ILIAS  release_5-2 Revision v5.2.25-18-g3f80b828510
Public Member Functions | Private Member Functions | Private Attributes
ilLDAPQuery Class Reference
Services/LDAP
+ Collaboration diagram for ilLDAPQuery:

Public Member Functions

 __construct (ilLDAPServer $a_server, $a_url='')
 Constructur. More...
 
 getServer ()
 Get server. More...
 
 getLogger ()
 Get logger. More...
 
 fetchUser ($a_name)
 Get one user by login name. More...
 
 fetchUsers ()
 Fetch all users. More...
 
 query ($a_search_base, $a_filter, $a_scope, $a_attributes)
 Perform a query. More...
 
 modAdd ($a_dn, $a_attribute)
 Add value to an existing attribute. More...
 
 modDelete ($a_dn, $a_attribute)
 Delete value from an existing attribute. More...
 
 checkGroupMembership ($a_ldap_user_name, $ldap_user_data)
 check group membership More...
 
 bind ($a_binding_type=IL_LDAP_BIND_DEFAULT, $a_user_dn='', $a_password='')
 Bind to LDAP server. More...
 
 __destruct ()
 Destructor unbind from ldap server. More...
 

Private Member Functions

 readAllUsers ()
 Fetch all users This function splits the query to filters like e.g (uid=a*) (uid=b*)... More...
 
 fetchGroupMembers ($a_name='')
 Fetch group member ids. More...
 
 readUserData ($a_name, $a_check_dn=false, $a_try_group_user_filter=false)
 Read user data. More...
 
 parseAuthMode ()
 Parse authentication mode. More...
 
 queryByScope ($a_scope, $a_base_dn, $a_filter, $a_attributes)
 Query by scope IL_SCOPE_SUB => ldap_search IL_SCOPE_ONE => ldap_list. More...
 
 connect ()
 Connect to LDAP server. More...
 
 fetchUserProfileFields ()
 fetch required fields of user profile data More...
 
 unbind ()
 Unbind. More...
 

Private Attributes

 $ldap_server_url = null
 
 $settings = null
 
 $log = null
 
 $user_fields = array()
 

Detailed Description

Author
Stefan Meyer meyer.nosp@m.@lei.nosp@m.fos.c.nosp@m.om
Version
$Id$

Definition at line 42 of file class.ilLDAPQuery.php.

Constructor & Destructor Documentation

◆ __construct()

ilLDAPQuery::__construct ( ilLDAPServer  $a_server,
  $a_url = '' 
)

Constructur.

private

Parameters
objectilLDAPServer or subclass
Exceptions
ilLDAPQueryException

Definition at line 62 of file class.ilLDAPQuery.php.

References $GLOBALS, ilLDAPAttributeMapping\_getInstanceByServerId(), connect(), fetchUserProfileFields(), and settings().

63  {
64  $this->settings = $a_server;
65 
66  if(strlen($a_url))
67  {
68  $this->ldap_server_url = $a_url;
69  }
70  else
71  {
72  $this->ldap_server_url = $this->settings->getUrl();
73  }
74 
75  $this->mapping = ilLDAPAttributeMapping::_getInstanceByServerId($this->settings->getServerId());
76  $this->log = $GLOBALS['DIC']->logger()->auth();
77 
78  $this->fetchUserProfileFields();
79  $this->connect();
80  }
ilLDAPAttributeMapping\_getInstanceByServerId
static _getInstanceByServerId($a_server_id)
Get instance of class.
Definition: class.ilLDAPAttributeMapping.php:65
$GLOBALS
$GLOBALS['loaded']
Global hash that tracks already loaded includes.
Definition: generate-standalone.php:18
ilLDAPQuery\connect
connect()
Connect to LDAP server.
Definition: class.ilLDAPQuery.php:571
ilLDAPQuery\fetchUserProfileFields
fetchUserProfileFields()
fetch required fields of user profile data
Definition: class.ilLDAPQuery.php:687
settings
settings()
Definition: settings.php:2
+ Here is the call graph for this function:

◆ __destruct()

ilLDAPQuery::__destruct ( )

Destructor unbind from ldap server.

private

Parameters

Definition at line 723 of file class.ilLDAPQuery.php.

724  {
725  if($this->lh)
726  {
727  @ldap_unbind($this->lh);
728  }
729  }

Member Function Documentation

◆ bind()

ilLDAPQuery::bind (   $a_binding_type = IL_LDAP_BIND_DEFAULT,
  $a_user_dn = '',
  $a_password = '' 
)

Bind to LDAP server.

public

Parameters
intbinding_type IL_LDAP_BIND_DEFAULT || IL_LDAP_BIND_ADMIN
Exceptions
ilLDAPQueryExceptionon connection failure.

Definition at line 617 of file class.ilLDAPQuery.php.

References $pass, ilLDAPServer\DEFAULT_NETWORK_TIMEOUT, IL_LDAP_BIND_ADMIN, IL_LDAP_BIND_AUTH, IL_LDAP_BIND_DEFAULT, IL_LDAP_BIND_TEST, IL_LDAP_BIND_USER, and settings().

618  {
619  switch($a_binding_type)
620  {
621  case IL_LDAP_BIND_TEST:
622  ldap_set_option($this->lh, LDAP_OPT_NETWORK_TIMEOUT, ilLDAPServer::DEFAULT_NETWORK_TIMEOUT);
623  // fall through
624  case IL_LDAP_BIND_DEFAULT:
625  // Now bind anonymously or as user
626  if(
627  IL_LDAP_BIND_USER == $this->settings->getBindingType() &&
628  strlen($this->settings->getBindUser())
629  )
630  {
631  $user = $this->settings->getBindUser();
632  $pass = $this->settings->getBindPassword();
633 
634  define('IL_LDAP_REBIND_USER',$user);
635  define('IL_LDAP_REBIND_PASS',$pass);
636  $this->log->debug('Bind as '.$user);
637  }
638  else
639  {
640  $user = $pass = '';
641  $this->log->debug('Bind anonymous');
642  }
643  break;
644 
645  case IL_LDAP_BIND_ADMIN:
646  $user = $this->settings->getRoleBindDN();
647  $pass = $this->settings->getRoleBindPassword();
648 
649  if(!strlen($user) or !strlen($pass))
650  {
651  $user = $this->settings->getBindUser();
652  $pass = $this->settings->getBindPassword();
653  }
654 
655  define('IL_LDAP_REBIND_USER',$user);
656  define('IL_LDAP_REBIND_PASS',$pass);
657  break;
658 
659  case IL_LDAP_BIND_AUTH:
660  $this->log->debug('Trying to bind as: ' . $a_user_dn);
661  $user = $a_user_dn;
662  $pass = $a_password;
663  break;
664 
665 
666  default:
667  throw new ilLDAPQueryException('LDAP: unknown binding type in: '.__METHOD__);
668  }
669 
670  if(!@ldap_bind($this->lh,$user,$pass))
671  {
672  throw new ilLDAPQueryException('LDAP: Cannot bind as '.$user.' with message: '. ldap_err2str(ldap_errno($this->lh)).' Trying fallback...', ldap_errno($this->lh));
673  }
674  else
675  {
676  $this->log->debug('Bind successful.');
677  }
678  }
IL_LDAP_BIND_USER
const IL_LDAP_BIND_USER
Definition: class.ilLDAPServer.php:6
IL_LDAP_BIND_AUTH
const IL_LDAP_BIND_AUTH
Definition: class.ilLDAPQuery.php:27
IL_LDAP_BIND_DEFAULT
const IL_LDAP_BIND_DEFAULT
Definition: class.ilLDAPQuery.php:24
IL_LDAP_BIND_TEST
const IL_LDAP_BIND_TEST
Definition: class.ilLDAPQuery.php:26
ilLDAPServer\DEFAULT_NETWORK_TIMEOUT
const DEFAULT_NETWORK_TIMEOUT
Definition: class.ilLDAPServer.php:30
IL_LDAP_BIND_ADMIN
const IL_LDAP_BIND_ADMIN
Definition: class.ilLDAPQuery.php:25
settings
settings()
Definition: settings.php:2
+ Here is the call graph for this function:

◆ checkGroupMembership()

ilLDAPQuery::checkGroupMembership (   $a_ldap_user_name,
  $ldap_user_data 
)

check group membership

Parameters
stringlogin name
arrayuser data
Returns
bool

Definition at line 293 of file class.ilLDAPQuery.php.

References $res, ilLogLevel\DEBUG, getLogger(), getServer(), queryByScope(), and readUserData().

294  {
295  $group_names = $this->getServer()->getGroupNames();
296 
297  if(!count($group_names))
298  {
299  $this->getLogger()->debug('No LDAP group restrictions found');
300  return true;
301  }
302 
303  $group_dn = $this->getServer()->getGroupDN();
304  if(
305  $group_dn &&
306  (substr($group_dn, -1) != ',')
307  )
308  {
309  $group_dn .= ',';
310  }
311  $group_dn .= $this->getServer()->getBaseDN();
312 
313  foreach($group_names as $group)
314  {
315  $user = $a_ldap_user_name;
316  if($this->getServer()->enabledGroupMemberIsDN())
317  {
318  $user = $ldap_user_data['dn'];
319  }
320 
321  $filter = sprintf('(&(%s=%s)(%s=%s)%s)',
322  $this->getServer()->getGroupAttribute(),
323  $group,
324  $this->getServer()->getGroupMember(),
325  $user,
326  $this->getServer()->getGroupFilter()
327  );
328  $this->getLogger()->debug('Current group search base: ' . $group_dn);
329  $this->getLogger()->debug('Current group filter: ' . $filter);
330 
331  $res = $this->queryByScope(
332  $this->getServer()->getGroupScope(),
333  $group_dn,
334  $filter,
335  [$this->getServer()->getGroupMember()]
336  );
337 
338  $this->getLogger()->dump($res);
339 
340  $tmp_result = new ilLDAPResult($this->lh,$res);
341  $group_result = $tmp_result->getRows();
342 
343  $this->getLogger()->debug('Group query returned: ');
344  $this->getLogger()->dump($group_result, ilLogLevel::DEBUG);
345 
346  if(count($group_result))
347  {
348  return true;
349  }
350  }
351 
352  // group restrictions failed check optional membership
353  if($this->getServer()->isMembershipOptional())
354  {
355  $this->getLogger()->debug('Group restrictions failed, checking user filter.');
356  if($this->readUserData($a_ldap_user_name, true, true))
357  {
358  $this->getLogger()->debug('User filter matches.');
359  return true;
360  }
361  }
362  $this->getLogger()->debug('Group restrictions failed.');
363  return false;
364  }
ilLDAPQuery\getLogger
getLogger()
Get logger.
Definition: class.ilLDAPQuery.php:96
ilLDAPQuery\getServer
getServer()
Get server.
Definition: class.ilLDAPQuery.php:87
ilLDAPQuery\readUserData
readUserData($a_name, $a_check_dn=false, $a_try_group_user_filter=false)
Read user data.
Definition: class.ilLDAPQuery.php:436
ilLDAPQuery\queryByScope
queryByScope($a_scope, $a_base_dn, $a_filter, $a_attributes)
Query by scope IL_SCOPE_SUB => ldap_search IL_SCOPE_ONE => ldap_list.
Definition: class.ilLDAPQuery.php:529
+ Here is the call graph for this function:

◆ connect()

ilLDAPQuery::connect ( )
private

Connect to LDAP server.

private

Exceptions
ilLDAPQueryException

Definition at line 571 of file class.ilLDAPQuery.php.

References settings().

Referenced by __construct().

572  {
573  $this->lh = @ldap_connect($this->ldap_server_url);
574 
575  // LDAP Connect
576  if(!$this->lh)
577  {
578  throw new ilLDAPQueryException("LDAP: Cannot connect to LDAP Server: ".$this->settings->getUrl());
579  }
580  // LDAP Version
581  if(!ldap_set_option($this->lh,LDAP_OPT_PROTOCOL_VERSION,$this->settings->getVersion()))
582  {
583  throw new ilLDAPQueryException("LDAP: Cannot set version to: ".$this->settings->getVersion());
584  }
585  // Switch on referrals
586  if($this->settings->isActiveReferrer())
587  {
588  if(!ldap_set_option($this->lh,LDAP_OPT_REFERRALS,true))
589  {
590  throw new ilLDAPQueryException("LDAP: Cannot switch on LDAP referrals");
591  }
592  #@ldap_set_rebind_proc($this->lh,'referralRebind');
593  }
594  else
595  {
596  ldap_set_option($this->lh,LDAP_OPT_REFERRALS,false);
597  $this->log->debug('Switching referrals to false.');
598  }
599  // Start TLS
600  if($this->settings->isActiveTLS())
601  {
602  if(!ldap_start_tls($this->lh))
603  {
604  throw new ilLDAPQueryException("LDAP: Cannot start LDAP TLS");
605  }
606  }
607  }
settings
settings()
Definition: settings.php:2
+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ fetchGroupMembers()

ilLDAPQuery::fetchGroupMembers (   $a_name = '')
private

Fetch group member ids.

public

Definition at line 373 of file class.ilLDAPQuery.php.

References $data, $res, array, queryByScope(), readUserData(), and settings().

Referenced by fetchUsers().

374  {
375  $group_name = strlen($a_name) ? $a_name : $this->settings->getGroupName();
376 
377  // Build filter
378  $filter = sprintf('(&(%s=%s)%s)',
379  $this->settings->getGroupAttribute(),
380  $group_name,
381  $this->settings->getGroupFilter());
382 
383 
384  // Build search base
385  if(($gdn = $this->settings->getGroupDN()) && substr($gdn,-1) != ',')
386  {
387  $gdn .= ',';
388  }
389  $gdn .= $this->settings->getBaseDN();
390 
391  $this->log->debug('Using filter '.$filter);
392  $this->log->debug('Using DN '.$gdn);
393  $res = $this->queryByScope($this->settings->getGroupScope(),
394  $gdn,
395  $filter,
396  array($this->settings->getGroupMember()));
397 
398  $tmp_result = new ilLDAPResult($this->lh,$res);
399  $group_data = $tmp_result->getRows();
400 
401 
402  if(!$tmp_result->numRows())
403  {
404  $this->log->info('No group found.');
405  return false;
406  }
407 
408  $attribute_name = strtolower($this->settings->getGroupMember());
409 
410  // All groups
411  foreach($group_data as $data)
412  {
413  $this->log->debug('Found '.count($data[$attribute_name]).' group members for group '.$data['dn']);
414  if(is_array($data[$attribute_name]))
415  {
416  foreach($data[$attribute_name] as $name)
417  {
418  $this->readUserData($name,true,true);
419  }
420  }
421  else
422  {
423  $this->readUserData($data[$attribute_name],true,true);
424  }
425  }
426  unset($tmp_result);
427  return;
428  }
ilLDAPQuery\readUserData
readUserData($a_name, $a_check_dn=false, $a_try_group_user_filter=false)
Read user data.
Definition: class.ilLDAPQuery.php:436
array
Create styles array
The data for the language used.
Definition: 40duplicateStyle.php:19
settings
settings()
Definition: settings.php:2
ilLDAPQuery\queryByScope
queryByScope($a_scope, $a_base_dn, $a_filter, $a_attributes)
Query by scope IL_SCOPE_SUB => ldap_search IL_SCOPE_ONE => ldap_list.
Definition: class.ilLDAPQuery.php:529
+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ fetchUser()

ilLDAPQuery::fetchUser (   $a_name)

Get one user by login name.

public

Parameters
stringlogin name
Returns
array of user data

Definition at line 108 of file class.ilLDAPQuery.php.

References array, and readUserData().

109  {
110  if(!$this->readUserData($a_name))
111  {
112  return array();
113  }
114  else
115  {
116  return $this->users;
117  }
118  }
ilLDAPQuery\readUserData
readUserData($a_name, $a_check_dn=false, $a_try_group_user_filter=false)
Read user data.
Definition: class.ilLDAPQuery.php:436
array
Create styles array
The data for the language used.
Definition: 40duplicateStyle.php:19
+ Here is the call graph for this function:

◆ fetchUserProfileFields()

ilLDAPQuery::fetchUserProfileFields ( )
private

fetch required fields of user profile data

private

Parameters

Definition at line 687 of file class.ilLDAPQuery.php.

References array, ilLDAPRoleAssignmentRules\getAttributeNames(), getServer(), and settings().

Referenced by __construct().

688  {
689  include_once('Services/LDAP/classes/class.ilLDAPRoleAssignmentRules.php');
690 
691  $this->user_fields = array_merge(
692  array($this->settings->getUserAttribute()),
693  array('dn'),
694  $this->mapping->getFields(),
695  ilLDAPRoleAssignmentRules::getAttributeNames($this->getServer()->getServerId())
696  );
697  }
ilLDAPRoleAssignmentRules\getAttributeNames
static getAttributeNames($a_server_id)
get all possible attribute names
Definition: class.ilLDAPRoleAssignmentRules.php:83
ilLDAPQuery\getServer
getServer()
Get server.
Definition: class.ilLDAPQuery.php:87
array
Create styles array
The data for the language used.
Definition: 40duplicateStyle.php:19
settings
settings()
Definition: settings.php:2
+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ fetchUsers()

ilLDAPQuery::fetchUsers ( )

Fetch all users.

public

Returns
array array of user data

Definition at line 127 of file class.ilLDAPQuery.php.

References array, fetchGroupMembers(), readAllUsers(), and settings().

128  {
129  // First of all check if a group restriction is enabled
130  // YES: => fetch all group members
131  // No: => fetch all users
132  if(strlen($this->settings->getGroupName()))
133  {
134  $this->log->debug('Searching for group members.');
135 
136  $groups = $this->settings->getGroupNames();
137  if(count($groups) <= 1)
138  {
139  $this->fetchGroupMembers();
140  }
141  else
142  {
143  foreach($groups as $group)
144  {
145  $this->fetchGroupMembers($group);
146  }
147  }
148 
149  }
150  if(!strlen($this->settings->getGroupName()) or $this->settings->isMembershipOptional())
151  {
152  $this->log->info('Start reading all users...');
153  $this->readAllUsers();
154  #throw new ilLDAPQueryException('LDAP: Called import of users without specifying group restrictions. NOT IMPLEMENTED YET!');
155  }
156  return $this->users ? $this->users : array();
157  }
ilLDAPQuery\readAllUsers
readAllUsers()
Fetch all users This function splits the query to filters like e.g (uid=a*) (uid=b*)...
Definition: class.ilLDAPQuery.php:222
ilLDAPQuery\fetchGroupMembers
fetchGroupMembers($a_name='')
Fetch group member ids.
Definition: class.ilLDAPQuery.php:373
array
Create styles array
The data for the language used.
Definition: 40duplicateStyle.php:19
settings
settings()
Definition: settings.php:2
+ Here is the call graph for this function:

◆ getLogger()

ilLDAPQuery::getLogger ( )

Get logger.

Returns
ilLogger

Definition at line 96 of file class.ilLDAPQuery.php.

References $log.

Referenced by checkGroupMembership(), and queryByScope().

97  {
98  return $this->log;
99  }
+ Here is the caller graph for this function:

◆ getServer()

ilLDAPQuery::getServer ( )

Get server.

Returns
ilLDAPServer

Definition at line 87 of file class.ilLDAPQuery.php.

References $settings.

Referenced by checkGroupMembership(), and fetchUserProfileFields().

88  {
89  return $this->settings;
90  }
+ Here is the caller graph for this function:

◆ modAdd()

ilLDAPQuery::modAdd (   $a_dn,
  $a_attribute 
)

Add value to an existing attribute.

public

Exceptions
ilLDAPQueryException

Definition at line 190 of file class.ilLDAPQuery.php.

191  {
192  if(@ldap_mod_add($this->lh,$a_dn,$a_attribute))
193  {
194  return true;
195  }
196  throw new ilLDAPQueryException(__METHOD__.' '.ldap_error($this->lh));
197  }

◆ modDelete()

ilLDAPQuery::modDelete (   $a_dn,
  $a_attribute 
)

Delete value from an existing attribute.

public

Exceptions
ilLDAPQueryException

Definition at line 205 of file class.ilLDAPQuery.php.

206  {
207  if(@ldap_mod_del($this->lh,$a_dn,$a_attribute))
208  {
209  return true;
210  }
211  throw new ilLDAPQueryException(__METHOD__.' '.ldap_error($this->lh));
212  }

◆ parseAuthMode()

ilLDAPQuery::parseAuthMode ( )
private

Parse authentication mode.

Returns
string auth mode

Definition at line 515 of file class.ilLDAPQuery.php.

References settings().

516  {
517  return $this->settings->getAuthenticationMappingKey();
518  }
settings
settings()
Definition: settings.php:2
+ Here is the call graph for this function:

◆ query()

ilLDAPQuery::query (   $a_search_base,
  $a_filter,
  $a_scope,
  $a_attributes 
)

Perform a query.

public

Parameters
stringsearch base
stringfilter
intscope
arrayattributes
Returns
object ilLDAPResult
Exceptions
ilLDAPQueryException

Definition at line 170 of file class.ilLDAPQuery.php.

References $res, and queryByScope().

171  {
172  $res = $this->queryByScope($a_scope,$a_search_base,$a_filter,$a_attributes);
173  if($res === false)
174  {
175  throw new ilLDAPQueryException(__METHOD__.' '.ldap_error($this->lh).' '.
176  sprintf('DN: %s, Filter: %s, Scope: %s',
177  $a_search_base,
178  $a_filter,
179  $a_scope));
180  }
181  return new ilLDAPResult($this->lh,$res);
182  }
ilLDAPQuery\queryByScope
queryByScope($a_scope, $a_base_dn, $a_filter, $a_attributes)
Query by scope IL_SCOPE_SUB => ldap_search IL_SCOPE_ONE => ldap_list.
Definition: class.ilLDAPQuery.php:529
+ Here is the call graph for this function:

◆ queryByScope()

ilLDAPQuery::queryByScope (   $a_scope,
  $a_base_dn,
  $a_filter,
  $a_attributes 
)
private

Query by scope IL_SCOPE_SUB => ldap_search IL_SCOPE_ONE => ldap_list.

private

Parameters

Definition at line 529 of file class.ilLDAPQuery.php.

References $error, $res, getLogger(), IL_LDAP_SCOPE_BASE, IL_LDAP_SCOPE_ONE, and IL_LDAP_SCOPE_SUB.

Referenced by checkGroupMembership(), fetchGroupMembers(), query(), readAllUsers(), and readUserData().

530  {
531  $a_filter = $a_filter ? $a_filter : "(objectclass=*)";
532 
533  switch($a_scope)
534  {
535  case IL_LDAP_SCOPE_SUB:
536  $res = @ldap_search($this->lh,$a_base_dn,$a_filter,$a_attributes);
537  break;
538 
539  case IL_LDAP_SCOPE_ONE:
540  $res = @ldap_list($this->lh,$a_base_dn,$a_filter,$a_attributes);
541  break;
542 
543  case IL_LDAP_SCOPE_BASE:
544 
545  $res = @ldap_read($this->lh,$a_base_dn,$a_filter,$a_attributes);
546  break;
547 
548  default:
549  $this->log->warning("LDAP: LDAPQuery: Unknown search scope");
550  }
551 
552  $error = ldap_error($this->lh);
553  if(strcmp('Success', $error) !== 0)
554  {
555  $this->getLogger()->warning($error);
556  $this->getLogger()->warning('Base DN:' . $a_base_dn);
557  $this->getLogger()->warning('Filter: ' . $a_filter);
558  }
559 
560  return $res;
561 
562  }
$error
$error
Definition: Error.php:17
ilLDAPQuery\getLogger
getLogger()
Get logger.
Definition: class.ilLDAPQuery.php:96
IL_LDAP_SCOPE_SUB
const IL_LDAP_SCOPE_SUB
Definition: class.ilLDAPServer.php:8
IL_LDAP_SCOPE_ONE
const IL_LDAP_SCOPE_ONE
Definition: class.ilLDAPServer.php:9
IL_LDAP_SCOPE_BASE
const IL_LDAP_SCOPE_BASE
Definition: class.ilLDAPServer.php:10
+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ readAllUsers()

ilLDAPQuery::readAllUsers ( )
private

Fetch all users This function splits the query to filters like e.g (uid=a*) (uid=b*)...

This avoids AD page_size_limit

public

Definition at line 222 of file class.ilLDAPQuery.php.

References $data, $res, array, queryByScope(), readUserData(), and settings().

Referenced by fetchUsers().

223  {
224  // Build search base
225  if(($dn = $this->settings->getSearchBase()) && substr($dn,-1) != ',')
226  {
227  $dn .= ',';
228  }
229  $dn .= $this->settings->getBaseDN();
230 
231  // page results
232  $filter = $this->settings->getFilter();
233  $page_filter = array('a','b','c','d','e','f','g','h','i','j','k','l','m','n','o','p','q','r','s','t','u','v','w','x','y','z','-');
234  $chars = array('a','b','c','d','e','f','g','h','i','j','k','l','m','n','o','p','q','r','s','t','u','v','w','x','y','z');
235 
236  foreach($page_filter as $letter)
237  {
238  $new_filter = '(&';
239  $new_filter .= $filter;
240 
241  switch($letter)
242  {
243  case '-':
244  $new_filter .= ('(!(|');
245  foreach($chars as $char)
246  {
247  $new_filter .= ('('.$this->settings->getUserAttribute().'='.$char.'*)');
248  }
249  $new_filter .= ')))';
250  break;
251 
252  default:
253  $new_filter .= ('('.$this->settings->getUserAttribute().'='.$letter.'*))');
254  break;
255  }
256 
257  $this->log->info('Searching with ldap search and filter '.$new_filter.' in '.$dn);
258  $res = $this->queryByScope($this->settings->getUserScope(),
259  $dn,
260  $new_filter,
261  array($this->settings->getUserAttribute()));
262 
263  $tmp_result = new ilLDAPResult($this->lh,$res);
264  if(!$tmp_result->numRows())
265  {
266  $this->log->notice('No users found. Aborting.');
267  continue;
268  }
269  $this->log->info('Found '.$tmp_result->numRows().' users.');
270  $attribute = strtolower($this->settings->getUserAttribute());
271  foreach($tmp_result->getRows() as $data)
272  {
273  if(isset($data[$attribute]))
274  {
275  $this->readUserData($data[$attribute],false,false);
276  }
277  else
278  {
279  $this->log->warning('Unknown error. No user attribute found.');
280  }
281  }
282  unset($tmp_result);
283  }
284  return true;
285  }
ilLDAPQuery\readUserData
readUserData($a_name, $a_check_dn=false, $a_try_group_user_filter=false)
Read user data.
Definition: class.ilLDAPQuery.php:436
array
Create styles array
The data for the language used.
Definition: 40duplicateStyle.php:19
settings
settings()
Definition: settings.php:2
ilLDAPQuery\queryByScope
queryByScope($a_scope, $a_base_dn, $a_filter, $a_attributes)
Query by scope IL_SCOPE_SUB => ldap_search IL_SCOPE_ONE => ldap_list.
Definition: class.ilLDAPQuery.php:529
+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ readUserData()

ilLDAPQuery::readUserData (   $a_name,
  $a_check_dn = false,
  $a_try_group_user_filter = false 
)
private

Read user data.

Parameters
boolcheck dn
booluse group filter private

Definition at line 436 of file class.ilLDAPQuery.php.

References $res, ilObjUser\_checkExternalAuthAccount(), array, IL_LDAP_SCOPE_BASE, queryByScope(), and settings().

Referenced by checkGroupMembership(), fetchGroupMembers(), fetchUser(), and readAllUsers().

437  {
438  $filter = $this->settings->getFilter();
439  if($a_try_group_user_filter)
440  {
441  if($this->settings->isMembershipOptional())
442  {
443  $filter = $this->settings->getGroupUserFilter();
444  }
445  }
446 
447  // Build filter
448  if($this->settings->enabledGroupMemberIsDN() and $a_check_dn)
449  {
450  $dn = $a_name;
451  #$res = $this->queryByScope(IL_LDAP_SCOPE_BASE,$dn,$filter,$this->user_fields);
452 
453  $fields = array_merge($this->user_fields,array('useraccountcontrol'));
454  $res = $this->queryByScope(IL_LDAP_SCOPE_BASE,strtolower($dn),$filter,$fields);
455  }
456  else
457  {
458  $filter = sprintf('(&(%s=%s)%s)',
459  $this->settings->getUserAttribute(),
460  $a_name,
461  $filter);
462 
463  // Build search base
464  if(($dn = $this->settings->getSearchBase()) && substr($dn,-1) != ',')
465  {
466  $dn .= ',';
467  }
468  $dn .= $this->settings->getBaseDN();
469  $fields = array_merge($this->user_fields,array('useraccountcontrol'));
470  $res = $this->queryByScope($this->settings->getUserScope(),strtolower($dn),$filter,$fields);
471  }
472 
473 
474  $tmp_result = new ilLDAPResult($this->lh,$res);
475  if(!$tmp_result->numRows())
476  {
477  $this->log->info('LDAP: No user data found for: '.$a_name);
478  unset($tmp_result);
479  return false;
480  }
481 
482  if($user_data = $tmp_result->get())
483  {
484  if(isset($user_data['useraccountcontrol']))
485  {
486  if(($user_data['useraccountcontrol'] & 0x02))
487  {
488  $this->log->notice('LDAP: '.$a_name.' account disabled.');
489  return;
490  }
491  }
492 
493  $account = $user_data[strtolower($this->settings->getUserAttribute())];
494  if(is_array($account))
495  {
496  $user_ext = strtolower(array_shift($account));
497  }
498  else
499  {
500  $user_ext = strtolower($account);
501  }
502 
503  // auth mode depends on ldap server settings
504  $auth_mode = $this->settings->getAuthenticationMappingKey();
505  $user_data['ilInternalAccount'] = ilObjUser::_checkExternalAuthAccount($auth_mode,$user_ext);
506  $this->users[$user_ext] = $user_data;
507  }
508  return true;
509  }
array
Create styles array
The data for the language used.
Definition: 40duplicateStyle.php:19
settings
settings()
Definition: settings.php:2
ilObjUser\_checkExternalAuthAccount
static _checkExternalAuthAccount($a_auth, $a_account)
check whether external account and authentication method matches with a user
Definition: class.ilObjUser.php:3721
IL_LDAP_SCOPE_BASE
const IL_LDAP_SCOPE_BASE
Definition: class.ilLDAPServer.php:10
ilLDAPQuery\queryByScope
queryByScope($a_scope, $a_base_dn, $a_filter, $a_attributes)
Query by scope IL_SCOPE_SUB => ldap_search IL_SCOPE_ONE => ldap_list.
Definition: class.ilLDAPQuery.php:529
+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ unbind()

ilLDAPQuery::unbind ( )
private

Unbind.

private

Parameters

Definition at line 707 of file class.ilLDAPQuery.php.

708  {
709  if($this->lh)
710  {
711  @ldap_unbind($this->lh);
712  }
713  }

Field Documentation

◆ $ldap_server_url

ilLDAPQuery::$ldap_server_url = null
private

Definition at line 44 of file class.ilLDAPQuery.php.

◆ $log

ilLDAPQuery::$log = null
private

Definition at line 50 of file class.ilLDAPQuery.php.

Referenced by getLogger().

◆ $settings

ilLDAPQuery::$settings = null
private

Definition at line 45 of file class.ilLDAPQuery.php.

Referenced by getServer().

◆ $user_fields

ilLDAPQuery::$user_fields = array()
private

Definition at line 52 of file class.ilLDAPQuery.php.

The documentation for this class was generated from the following file: