ILIAS  release_5-2 Revision v5.2.25-18-g3f80b828510
class.ilAuthProviderLDAP.php
Go to the documentation of this file.
1<?php
2
3/* Copyright (c) 1998-2010 ILIAS open source, Extended GPL, see docs/LICENSE */
4
5include_once './Services/Authentication/classes/Provider/class.ilAuthProvider.php';
6include_once './Services/Authentication/interfaces/interface.ilAuthProviderInterface.php';
7include_once './Services/Authentication/interfaces/interface.ilAuthProviderAccountMigrationInterface.php';
8
15class ilAuthProviderLDAP extends ilAuthProvider implements ilAuthProviderInterface, ilAuthProviderAccountMigrationInterface
16{
17 private $server = null;
18 private $migration_account = '';
19 private $force_new_account = false;
20
25 public function __construct(\ilAuthCredentials $credentials, $a_server_id = 0)
26 {
27 parent::__construct($credentials);
28 $this->initServer($a_server_id);
29 }
30
35 public function getServer()
36 {
37 return $this->server;
38 }
39
40
45 public function doAuthentication(\ilAuthStatus $status)
46 {
47 try
48 {
49 // bind
50 include_once './Services/LDAP/classes/class.ilLDAPQuery.php';
51 $query = new ilLDAPQuery($this->getServer());
52 $query->bind(IL_LDAP_BIND_DEFAULT);
53 }
54 catch(ilLDAPQueryException $e)
55 {
56 $this->getLogger()->error('Cannot bind to LDAP server... '. $e->getMessage());
57 $this->handleAuthenticationFail($status, 'auth_err_ldap_exception');
58 return false;
59 }
60 try
61 {
62 // Read user data, which does ensure a sucessful authentication.
63 $users = $query->fetchUser(
64 $this->getCredentials()->getUsername()
65 );
66
67 if(!$users)
68 {
69 $this->handleAuthenticationFail($status, 'err_wrong_login');
70 return false;
71 }
72 if(!trim($this->getCredentials()->getPassword()))
73 {
74 $this->handleAuthenticationFail($status, 'err_wrong_login');
75 return false;
76 }
77 if(!array_key_exists($this->changeKeyCase($this->getCredentials()->getUsername()), $users))
78 {
79 $this->getLogger()->warning('Cannot find user: '. $this->changeKeyCase($this->getCredentials()->getUsername()));
80 $this->handleAuthenticationFail($status, 'auth_err_ldap_exception');
81 return false;
82 }
83
84 // check group membership
85 if(!$query->checkGroupMembership(
86 $this->getCredentials()->getUsername(),
87 $users[$this->changeKeyCase($this->getCredentials()->getUsername())]
88 ))
89 {
90 $this->handleAuthenticationFail($status, 'err_wrong_login');
91 return false;
92 }
93 }
94 catch (ilLDAPQueryException $e) {
95 $this->getLogger()->error('Cannot fetch LDAP user data... '. $e->getMessage());
96 $this->handleAuthenticationFail($status, 'auth_err_ldap_exception');
97 return false;
98 }
99 try
100 {
101 // now bind with login credentials
102 $query->bind(IL_LDAP_BIND_AUTH, $users[$this->changeKeyCase($this->getCredentials()->getUsername())]['dn'], $this->getCredentials()->getPassword());
103 }
104 catch (ilLDAPQueryException $e) {
105 $this->handleAuthenticationFail($status, 'err_wrong_login');
106 return false;
107 }
108
109 // authentication success update profile
110 return $this->updateAccount($status, $users[$this->changeKeyCase($this->getCredentials()->getUsername())]);
111 }
112
118 protected function updateAccount(ilAuthStatus $status, array $user)
119 {
120 $user = array_change_key_case($user,CASE_LOWER);
121 $this->getLogger()->dump($user, ilLogLevel::DEBUG);
122
123 include_once './Services/LDAP/classes/class.ilLDAPUserSynchronisation.php';
124 $sync = new ilLDAPUserSynchronisation('ldap_'.$this->getServer()->getServerId(), $this->getServer()->getServerId());
125 $sync->setExternalAccount($this->getCredentials()->getUsername());
126 $sync->setUserData($user);
127 $sync->forceCreation($this->force_new_account);
128
129 try {
130 $internal_account = $sync->sync();
131 $this->getLogger()->debug('Internal account: ' . $internal_account);
132 }
133 catch(UnexpectedValueException $e) {
134 $this->getLogger()->info('Login failed with message: ' . $e->getMessage());
135 $this->handleAuthenticationFail($status, 'err_wrong_login');
136 return false;
137 }
138 catch(ilLDAPSynchronisationForbiddenException $e) {
139 // No syncronisation allowed => create Error
140 $this->getLogger()->info('Login failed with message: ' . $e->getMessage());
141 $this->handleAuthenticationFail($status, 'err_auth_ldap_no_ilias_user');
142 return false;
143 }
144 catch(ilLDAPAccountMigrationRequiredException $e) {
145 // Account migration required
146 $this->setExternalAccountName($this->getCredentials()->getUsername());
147 $this->getLogger()->info('Authentication failed: account migration required for external account: ' . $this->getCredentials()->getUsername());
148 $status->setStatus(ilAuthStatus::STATUS_ACCOUNT_MIGRATION_REQUIRED);
149 return false;
150 }
151 $status->setStatus(ilAuthStatus::STATUS_AUTHENTICATED);
152 $status->setAuthenticatedUserId(ilObjUser::_lookupId($internal_account));
153 return true;
154
155 }
156
157
158
162 protected function initServer($a_server_id)
163 {
164 include_once './Services/LDAP/classes/class.ilLDAPServer.php';
165 $this->server = new ilLDAPServer($a_server_id);
166 }
167
168 // Account migration
169
173 public function createNewAccount(ilAuthStatus $status)
174 {
175 $this->force_new_account = true;
176
177 try
178 {
179 include_once './Services/LDAP/classes/class.ilLDAPQuery.php';
180 $query = new ilLDAPQuery($this->getServer());
181 $query->bind(IL_LDAP_BIND_DEFAULT);
182 }
183 catch(ilLDAPQueryException $e)
184 {
185 $this->getLogger()->error('Cannot bind to LDAP server... '. $e->getMessage());
186 $this->handleAuthenticationFail($status, 'auth_err_ldap_exception');
187 return false;
188 }
189 try
190 {
191 // fetch user
192 $users = $query->fetchUser(
193 $this->getCredentials()->getUsername()
194 );
195 if(!$users)
196 {
197 $this->handleAuthenticationFail($status, 'err_wrong_login');
198 return false;
199 }
200 if(!array_key_exists($this->changeKeyCase($this->getCredentials()->getUsername()), $users))
201 {
202 $this->handleAuthenticationFail($status, 'err_wrong_login');
203 return false;
204 }
205 }
206 catch (ilLDAPQueryException $e) {
207 $this->getLogger()->error('Cannot fetch LDAP user data... '. $e->getMessage());
208 $this->handleAuthenticationFail($status, 'auth_err_ldap_exception');
209 return false;
210 }
211
212 // authentication success update profile
213 $this->updateAccount($status, $users[$this->changeKeyCase($this->getCredentials()->getUsername())]);
214 }
215
216
217
221 public function migrateAccount(ilAuthStatus $status)
222 {
223 $this->force_new_account = true;
224
225 try
226 {
227 include_once './Services/LDAP/classes/class.ilLDAPQuery.php';
228 $query = new ilLDAPQuery($this->getServer());
229 $query->bind(IL_LDAP_BIND_DEFAULT);
230 }
231 catch(ilLDAPQueryException $e)
232 {
233 $this->getLogger()->error('Cannot bind to LDAP server... '. $e->getMessage());
234 $this->handleAuthenticationFail($status, 'auth_err_ldap_exception');
235 return false;
236 }
237
238 $users = $query->fetchUser($this->getCredentials()->getUsername());
239 $this->updateAccount($status, $users[$this->changeKeyCase($this->getCredentials()->getUsername())]);
240 return true;
241 }
242
246 public function getTriggerAuthMode()
247 {
248 return AUTH_LDAP.'_'.$this->getServer()->getServerId();
249 }
250
254 public function getUserAuthModeName()
255 {
256 return 'ldap_'.$this->getServer()->getServerId();
257 }
258
263 public function getExternalAccountName()
264 {
265 return $this->migration_account;
266 }
267
272 public function setExternalAccountName($a_name)
273 {
274 $this->migration_account = $a_name;
275 }
276
282 protected function changeKeyCase($a_string)
283 {
284 $as_array = array_change_key_case(array($a_string => $a_string));
285 foreach($as_array as $key => $string)
286 {
287 return $key;
288 }
289 }
290
291}
292?>
php
An exception for terminatinating execution or to throw for unit testing.
AUTH_LDAP
const AUTH_LDAP
Definition: class.ilAuthUtils.php:8
IL_LDAP_BIND_AUTH
const IL_LDAP_BIND_AUTH
Definition: class.ilLDAPQuery.php:27
IL_LDAP_BIND_DEFAULT
const IL_LDAP_BIND_DEFAULT
Definition: class.ilLDAPQuery.php:24
ilAuthProviderLDAP
Description of class class.
Definition: class.ilAuthProviderLDAP.php:16
ilAuthProviderLDAP\updateAccount
updateAccount(ilAuthStatus $status, array $user)
Update Account.
Definition: class.ilAuthProviderLDAP.php:118
ilAuthProviderLDAP\getTriggerAuthMode
getTriggerAuthMode()
Get trigger auth mode.
Definition: class.ilAuthProviderLDAP.php:246
ilAuthProviderLDAP\getUserAuthModeName
getUserAuthModeName()
Get user auth mode name.
Definition: class.ilAuthProviderLDAP.php:254
ilAuthProviderLDAP\initServer
initServer($a_server_id)
Init Server.
Definition: class.ilAuthProviderLDAP.php:162
ilAuthProviderLDAP\migrateAccount
migrateAccount(ilAuthStatus $status)
Create new account.
Definition: class.ilAuthProviderLDAP.php:221
ilAuthProviderLDAP\createNewAccount
createNewAccount(ilAuthStatus $status)
Create new ILIAS account for external_account.
Definition: class.ilAuthProviderLDAP.php:173
ilAuthProviderLDAP\doAuthentication
doAuthentication(\ilAuthStatus $status)
Do authentication.
Definition: class.ilAuthProviderLDAP.php:45
ilAuthProviderLDAP\getExternalAccountName
getExternalAccountName()
Get external account name.
Definition: class.ilAuthProviderLDAP.php:263
ilAuthProviderLDAP\__construct
__construct(\ilAuthCredentials $credentials, $a_server_id=0)
Constructor.
Definition: class.ilAuthProviderLDAP.php:25
ilAuthProviderLDAP\changeKeyCase
changeKeyCase($a_string)
Change case similar to array_change_key_case, to avoid further encoding problems.
Definition: class.ilAuthProviderLDAP.php:282
ilAuthProviderLDAP\setExternalAccountName
setExternalAccountName($a_name)
Set external account name.
Definition: class.ilAuthProviderLDAP.php:272
ilAuthProvider
Base class for authentication providers (radius, ldap, apache, ...)
Definition: class.ilAuthProvider.php:12
ilAuthProvider\getLogger
getLogger()
Get logger.
Definition: class.ilAuthProvider.php:38
ilAuthProvider\handleAuthenticationFail
handleAuthenticationFail(ilAuthStatus $status, $a_reason)
Handle failed authentication.
Definition: class.ilAuthProvider.php:55
ilAuthStatus
Auth status implementation.
Definition: class.ilAuthStatus.php:12
ilAuthStatus\STATUS_ACCOUNT_MIGRATION_REQUIRED
const STATUS_ACCOUNT_MIGRATION_REQUIRED
Definition: class.ilAuthStatus.php:20
ilLDAPAccountMigrationRequiredException
Description of ilLDAPAccountMigrationRequiredException.
Definition: class.ilLDAPAccountMigrationRequiredException.php:13
ilLDAPUserSynchronisation
Synchronization of user accounts used in auth container ldap, radius , cas,...
Definition: class.ilLDAPUserSynchronisation.php:15
ilObjUser\_lookupId
static _lookupId($a_user_str)
Lookup id by login.
Definition: class.ilObjUser.php:787
ilAuthCredentials
Interface of auth credentials.
Definition: interface.ilAuthCredentials.php:12
ilAuthProviderInterface
Standard interface for auth provider implementations.
Definition: interface.ilAuthProviderInterface.php:12