ILIAS  release_5-2 Revision v5.2.25-18-g3f80b828510
Public Member Functions | Private Member Functions | Private Attributes
ilLDAPQuery Class Reference
Services/LDAP
+ Collaboration diagram for ilLDAPQuery:

Public Member Functions

 __construct (ilLDAPServer $a_server, $a_url='')
 Constructur. More...
 
 getServer ()
 Get server. More...
 
 getLogger ()
 Get logger. More...
 
 fetchUser ($a_name)
 Get one user by login name. More...
 
 fetchUsers ()
 Fetch all users. More...
 
 query ($a_search_base, $a_filter, $a_scope, $a_attributes)
 Perform a query. More...
 
 modAdd ($a_dn, $a_attribute)
 Add value to an existing attribute. More...
 
 modDelete ($a_dn, $a_attribute)
 Delete value from an existing attribute. More...
 
 checkGroupMembership ($a_ldap_user_name, $ldap_user_data)
 check group membership More...
 
 bind ($a_binding_type=IL_LDAP_BIND_DEFAULT, $a_user_dn='', $a_password='')
 Bind to LDAP server. More...
 
 __destruct ()
 Destructor unbind from ldap server. More...
 

Private Member Functions

 readAllUsers ()
 Fetch all users This function splits the query to filters like e.g (uid=a*) (uid=b*)... This avoids AD page_size_limit. More...
 
 fetchGroupMembers ($a_name='')
 Fetch group member ids. More...
 
 readUserData ($a_name, $a_check_dn=false, $a_try_group_user_filter=false)
 Read user data. More...
 
 parseAuthMode ()
 Parse authentication mode. More...
 
 queryByScope ($a_scope, $a_base_dn, $a_filter, $a_attributes)
 Query by scope IL_SCOPE_SUB => ldap_search IL_SCOPE_ONE => ldap_list. More...
 
 connect ()
 Connect to LDAP server. More...
 
 fetchUserProfileFields ()
 fetch required fields of user profile data More...
 
 unbind ()
 Unbind. More...
 

Private Attributes

 $ldap_server_url = null
 
 $settings = null
 
 $log = null
 
 $user_fields = array()
 

Detailed Description

Author
Stefan Meyer meyer.nosp@m.@lei.nosp@m.fos.c.nosp@m.om
Version
$Id$

@ilCtrl_Calls

Definition at line 42 of file class.ilLDAPQuery.php.

Constructor & Destructor Documentation

◆ __construct()

ilLDAPQuery::__construct ( ilLDAPServer  $a_server,
  $a_url = '' 
)

Constructur.

@access private

Parameters
objectilLDAPServer or subclass
Exceptions
ilLDAPQueryException

Definition at line 62 of file class.ilLDAPQuery.php.

63 {
64 $this->settings = $a_server;
65
66 if(strlen($a_url))
67 {
68 $this->ldap_server_url = $a_url;
69 }
70 else
71 {
72 $this->ldap_server_url = $this->settings->getUrl();
73 }
74
75 $this->mapping = ilLDAPAttributeMapping::_getInstanceByServerId($this->settings->getServerId());
76 $this->log = $GLOBALS['DIC']->logger()->auth();
77
78 $this->fetchUserProfileFields();
79 $this->connect();
80 }
ilLDAPAttributeMapping\_getInstanceByServerId
static _getInstanceByServerId($a_server_id)
Get instance of class.
Definition: class.ilLDAPAttributeMapping.php:65
ilLDAPQuery\fetchUserProfileFields
fetchUserProfileFields()
fetch required fields of user profile data
Definition: class.ilLDAPQuery.php:687
ilLDAPQuery\connect
connect()
Connect to LDAP server.
Definition: class.ilLDAPQuery.php:571
$GLOBALS
$GLOBALS['loaded']
Global hash that tracks already loaded includes.
Definition: generate-standalone.php:18
settings
settings()
Definition: settings.php:2

References $GLOBALS, ilLDAPAttributeMapping\_getInstanceByServerId(), connect(), fetchUserProfileFields(), and settings().

+ Here is the call graph for this function:

◆ __destruct()

ilLDAPQuery::__destruct ( )

Destructor unbind from ldap server.

@access private

Parameters

Definition at line 723 of file class.ilLDAPQuery.php.

724 {
725 if($this->lh)
726 {
727 @ldap_unbind($this->lh);
728 }
729 }

Member Function Documentation

◆ bind()

ilLDAPQuery::bind (   $a_binding_type = IL_LDAP_BIND_DEFAULT,
  $a_user_dn = '',
  $a_password = '' 
)

Bind to LDAP server.

@access public

Parameters
intbinding_type IL_LDAP_BIND_DEFAULT || IL_LDAP_BIND_ADMIN
Exceptions
ilLDAPQueryExceptionon connection failure.

Definition at line 617 of file class.ilLDAPQuery.php.

618 {
619 switch($a_binding_type)
620 {
621 case IL_LDAP_BIND_TEST:
622 ldap_set_option($this->lh, LDAP_OPT_NETWORK_TIMEOUT, ilLDAPServer::DEFAULT_NETWORK_TIMEOUT);
623 // fall through
624 case IL_LDAP_BIND_DEFAULT:
625 // Now bind anonymously or as user
626 if(
627 IL_LDAP_BIND_USER == $this->settings->getBindingType() &&
628 strlen($this->settings->getBindUser())
629 )
630 {
631 $user = $this->settings->getBindUser();
632 $pass = $this->settings->getBindPassword();
633
634 define('IL_LDAP_REBIND_USER',$user);
635 define('IL_LDAP_REBIND_PASS',$pass);
636 $this->log->debug('Bind as '.$user);
637 }
638 else
639 {
640 $user = $pass = '';
641 $this->log->debug('Bind anonymous');
642 }
643 break;
644
645 case IL_LDAP_BIND_ADMIN:
646 $user = $this->settings->getRoleBindDN();
647 $pass = $this->settings->getRoleBindPassword();
648
649 if(!strlen($user) or !strlen($pass))
650 {
651 $user = $this->settings->getBindUser();
652 $pass = $this->settings->getBindPassword();
653 }
654
655 define('IL_LDAP_REBIND_USER',$user);
656 define('IL_LDAP_REBIND_PASS',$pass);
657 break;
658
659 case IL_LDAP_BIND_AUTH:
660 $this->log->debug('Trying to bind as: ' . $a_user_dn);
661 $user = $a_user_dn;
662 $pass = $a_password;
663 break;
664
665
666 default:
667 throw new ilLDAPQueryException('LDAP: unknown binding type in: '.__METHOD__);
668 }
669
670 if(!@ldap_bind($this->lh,$user,$pass))
671 {
672 throw new ilLDAPQueryException('LDAP: Cannot bind as '.$user.' with message: '. ldap_err2str(ldap_errno($this->lh)).' Trying fallback...', ldap_errno($this->lh));
673 }
674 else
675 {
676 $this->log->debug('Bind successful.');
677 }
678 }
IL_LDAP_BIND_AUTH
const IL_LDAP_BIND_AUTH
Definition: class.ilLDAPQuery.php:27
IL_LDAP_BIND_DEFAULT
const IL_LDAP_BIND_DEFAULT
Definition: class.ilLDAPQuery.php:24
IL_LDAP_BIND_ADMIN
const IL_LDAP_BIND_ADMIN
Definition: class.ilLDAPQuery.php:25
IL_LDAP_BIND_TEST
const IL_LDAP_BIND_TEST
Definition: class.ilLDAPQuery.php:26
IL_LDAP_BIND_USER
const IL_LDAP_BIND_USER
Definition: class.ilLDAPServer.php:6
ilLDAPServer\DEFAULT_NETWORK_TIMEOUT
const DEFAULT_NETWORK_TIMEOUT
Definition: class.ilLDAPServer.php:30

References $pass, ilLDAPServer\DEFAULT_NETWORK_TIMEOUT, IL_LDAP_BIND_ADMIN, IL_LDAP_BIND_AUTH, IL_LDAP_BIND_DEFAULT, IL_LDAP_BIND_TEST, IL_LDAP_BIND_USER, and settings().

+ Here is the call graph for this function:

◆ checkGroupMembership()

ilLDAPQuery::checkGroupMembership (   $a_ldap_user_name,
  $ldap_user_data 
)

check group membership

Parameters
stringlogin name
arrayuser data
Returns
bool

Definition at line 293 of file class.ilLDAPQuery.php.

294 {
295 $group_names = $this->getServer()->getGroupNames();
296
297 if(!count($group_names))
298 {
299 $this->getLogger()->debug('No LDAP group restrictions found');
300 return true;
301 }
302
303 $group_dn = $this->getServer()->getGroupDN();
304 if(
305 $group_dn &&
306 (substr($group_dn, -1) != ',')
307 )
308 {
309 $group_dn .= ',';
310 }
311 $group_dn .= $this->getServer()->getBaseDN();
312
313 foreach($group_names as $group)
314 {
315 $user = $a_ldap_user_name;
316 if($this->getServer()->enabledGroupMemberIsDN())
317 {
318 $user = $ldap_user_data['dn'];
319 }
320
321 $filter = sprintf('(&(%s=%s)(%s=%s)%s)',
322 $this->getServer()->getGroupAttribute(),
323 $group,
324 $this->getServer()->getGroupMember(),
325 $user,
326 $this->getServer()->getGroupFilter()
327 );
328 $this->getLogger()->debug('Current group search base: ' . $group_dn);
329 $this->getLogger()->debug('Current group filter: ' . $filter);
330
331 $res = $this->queryByScope(
332 $this->getServer()->getGroupScope(),
333 $group_dn,
334 $filter,
335 [$this->getServer()->getGroupMember()]
336 );
337
338 $this->getLogger()->dump($res);
339
340 $tmp_result = new ilLDAPResult($this->lh,$res);
341 $group_result = $tmp_result->getRows();
342
343 $this->getLogger()->debug('Group query returned: ');
344 $this->getLogger()->dump($group_result, ilLogLevel::DEBUG);
345
346 if(count($group_result))
347 {
348 return true;
349 }
350 }
351
352 // group restrictions failed check optional membership
353 if($this->getServer()->isMembershipOptional())
354 {
355 $this->getLogger()->debug('Group restrictions failed, checking user filter.');
356 if($this->readUserData($a_ldap_user_name, true, true))
357 {
358 $this->getLogger()->debug('User filter matches.');
359 return true;
360 }
361 }
362 $this->getLogger()->debug('Group restrictions failed.');
363 return false;
364 }
sprintf
sprintf('%.4f', $callTime)
Definition: 01pharSimple.php:87
ilLDAPQuery\queryByScope
queryByScope($a_scope, $a_base_dn, $a_filter, $a_attributes)
Query by scope IL_SCOPE_SUB => ldap_search IL_SCOPE_ONE => ldap_list.
Definition: class.ilLDAPQuery.php:529
ilLDAPQuery\getServer
getServer()
Get server.
Definition: class.ilLDAPQuery.php:87
ilLDAPQuery\readUserData
readUserData($a_name, $a_check_dn=false, $a_try_group_user_filter=false)
Read user data.
Definition: class.ilLDAPQuery.php:436
ilLDAPQuery\getLogger
getLogger()
Get logger.
Definition: class.ilLDAPQuery.php:96

References $res, ilLogLevel\DEBUG, getLogger(), getServer(), queryByScope(), readUserData(), and sprintf.

+ Here is the call graph for this function:

◆ connect()

ilLDAPQuery::connect ( )
private

Connect to LDAP server.

@access private

Exceptions
ilLDAPQueryException

Definition at line 571 of file class.ilLDAPQuery.php.

572 {
573 $this->lh = @ldap_connect($this->ldap_server_url);
574
575 // LDAP Connect
576 if(!$this->lh)
577 {
578 throw new ilLDAPQueryException("LDAP: Cannot connect to LDAP Server: ".$this->settings->getUrl());
579 }
580 // LDAP Version
581 if(!ldap_set_option($this->lh,LDAP_OPT_PROTOCOL_VERSION,$this->settings->getVersion()))
582 {
583 throw new ilLDAPQueryException("LDAP: Cannot set version to: ".$this->settings->getVersion());
584 }
585 // Switch on referrals
586 if($this->settings->isActiveReferrer())
587 {
588 if(!ldap_set_option($this->lh,LDAP_OPT_REFERRALS,true))
589 {
590 throw new ilLDAPQueryException("LDAP: Cannot switch on LDAP referrals");
591 }
592 #@ldap_set_rebind_proc($this->lh,'referralRebind');
593 }
594 else
595 {
596 ldap_set_option($this->lh,LDAP_OPT_REFERRALS,false);
597 $this->log->debug('Switching referrals to false.');
598 }
599 // Start TLS
600 if($this->settings->isActiveTLS())
601 {
602 if(!ldap_start_tls($this->lh))
603 {
604 throw new ilLDAPQueryException("LDAP: Cannot start LDAP TLS");
605 }
606 }
607 }

References settings().

Referenced by __construct().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ fetchGroupMembers()

ilLDAPQuery::fetchGroupMembers (   $a_name = '')
private

Fetch group member ids.

@access public

Definition at line 373 of file class.ilLDAPQuery.php.

374 {
375 $group_name = strlen($a_name) ? $a_name : $this->settings->getGroupName();
376
377 // Build filter
378 $filter = sprintf('(&(%s=%s)%s)',
379 $this->settings->getGroupAttribute(),
380 $group_name,
381 $this->settings->getGroupFilter());
382
383
384 // Build search base
385 if(($gdn = $this->settings->getGroupDN()) && substr($gdn,-1) != ',')
386 {
387 $gdn .= ',';
388 }
389 $gdn .= $this->settings->getBaseDN();
390
391 $this->log->debug('Using filter '.$filter);
392 $this->log->debug('Using DN '.$gdn);
393 $res = $this->queryByScope($this->settings->getGroupScope(),
394 $gdn,
395 $filter,
396 array($this->settings->getGroupMember()));
397
398 $tmp_result = new ilLDAPResult($this->lh,$res);
399 $group_data = $tmp_result->getRows();
400
401
402 if(!$tmp_result->numRows())
403 {
404 $this->log->info('No group found.');
405 return false;
406 }
407
408 $attribute_name = strtolower($this->settings->getGroupMember());
409
410 // All groups
411 foreach($group_data as $data)
412 {
413 $this->log->debug('Found '.count($data[$attribute_name]).' group members for group '.$data['dn']);
414 if(is_array($data[$attribute_name]))
415 {
416 foreach($data[$attribute_name] as $name)
417 {
418 $this->readUserData($name,true,true);
419 }
420 }
421 else
422 {
423 $this->readUserData($data[$attribute_name],true,true);
424 }
425 }
426 unset($tmp_result);
427 return;
428 }

References $data, $res, queryByScope(), readUserData(), settings(), and sprintf.

Referenced by fetchUsers().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ fetchUser()

ilLDAPQuery::fetchUser (   $a_name)

Get one user by login name.

@access public

Parameters
stringlogin name
Returns
array of user data

Definition at line 108 of file class.ilLDAPQuery.php.

109 {
110 if(!$this->readUserData($a_name))
111 {
112 return array();
113 }
114 else
115 {
116 return $this->users;
117 }
118 }

References readUserData().

+ Here is the call graph for this function:

◆ fetchUserProfileFields()

ilLDAPQuery::fetchUserProfileFields ( )
private

fetch required fields of user profile data

@access private

Parameters

Definition at line 687 of file class.ilLDAPQuery.php.

688 {
689 include_once('Services/LDAP/classes/class.ilLDAPRoleAssignmentRules.php');
690
691 $this->user_fields = array_merge(
692 array($this->settings->getUserAttribute()),
693 array('dn'),
694 $this->mapping->getFields(),
695 ilLDAPRoleAssignmentRules::getAttributeNames($this->getServer()->getServerId())
696 );
697 }
ilLDAPRoleAssignmentRules\getAttributeNames
static getAttributeNames($a_server_id)
get all possible attribute names
Definition: class.ilLDAPRoleAssignmentRules.php:83

References ilLDAPRoleAssignmentRules\getAttributeNames(), and settings().

Referenced by __construct().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ fetchUsers()

ilLDAPQuery::fetchUsers ( )

Fetch all users.

@access public

Returns
array array of user data

Definition at line 127 of file class.ilLDAPQuery.php.

128 {
129 // First of all check if a group restriction is enabled
130 // YES: => fetch all group members
131 // No: => fetch all users
132 if(strlen($this->settings->getGroupName()))
133 {
134 $this->log->debug('Searching for group members.');
135
136 $groups = $this->settings->getGroupNames();
137 if(count($groups) <= 1)
138 {
139 $this->fetchGroupMembers();
140 }
141 else
142 {
143 foreach($groups as $group)
144 {
145 $this->fetchGroupMembers($group);
146 }
147 }
148
149 }
150 if(!strlen($this->settings->getGroupName()) or $this->settings->isMembershipOptional())
151 {
152 $this->log->info('Start reading all users...');
153 $this->readAllUsers();
154 #throw new ilLDAPQueryException('LDAP: Called import of users without specifying group restrictions. NOT IMPLEMENTED YET!');
155 }
156 return $this->users ? $this->users : array();
157 }
ilLDAPQuery\fetchGroupMembers
fetchGroupMembers($a_name='')
Fetch group member ids.
Definition: class.ilLDAPQuery.php:373
ilLDAPQuery\readAllUsers
readAllUsers()
Fetch all users This function splits the query to filters like e.g (uid=a*) (uid=b*)....
Definition: class.ilLDAPQuery.php:222

References fetchGroupMembers(), readAllUsers(), and settings().

+ Here is the call graph for this function:

◆ getLogger()

ilLDAPQuery::getLogger ( )

Get logger.

Returns
ilLogger

Definition at line 96 of file class.ilLDAPQuery.php.

97 {
98 return $this->log;
99 }

References $log.

Referenced by checkGroupMembership(), and queryByScope().

+ Here is the caller graph for this function:

◆ getServer()

ilLDAPQuery::getServer ( )

Get server.

Returns
ilLDAPServer

Definition at line 87 of file class.ilLDAPQuery.php.

88 {
89 return $this->settings;
90 }

References $settings.

Referenced by checkGroupMembership().

+ Here is the caller graph for this function:

◆ modAdd()

ilLDAPQuery::modAdd (   $a_dn,
  $a_attribute 
)

Add value to an existing attribute.

@access public

Exceptions
ilLDAPQueryException

Definition at line 190 of file class.ilLDAPQuery.php.

191 {
192 if(@ldap_mod_add($this->lh,$a_dn,$a_attribute))
193 {
194 return true;
195 }
196 throw new ilLDAPQueryException(__METHOD__.' '.ldap_error($this->lh));
197 }

◆ modDelete()

ilLDAPQuery::modDelete (   $a_dn,
  $a_attribute 
)

Delete value from an existing attribute.

@access public

Exceptions
ilLDAPQueryException

Definition at line 205 of file class.ilLDAPQuery.php.

206 {
207 if(@ldap_mod_del($this->lh,$a_dn,$a_attribute))
208 {
209 return true;
210 }
211 throw new ilLDAPQueryException(__METHOD__.' '.ldap_error($this->lh));
212 }

◆ parseAuthMode()

ilLDAPQuery::parseAuthMode ( )
private

Parse authentication mode.

Returns
string auth mode

Definition at line 515 of file class.ilLDAPQuery.php.

516 {
517 return $this->settings->getAuthenticationMappingKey();
518 }

References settings().

+ Here is the call graph for this function:

◆ query()

ilLDAPQuery::query (   $a_search_base,
  $a_filter,
  $a_scope,
  $a_attributes 
)

Perform a query.

@access public

Parameters
stringsearch base
stringfilter
intscope
arrayattributes
Returns
object ilLDAPResult
Exceptions
ilLDAPQueryException

Definition at line 170 of file class.ilLDAPQuery.php.

171 {
172 $res = $this->queryByScope($a_scope,$a_search_base,$a_filter,$a_attributes);
173 if($res === false)
174 {
175 throw new ilLDAPQueryException(__METHOD__.' '.ldap_error($this->lh).' '.
176 sprintf('DN: %s, Filter: %s, Scope: %s',
177 $a_search_base,
178 $a_filter,
179 $a_scope));
180 }
181 return new ilLDAPResult($this->lh,$res);
182 }

References $res, queryByScope(), and sprintf.

+ Here is the call graph for this function:

◆ queryByScope()

ilLDAPQuery::queryByScope (   $a_scope,
  $a_base_dn,
  $a_filter,
  $a_attributes 
)
private

Query by scope IL_SCOPE_SUB => ldap_search IL_SCOPE_ONE => ldap_list.

@access private

Parameters

Definition at line 529 of file class.ilLDAPQuery.php.

530 {
531 $a_filter = $a_filter ? $a_filter : "(objectclass=*)";
532
533 switch($a_scope)
534 {
535 case IL_LDAP_SCOPE_SUB:
536 $res = @ldap_search($this->lh,$a_base_dn,$a_filter,$a_attributes);
537 break;
538
539 case IL_LDAP_SCOPE_ONE:
540 $res = @ldap_list($this->lh,$a_base_dn,$a_filter,$a_attributes);
541 break;
542
543 case IL_LDAP_SCOPE_BASE:
544
545 $res = @ldap_read($this->lh,$a_base_dn,$a_filter,$a_attributes);
546 break;
547
548 default:
549 $this->log->warning("LDAP: LDAPQuery: Unknown search scope");
550 }
551
552 $error = ldap_error($this->lh);
553 if(strcmp('Success', $error) !== 0)
554 {
555 $this->getLogger()->warning($error);
556 $this->getLogger()->warning('Base DN:' . $a_base_dn);
557 $this->getLogger()->warning('Filter: ' . $a_filter);
558 }
559
560 return $res;
561
562 }
$error
$error
Definition: Error.php:17
IL_LDAP_SCOPE_BASE
const IL_LDAP_SCOPE_BASE
Definition: class.ilLDAPServer.php:10
IL_LDAP_SCOPE_SUB
const IL_LDAP_SCOPE_SUB
Definition: class.ilLDAPServer.php:8
IL_LDAP_SCOPE_ONE
const IL_LDAP_SCOPE_ONE
Definition: class.ilLDAPServer.php:9

References $error, $res, getLogger(), IL_LDAP_SCOPE_BASE, IL_LDAP_SCOPE_ONE, and IL_LDAP_SCOPE_SUB.

Referenced by checkGroupMembership(), fetchGroupMembers(), query(), readAllUsers(), and readUserData().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ readAllUsers()

ilLDAPQuery::readAllUsers ( )
private

Fetch all users This function splits the query to filters like e.g (uid=a*) (uid=b*)... This avoids AD page_size_limit.

@access public

Definition at line 222 of file class.ilLDAPQuery.php.

223 {
224 // Build search base
225 if(($dn = $this->settings->getSearchBase()) && substr($dn,-1) != ',')
226 {
227 $dn .= ',';
228 }
229 $dn .= $this->settings->getBaseDN();
230
231 // page results
232 $filter = $this->settings->getFilter();
233 $page_filter = array('a','b','c','d','e','f','g','h','i','j','k','l','m','n','o','p','q','r','s','t','u','v','w','x','y','z','-');
234 $chars = array('a','b','c','d','e','f','g','h','i','j','k','l','m','n','o','p','q','r','s','t','u','v','w','x','y','z');
235
236 foreach($page_filter as $letter)
237 {
238 $new_filter = '(&';
239 $new_filter .= $filter;
240
241 switch($letter)
242 {
243 case '-':
244 $new_filter .= ('(!(|');
245 foreach($chars as $char)
246 {
247 $new_filter .= ('('.$this->settings->getUserAttribute().'='.$char.'*)');
248 }
249 $new_filter .= ')))';
250 break;
251
252 default:
253 $new_filter .= ('('.$this->settings->getUserAttribute().'='.$letter.'*))');
254 break;
255 }
256
257 $this->log->info('Searching with ldap search and filter '.$new_filter.' in '.$dn);
258 $res = $this->queryByScope($this->settings->getUserScope(),
259 $dn,
260 $new_filter,
261 array($this->settings->getUserAttribute()));
262
263 $tmp_result = new ilLDAPResult($this->lh,$res);
264 if(!$tmp_result->numRows())
265 {
266 $this->log->notice('No users found. Aborting.');
267 continue;
268 }
269 $this->log->info('Found '.$tmp_result->numRows().' users.');
270 $attribute = strtolower($this->settings->getUserAttribute());
271 foreach($tmp_result->getRows() as $data)
272 {
273 if(isset($data[$attribute]))
274 {
275 $this->readUserData($data[$attribute],false,false);
276 }
277 else
278 {
279 $this->log->warning('Unknown error. No user attribute found.');
280 }
281 }
282 unset($tmp_result);
283 }
284 return true;
285 }

References $data, $res, queryByScope(), readUserData(), and settings().

Referenced by fetchUsers().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ readUserData()

ilLDAPQuery::readUserData (   $a_name,
  $a_check_dn = false,
  $a_try_group_user_filter = false 
)
private

Read user data.

Parameters
boolcheck dn
booluse group filter @access private

Definition at line 436 of file class.ilLDAPQuery.php.

437 {
438 $filter = $this->settings->getFilter();
439 if($a_try_group_user_filter)
440 {
441 if($this->settings->isMembershipOptional())
442 {
443 $filter = $this->settings->getGroupUserFilter();
444 }
445 }
446
447 // Build filter
448 if($this->settings->enabledGroupMemberIsDN() and $a_check_dn)
449 {
450 $dn = $a_name;
451 #$res = $this->queryByScope(IL_LDAP_SCOPE_BASE,$dn,$filter,$this->user_fields);
452
453 $fields = array_merge($this->user_fields,array('useraccountcontrol'));
454 $res = $this->queryByScope(IL_LDAP_SCOPE_BASE,strtolower($dn),$filter,$fields);
455 }
456 else
457 {
458 $filter = sprintf('(&(%s=%s)%s)',
459 $this->settings->getUserAttribute(),
460 $a_name,
461 $filter);
462
463 // Build search base
464 if(($dn = $this->settings->getSearchBase()) && substr($dn,-1) != ',')
465 {
466 $dn .= ',';
467 }
468 $dn .= $this->settings->getBaseDN();
469 $fields = array_merge($this->user_fields,array('useraccountcontrol'));
470 $res = $this->queryByScope($this->settings->getUserScope(),strtolower($dn),$filter,$fields);
471 }
472
473
474 $tmp_result = new ilLDAPResult($this->lh,$res);
475 if(!$tmp_result->numRows())
476 {
477 $this->log->info('LDAP: No user data found for: '.$a_name);
478 unset($tmp_result);
479 return false;
480 }
481
482 if($user_data = $tmp_result->get())
483 {
484 if(isset($user_data['useraccountcontrol']))
485 {
486 if(($user_data['useraccountcontrol'] & 0x02))
487 {
488 $this->log->notice('LDAP: '.$a_name.' account disabled.');
489 return;
490 }
491 }
492
493 $account = $user_data[strtolower($this->settings->getUserAttribute())];
494 if(is_array($account))
495 {
496 $user_ext = strtolower(array_shift($account));
497 }
498 else
499 {
500 $user_ext = strtolower($account);
501 }
502
503 // auth mode depends on ldap server settings
504 $auth_mode = $this->settings->getAuthenticationMappingKey();
505 $user_data['ilInternalAccount'] = ilObjUser::_checkExternalAuthAccount($auth_mode,$user_ext);
506 $this->users[$user_ext] = $user_data;
507 }
508 return true;
509 }
ilObjUser\_checkExternalAuthAccount
static _checkExternalAuthAccount($a_auth, $a_account)
check whether external account and authentication method matches with a user
Definition: class.ilObjUser.php:3721

References $res, ilObjUser\_checkExternalAuthAccount(), IL_LDAP_SCOPE_BASE, queryByScope(), settings(), and sprintf.

Referenced by checkGroupMembership(), fetchGroupMembers(), fetchUser(), and readAllUsers().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ unbind()

ilLDAPQuery::unbind ( )
private

Unbind.

@access private

Parameters

Definition at line 707 of file class.ilLDAPQuery.php.

708 {
709 if($this->lh)
710 {
711 @ldap_unbind($this->lh);
712 }
713 }

Field Documentation

◆ $ldap_server_url

ilLDAPQuery::$ldap_server_url = null
private

Definition at line 44 of file class.ilLDAPQuery.php.

◆ $log

ilLDAPQuery::$log = null
private

Definition at line 50 of file class.ilLDAPQuery.php.

Referenced by getLogger().

◆ $settings

ilLDAPQuery::$settings = null
private

Definition at line 45 of file class.ilLDAPQuery.php.

Referenced by getServer().

◆ $user_fields

ilLDAPQuery::$user_fields = array()
private

Definition at line 52 of file class.ilLDAPQuery.php.

The documentation for this class was generated from the following file: