5 define(
'IL_LDAP_BIND_ANONYMOUS', 0);
6 define(
'IL_LDAP_BIND_USER', 1);
8 define(
'IL_LDAP_SCOPE_SUB', 0);
9 define(
'IL_LDAP_SCOPE_ONE', 1);
10 define(
'IL_LDAP_SCOPE_BASE', 2);
48 $this->server_id = $a_server_id;
60 if (isset(self::$instances[$a_server_id])) {
61 return self::$instances[$a_server_id];
63 return self::$instances[$a_server_id] =
new ilLDAPServer($a_server_id);
74 if (!$this->fallback_urls) {
78 $all_urls = array_merge($this->fallback_urls);
79 $all_urls[] = $this->
getUrl();
81 $query =
'UPDATE ldap_server_settings SET ' .
82 'url = ' . $ilDB->quote(implode(
',', $all_urls),
'text') .
' ' .
83 'WHERE server_id = ' . $ilDB->quote($this->
getServerId(),
'integer');
95 return function_exists(
'ldap_bind');
107 $query =
"SELECT server_id FROM ldap_server_settings " .
108 "WHERE active = 1 AND authentication = 1 " .
111 $server_ids =
array();
112 while (
$row = $ilDB->fetchObject(
$res)) {
113 $server_ids[] =
$row->server_id;
127 $query =
"SELECT server_id FROM ldap_server_settings " .
128 "WHERE active = 1 " .
129 "AND sync_per_cron = 1 " .
133 while (
$row = $ilDB->fetchObject(
$res)) {
134 $server_ids[] =
$row->server_id;
136 return $server_ids ? $server_ids :
array();
150 $query =
"SELECT server_id FROM ldap_server_settings " .
151 "WHERE active = 1 " .
152 "AND role_sync_active = 1 ";
155 $server_ids =
array();
156 while (
$row = $ilDB->fetchObject(
$res)) {
157 $server_ids[] =
$row->server_id;
183 if (count($servers)) {
198 $query =
"SELECT server_id FROM ldap_server_settings ORDER BY name";
201 while (
$row = $ilDB->fetchObject(
$res)) {
202 $server_ids[] =
$row->server_id;
204 return $server_ids ? $server_ids :
array();
216 $query =
"SELECT server_id FROM ldap_server_settings ORDER BY name";
237 $query =
"SELECT * FROM ldap_server_settings ORDER BY name";
242 while (
$row = $ilDB->fetchAssoc(
$res)) {
257 if (count($servers)) {
268 $query =
"SELECT server_id FROM ldap_server_settings " .
269 "WHERE active = " . $ilDB->quote(1,
'integer') .
" " .
270 "AND authentication = " . $ilDB->quote(0,
'integer') .
" " .
271 "AND ( authentication_type = " . $ilDB->quote($a_auth_mode,
'integer') .
" " .
272 "OR authentication_type = " . $ilDB->quote(0,
'integer') .
")";
275 $server_ids =
array();
277 $server_ids[] =
$row->server_id;
292 $query =
"SELECT server_id FROM ldap_server_settings " .
293 "WHERE authentication_type = " . $ilDB->quote($a_auth_mode,
'integer') .
" " .
294 "AND authentication = " . $ilDB->quote(0,
'integer');
306 $query =
"SELECT server_id FROM ldap_server_settings " .
307 "WHERE authentication_type = " . $ilDB->quote($a_auth_mode,
'integer') .
" ";
310 return $row->server_id;
322 $query =
'UPDATE ldap_server_settings ' .
323 'SET authentication_type = ' . $ilDB->quote(0,
'integer') .
' ' .
324 'WHERE authentication_type = ' . $ilDB->quote($a_authmode,
'integer');
325 $ilDB->manipulate(
$query);
341 self::disableDataSourceForAuthMode($a_auth_mode);
344 $query =
"UPDATE ldap_server_settings " .
345 'SET authentication_type = ' . $ilDB->quote($a_auth_mode,
'integer') .
" " .
346 'WHERE server_id = ' . $ilDB->quote($a_ldap_server_id,
'integer');
347 $ilDB->manipulate(
$query);
360 $GLOBALS[
'ilLog']->write(__METHOD__ .
': No auth mode given..............');
363 $auth_arr = explode(
'_', $a_auth_mode);
364 return ($auth_arr[0] ==
AUTH_LDAP) and $auth_arr[1];
374 if (self::isAuthModeLDAP($a_auth_mode)) {
375 $auth_arr = explode(
'_', $a_auth_mode);
387 $auth_arr = explode(
'_', $a_auth_key);
388 if (count((
array) $auth_arr) > 1) {
389 return 'ldap_' . $auth_arr[1];
401 $auth_arr = explode(
'_', $a_auth_mode);
402 if (count((
array) $auth_arr) > 1) {
422 $this->enabled_authentication = (bool) $a_status;
440 $this->authentication_mapping = $a_map;
470 $this->active = $a_status;
474 return $this->active;
482 $this->url_string = $a_url;
485 $urls = explode(
',', $a_url);
493 $this->fallback_urls[] =
$url;
499 return $this->url_string;
511 include_once(
'Services/LDAP/classes/class.ilLDAPQuery.php');
513 foreach (array_merge(
array(0 => $this->url), $this->fallback_urls) as
$url) {
523 ilLoggerFactory::getLogger(
'auth')->error(
'Cannot connect to LDAP server: ' . $url .
' ' . $exc->getCode() .
' ' . $exc->getMessage());
537 $this->name = $a_name;
541 return $this->version ? $this->version : self::DEFAULT_VERSION;
545 $this->version = $a_version;
549 return $this->base_dn;
553 $this->base_dn = $a_base_dn;
557 return $this->referrals ? true :
false;
561 $this->referrals = $a_status;
565 return $this->tls ? true :
false;
569 $this->tls = $a_status;
573 return $this->binding_type;
585 return $this->bind_user;
589 $this->bind_user = $a_user;
593 return $this->bind_password;
597 $this->bind_password = $a_password;
601 return $this->search_base;
605 $this->search_base = $a_search_base;
609 return $this->user_attribute;
613 $this->user_attribute = $a_user_attr;
621 $this->filter = $a_filter;
625 return $this->group_dn;
629 $this->group_dn = $a_value;
637 $this->group_filter = $a_value;
641 return $this->group_member;
645 $this->group_member = $a_value;
649 return $this->group_name;
653 $this->group_name = $a_value;
668 return array_filter(array_map(
'trim',
$names));
674 return $this->group_attribute;
678 $this->group_attribute = $a_value;
683 $this->group_optional = (bool) $a_status;
687 return (
bool) $this->group_optional;
691 $this->group_user_filter = $a_filter;
695 return $this->group_user_filter;
700 return (
bool) $this->memberisdn;
704 $this->memberisdn = (bool) $a_value;
708 $this->group_scope = $a_value;
712 return $this->group_scope;
716 $this->user_scope = $a_value;
720 return $this->user_scope;
724 return $this->sync_on_login;
728 $this->sync_on_login = (int) $a_value;
732 return $this->sync_per_cron;
736 $this->sync_per_cron = (int) $a_value;
740 $this->global_role = $a_role;
748 $this->role_bind_dn = $a_value;
756 $this->role_bind_pass = $a_value;
764 $this->role_sync_active = $a_value;
769 return $this->username_filter;
773 $this->username_filter = $a_value;
785 $this->account_migration = $a_status;
796 return $this->account_migration ? true :
false;
809 $ilErr->setMessage(
'');
810 if (!strlen($this->
getName()) ||
811 !strlen($this->
getUrl()) ||
814 $ilErr->setMessage($this->lng->txt(
'fill_out_all_required_fields'));
819 $ilErr->appendMessage($this->lng->txt(
'ldap_missing_bind_user'));
823 $ilErr->appendMessage($this->lng->txt(
'ldap_missing_role_assignment'));
826 $ilErr->appendMessage($this->lng->txt(
'ldap_tls_conflict'));
829 return strlen($ilErr->getMessage()) ?
false :
true;
836 $next_id = $ilDB->nextId(
'ldap_server_settings');
838 $query =
'INSERT INTO ldap_server_settings (server_id,active,name,url,version,base_dn,referrals,tls,bind_type,bind_user,bind_pass,' .
839 'search_base,user_scope,user_attribute,filter,group_dn,group_scope,group_filter,group_member,group_memberisdn,group_name,' .
840 'group_attribute,group_optional,group_user_filter,sync_on_login,sync_per_cron,role_sync_active,role_bind_dn,role_bind_pass,migration, ' .
841 'authentication,authentication_type,username_filter) ' .
842 'VALUES (%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s)';
843 $res = $ilDB->queryF(
846 'integer',
'integer',
'text',
'text',
'integer',
'text',
'integer',
'integer',
'integer',
'text',
'text',
'text',
'integer',
847 'text',
'text',
'text',
'integer',
'text',
'text',
'integer',
'text',
'text',
'integer',
'text',
'integer',
'integer',
'integer',
848 'text',
'text',
'integer',
'integer',
'integer',
"text"),
886 $this->server_id = $next_id;
894 $query =
"UPDATE ldap_server_settings SET " .
895 "active = " . $this->db->quote($this->
isActive(),
'integer') .
", " .
896 "name = " . $this->db->quote($this->
getName(),
'text') .
", " .
897 "url = " . $this->db->quote($this->
getUrlString(),
'text') .
", " .
898 "version = " . $this->db->quote($this->
getVersion(),
'integer') .
", " .
899 "base_dn = " . $this->db->quote($this->
getBaseDN(),
'text') .
", " .
900 "referrals = " . $this->db->quote($this->
isActiveReferrer(),
'integer') .
", " .
901 "tls = " . $this->db->quote($this->
isActiveTLS(),
'integer') .
", " .
902 "bind_type = " . $this->db->quote($this->
getBindingType(),
'integer') .
", " .
903 "bind_user = " . $this->db->quote($this->
getBindUser(),
'text') .
", " .
904 "bind_pass = " . $this->db->quote($this->
getBindPassword(),
'text') .
", " .
905 "search_base = " . $this->db->quote($this->
getSearchBase(),
'text') .
", " .
906 "user_scope = " . $this->db->quote($this->
getUserScope(),
'integer') .
", " .
907 "user_attribute = " . $this->db->quote($this->
getUserAttribute(),
'text') .
", " .
908 "filter = " . $this->db->quote($this->
getFilter(),
'text') .
", " .
909 "group_dn = " . $this->db->quote($this->
getGroupDN(),
'text') .
", " .
910 "group_scope = " . $this->db->quote($this->
getGroupScope(),
'integer') .
", " .
911 "group_filter = " . $this->db->quote($this->
getGroupFilter(),
'text') .
", " .
912 "group_member = " . $this->db->quote($this->
getGroupMember(),
'text') .
", " .
914 "group_name = " . $this->db->quote($this->
getGroupName(),
'text') .
", " .
915 "group_attribute = " . $this->db->quote($this->
getGroupAttribute(),
'text') .
", " .
917 "group_user_filter = " . $this->db->quote($this->
getGroupUserFilter(),
'text') .
", " .
918 "sync_on_login = " . $this->db->quote(($this->
enabledSyncOnLogin() ? 1 : 0),
'integer') .
", " .
919 "sync_per_cron = " . $this->db->quote(($this->
enabledSyncPerCron() ? 1 : 0),
'integer') .
", " .
921 "role_bind_dn = " . $this->db->quote($this->
getRoleBindDN(),
'text') .
", " .
927 ", username_filter = " . $this->db->quote($this->
getUsernameFilter(),
"text") .
" " .
929 "WHERE server_id = " . $this->db->quote($this->
getServerId(),
'integer');
938 public function delete()
944 include_once
'Services/LDAP/classes/class.ilLDAPAttributeMapping.php';
947 include_once
'Services/LDAP/classes/class.ilLDAPRoleAssignmentRule.php';
950 foreach ($rules as $ruleAssigment) {
951 $ruleAssigment->delete();
954 include_once
'Services/LDAP/classes/class.ilLDAPRoleGroupMappingSettings.php';
957 $query =
"DELETE FROM ldap_server_settings " .
958 "WHERE server_id = " . $this->db->quote($this->
getServerId(),
'integer');
995 if (@include_once(
'Log.php')) {
996 if (@include_once(
'Log/observer.php')) {
1031 $filter = trim($a_filter);
1033 if (!strlen($filter)) {
1037 if (strpos($filter,
'(') !== 0) {
1038 $filter = (
'(' . $filter);
1040 if (substr($filter, -1) !=
')') {
1041 $filter = ($filter .
')');
1056 include_once(
'Services/LDAP/classes/class.ilLDAPAttributeMapping.php');
1057 include_once(
'Services/LDAP/classes/class.ilLDAPRoleAssignmentRules.php');
1061 $mapping->getFields(),
1078 if (!$this->server_id) {
1081 $query =
"SELECT * FROM ldap_server_settings WHERE server_id = " . $this->db->quote($this->server_id) .
"";
static checkLDAPLib()
Check if ldap module is installed.
__construct($a_server_id=0)
static _getFirstActiveServer()
Get first active server.
prepareFilter($a_filter)
Create brackets for filters if they do not exist.
read()
Read server settings.
enableSyncOnLogin($a_value)
static isAuthModeLDAP($a_auth_mode)
Check if user auth mode is LDAP.
enabledRoleSynchronization()
static _getInstanceByServerId($a_server_id)
Get instance of class.
static _getServerList()
Get list of all configured servers.
setAuthenticationMapping($a_map)
Set mapped authentication mapping.
enableGroupMemberIsDN($a_value)
enableAccountMigration($a_status)
Enable account migration.
static getAuthModeByKey($a_auth_key)
get auth mode by key
const IL_LDAP_BIND_ANONYMOUS
enableRoleSynchronization($a_value)
static _getAllServer()
Get list of all configured servers.
$GLOBALS['loaded']
Global hash that tracks already loaded includes.
validate()
Validate user input.
static getAvailableDataSources($a_auth_mode)
enableSyncPerCron($a_value)
static _getActiveServerList()
Get active server list.
getPearAtributeArray()
Get attribute array for pear auth data.
toggleReferrer($a_status)
static _getAuthModeName($a_auth_key)
static getInstanceByServerId($a_server_id)
Get instance by server id.
static getAttributeNames($a_server_id)
get all possible attribute names
static disableDataSourceForAuthMode($a_authmode)
Disable data source.
static _getRules($a_server_id)
Get all rules.
toggleMembershipOptional($a_status)
static _deleteByServerId($a_server_id)
setRoleBindPassword($a_value)
const DEFAULT_NETWORK_TIMEOUT
getGroupNames()
Get group names as array.
static isDataSourceActive($a_auth_mode)
Check if a data source is active for a specific auth mode ilDB $ilDB.
static getServerIds()
Get all server ids ilDB $ilDB.
foreach($_POST as $key=> $value) $res
setGroupUserFilter($a_filter)
getAuthenticationMapping()
Get authentication mode that is mapped.
doConnectionCheck()
Check ldap connection and do a fallback to the next server if no connection is possible.
static _getCronServerIds()
Get list of acticve servers with option 'SyncCron'.
static _delete($a_server_id)
Delete mapping rules by server id.
static getDataSource($a_auth_mode)
setBindPassword($a_password)
toPearAuthArray()
Creates an array of options compatible to PEAR Auth.
static getServerIdByAuthMode($a_auth_mode)
Get auth id by auth mode.
isAuthenticationEnabled()
Check if authentication is enabled.
Create styles array
The data for the language used.
setSearchBase($a_search_base)
static getKeyByAuthMode($a_auth_mode)
Get auth id by auth mode.
enableAuthentication($a_status)
Enable authentication for this ldap server.
setUserAttribute($a_user_attr)
rotateFallbacks()
Rotate fallback urls in case of connect timeouts.
static _getPasswordServers()
Checks whether password synchronistation is enabled for an user.
setUsernameFilter($a_value)
getAuthenticationMappingKey()
Get authentication mapping key Default is ldap.
static getLogger($a_component_id)
Get component logger.
setGroupAttribute($a_value)
static _getRoleSyncServerIds()
Check whether there if there is an active server with option role_sync_active.
if(!isset($_REQUEST['ReturnTo'])) if(!isset($_REQUEST['AuthId'])) $options
static toggleDataSource($a_ldap_server_id, $a_auth_mode, $a_status)
Toggle Data Source.
isAccountMigrationEnabled()
enabled account migration
1.8.13 (using Doxyfile)