ILIAS  release_5-2 Revision v5.2.25-18-g3f80b828510
Public Member Functions | Static Public Member Functions | Static Public Attributes | Protected Member Functions | Private Member Functions
ilAuthContainerApache Class Reference
Services/Database

Authentication against ILIAS database. More...

+ Inheritance diagram for ilAuthContainerApache:
+ Collaboration diagram for ilAuthContainerApache:

Public Member Functions

 __construct ()
 Constructor. More...
 

Static Public Member Functions

static forceCreation ($value)
 

Static Public Attributes

static $force_creation = false
 

Protected Member Functions

 updateRequired ($a_username)
 Check if an update is required. More...
 
 handleLDAPDataSource ($a_auth, $ext_account, $settings)
 Handle ldap as data source. More...
 

Private Member Functions

 initLDAPAttributeToUser ()
 Init LDAP attribute mapping private. More...
 

Detailed Description

Authentication against ILIAS database.

Author
Stefan Meyer meyer.nosp@m.@lei.nosp@m.fos.c.nosp@m.om
Version
$Id$

Definition at line 12 of file class.ilAuthContainerApache.php.

Constructor & Destructor Documentation

◆ __construct()

ilAuthContainerApache::__construct ( )

Constructor.

Definition at line 22 of file class.ilAuthContainerApache.php.

23  {
24  parent::__construct();
25  }

Member Function Documentation

◆ forceCreation()

static ilAuthContainerApache::forceCreation (   $value)
static
Parameters
boolean$value

Definition at line 30 of file class.ilAuthContainerApache.php.

References $_GET, $_POST, $_SERVER, $_SESSION, $config, $ilDB, $ilSetting, $info, $query, ilObjUser\_checkExternalAuthAccount(), ilAuthModeDetermination\_getInstance(), array, AUTH_APACHE, AUTH_APACHE_FAILED, AUTH_LDAP, defined, ilLDAPServer\doConnectionCheck(), ilLDAPRoleAssignmentRules\getAssignmentsForCreation(), ilLoggerFactory\getLogger(), handleLDAPDataSource(), initLDAPAttributeToUser(), ilUtil\isLogin(), ilUtil\redirect(), ilLDAPRoleAssignmentRules\ROLE_ACTION_ASSIGN, time, and updateRequired().

31  {
32  self::$force_creation = $value;
33  }
+ Here is the call graph for this function:

◆ handleLDAPDataSource()

ilAuthContainerApache::handleLDAPDataSource (   $a_auth,
  $ext_account,
  $settings 
)
protected

Handle ldap as data source.

Parameters
Auth$auth
string$ext_account

Definition at line 313 of file class.ilAuthContainerApache.php.

References $server, array, AUTH_RADIUS_NO_ILIAS_USER, ilLDAPServer\getInstanceByServerId(), ilLoggerFactory\getLogger(), ilUtil\redirect(), and ilLDAPUserSynchronisation\setExternalAccount().

Referenced by forceCreation().

314  {
315  include_once './Services/LDAP/classes/class.ilLDAPServer.php';
316  $server = ilLDAPServer::getInstanceByServerId(
317  $settings->get('apache_ldap_sid')
318  );
319 
320  ilLoggerFactory::getLogger('auth')->debug('Using ldap data source with server configuration: ' . $server->getName());
321 
322  include_once './Services/LDAP/classes/class.ilLDAPUserSynchronisation.php';
323  $sync = new ilLDAPUserSynchronisation('ldap_'.$server->getServerId(), $server->getServerId());
324  $sync->setExternalAccount($ext_account);
325  $sync->setUserData(array());
326  $sync->forceCreation(self::$force_creation);
327  $sync->forceReadLdapData(true);
328 
329  try {
330  $internal_account = $sync->sync();
331  }
332  catch(UnexpectedValueException $e) {
333  ilLoggerFactory::getLogger('auth')->info('Login failed with message: ' . $e->getMessage());
334  $a_auth->status = AUTH_WRONG_LOGIN;
335  $a_auth->logout();
336  return false;
337  }
338  catch(ilLDAPSynchronisationForbiddenException $e) {
339  // No syncronisation allowed => create Error
340  ilLoggerFactory::getLogger('auth')->info('Login failed with message: ' . $e->getMessage());
341  $a_auth->status = AUTH_RADIUS_NO_ILIAS_USER;
342  $a_auth->logout();
343  return false;
344  }
345  catch(ilLDAPAccountMigrationRequiredException $e) {
346  ilLoggerFactory::getLogger('auth')->debug('Starting account migration');
347  $a_auth->logout();
348  ilUtil::redirect('ilias.php?baseClass=ilStartUpGUI&cmdClass=ilstartupgui&cmd=showAccountMigration');
349  }
350 
351  $a_auth->setAuth($internal_account);
352  return true;
353  }
ilLDAPUserSynchronisation
Synchronization of user accounts used in auth container ldap, radius , cas,...
Definition: class.ilLDAPUserSynchronisation.php:14
AUTH_RADIUS_NO_ILIAS_USER
const AUTH_RADIUS_NO_ILIAS_USER
Definition: class.ilAuthUtils.php:29
ilLDAPUserSynchronisation\setExternalAccount
setExternalAccount($a_ext)
Set external account (unique for each auth mode)
Definition: class.ilLDAPUserSynchronisation.php:61
ilLDAPAccountMigrationRequiredException
Description of ilLDAPAccountMigrationRequiredException.
Definition: class.ilLDAPAccountMigrationRequiredException.php:12
ilLDAPServer\getInstanceByServerId
static getInstanceByServerId($a_server_id)
Get instance by server id.
Definition: class.ilLDAPServer.php:58
array
Create styles array
The data for the language used.
Definition: 40duplicateStyle.php:19
$server
$server
Definition: dummy_client.php:12
ilLoggerFactory\getLogger
static getLogger($a_component_id)
Get component logger.
Definition: class.ilLoggerFactory.php:82
ilUtil\redirect
static redirect($a_script)
http redirect to other script
Definition: class.ilUtil.php:3567
+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ initLDAPAttributeToUser()

ilAuthContainerApache::initLDAPAttributeToUser ( )
private

Init LDAP attribute mapping private.

Definition at line 301 of file class.ilAuthContainerApache.php.

Referenced by forceCreation().

302  {
303  include_once('Services/LDAP/classes/class.ilLDAPAttributeToUser.php');
304  $this->ldap_attr_to_user = new ilLDAPAttributeToUser($this->server);
305  }
ilLDAPAttributeToUser
Update/create ILIAS user account by given LDAP attributes according to user attribute mapping setting...
Definition: class.ilLDAPAttributeToUser.php:34
+ Here is the caller graph for this function:

◆ updateRequired()

ilAuthContainerApache::updateRequired (   $a_username)
protected

Check if an update is required.

Returns
Parameters
string$a_username

Definition at line 277 of file class.ilAuthContainerApache.php.

References ilObjUser\_checkExternalAuthAccount(), ilLDAPRoleAssignmentRule\hasRulesForUpdate(), and ilLDAPAttributeMapping\hasRulesForUpdate().

Referenced by forceCreation().

278  {
279  if(!ilObjUser::_checkExternalAuthAccount("ldap_".$this->server->getServerId(), $a_username))
280  {
281  return true;
282  }
283  // Check attribute mapping on login
284  include_once './Services/LDAP/classes/class.ilLDAPAttributeMapping.php';
285  if(ilLDAPAttributeMapping::hasRulesForUpdate($this->server->getServerId()))
286  {
287  return true;
288  }
289  include_once './Services/LDAP/classes/class.ilLDAPRoleAssignmentRule.php';
290  if(ilLDAPRoleAssignmentRule::hasRulesForUpdate())
291  {
292  return true;
293  }
294  return false;
295  }
ilLDAPRoleAssignmentRule\hasRulesForUpdate
static hasRulesForUpdate()
Check if there any rule for updates.
Definition: class.ilLDAPRoleAssignmentRule.php:72
ilLDAPAttributeMapping\hasRulesForUpdate
static hasRulesForUpdate($a_server_id)
Check if there is ldap attribute -> user data mapping which which is updated on login.
Definition: class.ilLDAPAttributeMapping.php:120
ilObjUser\_checkExternalAuthAccount
static _checkExternalAuthAccount($a_auth, $a_account)
check whether external account and authentication method matches with a user
Definition: class.ilObjUser.php:3721
+ Here is the call graph for this function:
+ Here is the caller graph for this function:

Field Documentation

◆ $force_creation

ilAuthContainerApache::$force_creation = false
static

Definition at line 17 of file class.ilAuthContainerApache.php.

The documentation for this class was generated from the following file: