch(UnexpectedValueException $e) {
333  ilLoggerFactory::getLogger('auth')->info('Login failed with message: ' . $e->getMessage());
334  $a_auth->status = AUTH_WRONG_LOGIN;
335  $a_auth->logout();
336  return false;
337  }
338  catch(ilLDAPSynchronisationForbiddenException $e) {
339  // No syncronisation allowed => create Error
340  ilLoggerFactory::getLogger('auth')->info('Login failed with message: ' . $e->getMessage());
341  $a_auth->status = AUTH_RADIUS_NO_ILIAS_USER;
342  $a_auth->logout();
343  return false;
344  }
345  catch(ilLDAPAccountMigrationRequiredException $e) {
346  ilLoggerFactory::getLogger('auth')->debug('Starting account migration');
347  $a_auth->logout();
348  ilUtil::redirect('ilias.php?baseClass=ilStartUpGUI&cmdClass=ilstartupgui&cmd=showAccountMigration');
349  }
350 
351  $a_auth->setAuth($internal_account);
352  return true;
353  }
ilLDAPUserSynchronisation
Synchronization of user accounts used in auth container ldap, radius , cas,...
Definition: class.ilLDAPUserSynchronisation.php:14
AUTH_RADIUS_NO_ILIAS_USER
const AUTH_RADIUS_NO_ILIAS_USER
Definition: class.ilAuthUtils.php:28
ilLDAPUserSynchronisation\setExternalAccount
setExternalAccount($a_ext)
Set external account (unique for each auth mode)
Definition: class.ilLDAPUserSynchronisation.php:61
ilLDAPAccountMigrationRequiredException
Description of ilLDAPAccountMigrationRequiredException.
Definition: class.ilLDAPAccountMigrationRequiredException.php:12
ilLDAPServer\getInstanceByServerId
static getInstanceByServerId($a_server_id)
Get instance by server id.
Definition: class.ilLDAPServer.php:58
$server
$server
Definition: dummy_client.php:12
ilLoggerFactory\getLogger
static getLogger($a_component_id)
Get component logger.
Definition: class.ilLoggerFactory.php:82
AUTH_WRONG_LOGIN
const AUTH_WRONG_LOGIN
Returned if container is unable to authenticate user/password pair.
Definition: Auth.php:38
ilUtil\redirect
static redirect($a_script)
http redirect to other script
Definition: class.ilUtil.php:3635
+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ initLDAPAttributeToUser()

ilAuthContainerApache::initLDAPAttributeToUser ( )
private

Init LDAP attribute mapping private.

Definition at line 301 of file class.ilAuthContainerApache.php.

Referenced by forceCreation().

302  {
303  include_once('Services/LDAP/classes/class.ilLDAPAttributeToUser.php');
304  $this->ldap_attr_to_user = new ilLDAPAttributeToUser($this->server);
305  }
ilLDAPAttributeToUser
Update/create ILIAS user account by given LDAP attributes according to user attribute mapping setting...
Definition: class.ilLDAPAttributeToUser.php:34
+ Here is the caller graph for this function:

◆ updateRequired()

ilAuthContainerApache::updateRequired (   $a_username)
protected

Check if an update is required.

Returns
Parameters
string$a_username

Definition at line 277 of file class.ilAuthContainerApache.php.

References ilObjUser\_checkExternalAuthAccount(), ilLDAPRoleAssignmentRule\hasRulesForUpdate(), and ilLDAPAttributeMapping\hasRulesForUpdate().

Referenced by forceCreation().

278  {
279  if(!ilObjUser::_checkExternalAuthAccount("ldap_".$this->server->getServerId(), $a_username))
280  {
281  return true;
282  }
283  // Check attribute mapping on login
284  include_once './Services/LDAP/classes/class.ilLDAPAttributeMapping.php';
285  if(ilLDAPAttributeMapping::hasRulesForUpdate($this->server->getServerId()))
286  {
287  return true;
288  }
289  include_once './Services/LDAP/classes/class.ilLDAPRoleAssignmentRule.php';
290  if(ilLDAPRoleAssignmentRule::hasRulesForUpdate())
291  {
292  return true;
293  }
294  return false;
295  }
ilLDAPRoleAssignmentRule\hasRulesForUpdate
static hasRulesForUpdate()
Check if there any rule for updates.
Definition: class.ilLDAPRoleAssignmentRule.php:85
ilLDAPAttributeMapping\hasRulesForUpdate
static hasRulesForUpdate($a_server_id)
Check if there is ldap attribute -> user data mapping which which is updated on login.
Definition: class.ilLDAPAttributeMapping.php:120
ilObjUser\_checkExternalAuthAccount
static _checkExternalAuthAccount($a_auth, $a_account)
check whether external account and authentication method matches with a user
Definition: class.ilObjUser.php:3766
+ Here is the call graph for this function:
+ Here is the caller graph for this function:

Field Documentation

◆ $force_creation

ilAuthContainerApache::$force_creation = false
static

Definition at line 17 of file class.ilAuthContainerApache.php.

The documentation for this class was generated from the following file: