ILIAS  release_5-2 Revision v5.2.25-18-g3f80b828510
Public Member Functions | Protected Member Functions | Private Member Functions | Private Attributes | Static Private Attributes
ilAuthContainerLDAP Class Reference
Services/LDAP

Overwritten Pear class AuthContainerLDAP This class is overwritten to support nested groups. More...

+ Inheritance diagram for ilAuthContainerLDAP:
+ Collaboration diagram for ilAuthContainerLDAP:

Public Member Functions

 __construct ($a_server_id=null)
 Constructor. More...
 
 forceCreation ($a_status)
 
 enableOptionalGroupCheck ()
 enable optional group check More...
 
 enabledOptionalGroupCheck ()
 Check if optional group check is enabled. More...
 
 fetchData ($username, $password)
 Overwritten from base class. More...
 
 checkGroup ($a_name)
 check group overwritten base class More...
 
 loginObserver ($a_username, $a_auth)
 Called from fetchData after successful login. More...
 
 failedLoginObserver ($a_username, $a_auth)
 Called from fetchData after failed login. More...
 
 supportsCaptchaVerification ()
 

Protected Member Functions

 extractUserName ($a_user_data)
 
 updateRequired ($a_username)
 Check if an update is required. More...
 

Private Member Functions

 updateUserFilter ()
 Update user filter. More...
 
 initLDAPAttributeToUser ()
 Init LDAP attribute mapping. More...
 

Private Attributes

 $optional_check = false
 
 $log = null
 
 $server = null
 
 $ldap_attr_to_user = null
 

Static Private Attributes

static $force_creation = false
 

Detailed Description

Overwritten Pear class AuthContainerLDAP This class is overwritten to support nested groups.

Author
Stefan Meyer smeye.nosp@m.r.il.nosp@m.ias@g.nosp@m.mx.d.nosp@m.e
Version
$Id$

Definition at line 36 of file class.ilAuthContainerLDAP.php.

Constructor & Destructor Documentation

◆ __construct()

ilAuthContainerLDAP::__construct (   $a_server_id = null)

Constructor.

@access public

Parameters
intldap server id

Definition at line 54 of file class.ilAuthContainerLDAP.php.

55 {
56 global $ilLog;
57
58 include_once 'Services/LDAP/classes/class.ilLDAPServer.php';
59
60 if($a_server_id)
61 {
62 $this->server = ilLDAPServer::getInstanceByServerId($a_server_id);
63 }
64 else
65 {
66 $this->server = new ilLDAPServer(ilLDAPServer::_getFirstActiveServer());
67 }
68
69 $this->log = ilLoggerFactory::getLogger('auth');
70
71 parent::__construct($this->server->toPearAuthArray());
72 }
ilLDAPServer\getInstanceByServerId
static getInstanceByServerId($a_server_id)
Get instance by server id.
Definition: class.ilLDAPServer.php:58
ilLDAPServer\_getFirstActiveServer
static _getFirstActiveServer()
Get first active server.
Definition: class.ilLDAPServer.php:185
ilLoggerFactory\getLogger
static getLogger($a_component_id)
Get component logger.
Definition: class.ilLoggerFactory.php:82
$ilLog
$ilLog
Definition: inc.setup_header.php:130

References $ilLog, ilLDAPServer\_getFirstActiveServer(), ilLDAPServer\getInstanceByServerId(), and ilLoggerFactory\getLogger().

+ Here is the call graph for this function:

Member Function Documentation

◆ checkGroup()

ilAuthContainerLDAP::checkGroup (   $a_name)

check group overwritten base class

@access public

Parameters
stringuser name (DN or external account name)

Definition at line 146 of file class.ilAuthContainerLDAP.php.

147 {
148 $this->log->debug('Checking group restrictions...');
149
150 // if there are multiple groups define check all of them for membership
151 $groups = $this->server->getGroupNames();
152
153 if(!count($groups))
154 {
155 $this->log->debug('no group restrictions found');
156 return true;
157 }
158 elseif($this->server->isMembershipOptional() and !$this->optional_check)
159 {
160 $this->log->debug('Group membership is otional');
161 return true;
162 }
163
164 foreach($groups as $group)
165 {
166 $this->options['group'] = $group;
167
168 if(parent::checkGroup($a_name))
169 {
170 return true;
171 }
172 }
173 return false;
174 }

◆ enabledOptionalGroupCheck()

ilAuthContainerLDAP::enabledOptionalGroupCheck ( )

Check if optional group check is enabled.

@access public

Definition at line 98 of file class.ilAuthContainerLDAP.php.

99 {
100 return (bool) $this->optional_check;
101 }

References $optional_check.

Referenced by fetchData().

+ Here is the caller graph for this function:

◆ enableOptionalGroupCheck()

ilAuthContainerLDAP::enableOptionalGroupCheck ( )

enable optional group check

@access public

Parameters

Definition at line 86 of file class.ilAuthContainerLDAP.php.

87 {
88 $this->optional_check = true;
89 $this->updateUserFilter();
90 }
ilAuthContainerLDAP\updateUserFilter
updateUserFilter()
Update user filter.
Definition: class.ilAuthContainerLDAP.php:182

References updateUserFilter().

Referenced by fetchData().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ extractUserName()

ilAuthContainerLDAP::extractUserName (   $a_user_data)
protected
Parameters

return string ldap username

Definition at line 258 of file class.ilAuthContainerLDAP.php.

259 {
260 $a_username = isset($a_user_data[strtolower($this->server->getUserAttribute())]) ?
261 $a_user_data[strtolower($this->server->getUserAttribute())] :
262 trim($a_user_data);
263
264 // Support for multiple user attributes
265 if(!is_array($a_username))
266 {
267 return $a_username;
268 }
269 foreach($a_username as $name)
270 {
271 // User found with authentication method 'ldap'
272 if(ilObjUser::_checkExternalAuthAccount("ldap",$name))
273 {
274 return trim($name);
275 }
276 }
277 // No existing user found => return first name
278 return $a_username[0];
279 }
ilObjUser\_checkExternalAuthAccount
static _checkExternalAuthAccount($a_auth, $a_account)
check whether external account and authentication method matches with a user
Definition: class.ilObjUser.php:3721

References ilObjUser\_checkExternalAuthAccount().

Referenced by loginObserver().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ failedLoginObserver()

ilAuthContainerLDAP::failedLoginObserver (   $a_username,
  $a_auth 
)

Called from fetchData after failed login.

Parameters
stringusername
objectPEAR auth object

Definition at line 248 of file class.ilAuthContainerLDAP.php.

249 {
250 return false;
251 }

◆ fetchData()

ilAuthContainerLDAP::fetchData (   $username,
  $password 
)

Overwritten from base class.

Parameters
object$username
object$password
Returns

Definition at line 109 of file class.ilAuthContainerLDAP.php.

110 {
111 if(!$this->server->doConnectionCheck())
112 {
113 return FALSE;
114 }
115
116
117 $res = parent::fetchData($username,$password);
118
119 if (PEAR::isError($res))
120 {
121 $this->log->notice('Authentication failed with message:' . $res->getMessage());
122 return $res;
123 }
124 elseif ($res == true)
125 {
126 $this->log->debug('Authentication successful');
127 return true;
128 }
129 if(!$this->enabledOptionalGroupCheck() and $this->server->isMembershipOptional())
130 {
131 $this->enableOptionalGroupCheck();
132 return parent::fetchData($username,$password);
133 }
134 return false;
135 }
PEAR\isError
isError($data, $code=null)
Tell whether a value is a PEAR error.
Definition: PEAR.php:280
ilAuthContainerLDAP\enableOptionalGroupCheck
enableOptionalGroupCheck()
enable optional group check
Definition: class.ilAuthContainerLDAP.php:86
ilAuthContainerLDAP\enabledOptionalGroupCheck
enabledOptionalGroupCheck()
Check if optional group check is enabled.
Definition: class.ilAuthContainerLDAP.php:98

References $res, enabledOptionalGroupCheck(), enableOptionalGroupCheck(), and PEAR\isError().

+ Here is the call graph for this function:

◆ forceCreation()

ilAuthContainerLDAP::forceCreation (   $a_status)

Definition at line 74 of file class.ilAuthContainerLDAP.php.

75 {
76 self::$force_creation = $a_status;
77 }

◆ initLDAPAttributeToUser()

ilAuthContainerLDAP::initLDAPAttributeToUser ( )
private

Init LDAP attribute mapping.

@access private

Definition at line 237 of file class.ilAuthContainerLDAP.php.

238 {
239 include_once('Services/LDAP/classes/class.ilLDAPAttributeToUser.php');
240 $this->ldap_attr_to_user = new ilLDAPAttributeToUser($this->server);
241 }
ilLDAPAttributeToUser
Update/create ILIAS user account by given LDAP attributes according to user attribute mapping setting...
Definition: class.ilLDAPAttributeToUser.php:35

◆ loginObserver()

ilAuthContainerLDAP::loginObserver (   $a_username,
  $a_auth 
)

Called from fetchData after successful login.

Parameters
stringusername

Definition at line 192 of file class.ilAuthContainerLDAP.php.

193 {
194 global $ilLog;
195
196 $user_data = array_change_key_case($a_auth->getAuthData(),CASE_LOWER);
197
198 $a_username = $this->extractUserName($user_data);
199
200 include_once './Services/LDAP/classes/class.ilLDAPUserSynchronisation.php';
201 $sync = new ilLDAPUserSynchronisation('ldap_'.$this->server->getServerId(), $this->server->getServerId());
202 $sync->setExternalAccount($a_username);
203 $sync->setUserData($user_data);
204 $sync->forceCreation(self::$force_creation);
205
206 try {
207 $internal_account = $sync->sync();
208 }
209 catch(UnexpectedValueException $e) {
210 $this->log->info('Login failed with message: ' . $e->getMessage());
211 $a_auth->status = AUTH_WRONG_LOGIN;
212 $a_auth->logout();
213 return false;
214 }
215 catch(ilLDAPSynchronisationForbiddenException $e) {
216 // No syncronisation allowed => create Error
217 $this->log->info('Login failed with message: ' . $e->getMessage());
218 $a_auth->status = AUTH_LDAP_NO_ILIAS_USER;
219 $a_auth->logout();
220 return false;
221 }
222 catch(ilLDAPAccountMigrationRequiredException $e) {
223 $this->log->info('Starting account migration');
224 $a_auth->logout();
225 ilUtil::redirect('ilias.php?baseClass=ilStartUpGUI&cmdClass=ilstartupgui&cmd=showAccountMigration');
226 }
227
228 $a_auth->setAuth($internal_account);
229 return true;
230 }
AUTH_LDAP_NO_ILIAS_USER
const AUTH_LDAP_NO_ILIAS_USER
Definition: class.ilAuthUtils.php:28
ilLDAPAccountMigrationRequiredException
Description of ilLDAPAccountMigrationRequiredException.
Definition: class.ilLDAPAccountMigrationRequiredException.php:13
ilLDAPUserSynchronisation
Synchronization of user accounts used in auth container ldap, radius , cas,...
Definition: class.ilLDAPUserSynchronisation.php:15
ilUtil\redirect
static redirect($a_script)
http redirect to other script
Definition: class.ilUtil.php:3567

References $ilLog, AUTH_LDAP_NO_ILIAS_USER, extractUserName(), and ilUtil\redirect().

+ Here is the call graph for this function:

◆ supportsCaptchaVerification()

ilAuthContainerLDAP::supportsCaptchaVerification ( )
Returns
bool

Definition at line 312 of file class.ilAuthContainerLDAP.php.

313 {
314 return true;
315 }

◆ updateRequired()

ilAuthContainerLDAP::updateRequired (   $a_username)
protected

Check if an update is required.

Returns
Parameters
string$a_username

Definition at line 286 of file class.ilAuthContainerLDAP.php.

287 {
288 if(!ilObjUser::_checkExternalAuthAccount("ldap",$a_username))
289 {
290 #$GLOBALS['ilLog']->write(__METHOD__.': Required 1');
291 return true;
292 }
293 // Check attribute mapping on login
294 include_once './Services/LDAP/classes/class.ilLDAPAttributeMapping.php';
295 if(ilLDAPAttributeMapping::hasRulesForUpdate($this->server->getServerId()))
296 {
297 #$GLOBALS['ilLog']->write(__METHOD__.': Required 2');
298 return true;
299 }
300 include_once './Services/LDAP/classes/class.ilLDAPRoleAssignmentRule.php';
301 if(ilLDAPRoleAssignmentRule::hasRulesForUpdate())
302 {
303 #$GLOBALS['ilLog']->write(__METHOD__.': Required 3');
304 return true;
305 }
306 return false;
307 }
ilLDAPAttributeMapping\hasRulesForUpdate
static hasRulesForUpdate($a_server_id)
Check if there is ldap attribute -> user data mapping which which is updated on login.
Definition: class.ilLDAPAttributeMapping.php:120
ilLDAPRoleAssignmentRule\hasRulesForUpdate
static hasRulesForUpdate()
Check if there any rule for updates.
Definition: class.ilLDAPRoleAssignmentRule.php:72

References ilObjUser\_checkExternalAuthAccount(), ilLDAPAttributeMapping\hasRulesForUpdate(), and ilLDAPRoleAssignmentRule\hasRulesForUpdate().

+ Here is the call graph for this function:

◆ updateUserFilter()

ilAuthContainerLDAP::updateUserFilter ( )
private

Update user filter.

@access private

Definition at line 182 of file class.ilAuthContainerLDAP.php.

183 {
184 $this->options['userfilter'] = $this->server->getGroupUserFilter();
185 }

Referenced by enableOptionalGroupCheck().

+ Here is the caller graph for this function:

Field Documentation

◆ $force_creation

ilAuthContainerLDAP::$force_creation = false
staticprivate

Definition at line 38 of file class.ilAuthContainerLDAP.php.

◆ $ldap_attr_to_user

ilAuthContainerLDAP::$ldap_attr_to_user = null
private

Definition at line 44 of file class.ilAuthContainerLDAP.php.

◆ $log

ilAuthContainerLDAP::$log = null
private

Definition at line 42 of file class.ilAuthContainerLDAP.php.

◆ $optional_check

ilAuthContainerLDAP::$optional_check = false
private

Definition at line 40 of file class.ilAuthContainerLDAP.php.

Referenced by enabledOptionalGroupCheck().

◆ $server

ilAuthContainerLDAP::$server = null
private

Definition at line 43 of file class.ilAuthContainerLDAP.php.

The documentation for this class was generated from the following file: