ILIAS  release_5-3 Revision v5.3.23-19-g915713cf615
class.ilLDAPServer.php
Go to the documentation of this file.
1<?php
2
3/* Copyright (c) 1998-2009 ILIAS open source, Extended GPL, see docs/LICENSE */
4
5define('IL_LDAP_BIND_ANONYMOUS', 0);
6define('IL_LDAP_BIND_USER', 1);
7
8define('IL_LDAP_SCOPE_SUB', 0);
9define('IL_LDAP_SCOPE_ONE', 1);
10define('IL_LDAP_SCOPE_BASE', 2);
11
24class ilLDAPServer
25{
26 private static $instances = array();
27
28 const DEBUG = false;
29 const DEFAULT_VERSION = 3;
30 const DEFAULT_NETWORK_TIMEOUT = 5;
31
32 private $role_bind_dn = '';
33 private $role_bind_pass = '';
34 private $role_sync_active = 0;
35
36 private $server_id = null;
37 private $fallback_urls = array();
38
39 private $enabled_authentication = true;
40 private $authentication_mapping = 0;
41
42 public function __construct($a_server_id = 0)
43 {
44 global $ilDB,$lng;
45
46 $this->db = $ilDB;
47 $this->lng = $lng;
48 $this->server_id = $a_server_id;
49
50 $this->read();
51 }
52
58 public static function getInstanceByServerId($a_server_id)
59 {
60 if (isset(self::$instances[$a_server_id])) {
61 return self::$instances[$a_server_id];
62 }
63 return self::$instances[$a_server_id] = new ilLDAPServer($a_server_id);
64 }
65
70 public function rotateFallbacks()
71 {
72 global $ilDB;
73
74 if (!$this->fallback_urls) {
75 return false;
76 }
77
78 $all_urls = array_merge($this->fallback_urls);
79 $all_urls[] = $this->getUrl();
80
81 $query = 'UPDATE ldap_server_settings SET ' .
82 'url = ' . $ilDB->quote(implode(',', $all_urls), 'text') . ' ' .
83 'WHERE server_id = ' . $ilDB->quote($this->getServerId(), 'integer');
84 $ilDB->manipulate($query);
85 return true;
86 }
87
88
93 public static function checkLDAPLib()
94 {
95 return function_exists('ldap_bind');
96 }
97
103 public static function _getActiveServerList()
104 {
105 global $ilDB;
106
107 $query = "SELECT server_id FROM ldap_server_settings " .
108 "WHERE active = 1 AND authentication = 1 " .
109 "ORDER BY name ";
110 $res = $ilDB->query($query);
111 $server_ids = array();
112 while ($row = $ilDB->fetchObject($res)) {
113 $server_ids[] = $row->server_id;
114 }
115 return $server_ids;
116 }
117
123 public static function _getCronServerIds()
124 {
125 global $ilDB;
126
127 $query = "SELECT server_id FROM ldap_server_settings " .
128 "WHERE active = 1 " .
129 "AND sync_per_cron = 1 " .
130 "ORDER BY name";
131
132 $res = $ilDB->query($query);
133 while ($row = $ilDB->fetchObject($res)) {
134 $server_ids[] = $row->server_id;
135 }
136 return $server_ids ? $server_ids : array();
137 }
138
146 public static function _getRoleSyncServerIds()
147 {
148 global $ilDB;
149
150 $query = "SELECT server_id FROM ldap_server_settings " .
151 "WHERE active = 1 " .
152 "AND role_sync_active = 1 ";
153
154 $res = $ilDB->query($query);
155 $server_ids = array();
156 while ($row = $ilDB->fetchObject($res)) {
157 $server_ids[] = $row->server_id;
158 }
159 return $server_ids;
160 }
161
169 public static function _getPasswordServers()
170 {
171 return ilLDAPServer::_getActiveServerList();
172 }
173
174
180 public static function _getFirstActiveServer()
181 {
182 $servers = ilLDAPServer::_getActiveServerList();
183 if (count($servers)) {
184 return $servers[0];
185 }
186 return 0;
187 }
188
194 public static function _getServerList()
195 {
196 global $ilDB;
197
198 $query = "SELECT server_id FROM ldap_server_settings ORDER BY name";
199
200 $res = $ilDB->query($query);
201 while ($row = $ilDB->fetchObject($res)) {
202 $server_ids[] = $row->server_id;
203 }
204 return $server_ids ? $server_ids : array();
205 }
206
212 public static function getServerIds()
213 {
214 global $ilDB;
215
216 $query = "SELECT server_id FROM ldap_server_settings ORDER BY name";
217
218
219 $res = $ilDB->query($query);
220
221 $server = array();
222 while ($row = $res->fetchRow(ilDBConstants::FETCHMODE_OBJECT)) {
223 $server[] = $row->server_id;
224 }
225 return $server;
226 }
227
233 public static function _getAllServer()
234 {
235 global $ilDB;
236
237 $query = "SELECT * FROM ldap_server_settings ORDER BY name";
238
239 $server = array();
240
241 $res = $ilDB->query($query);
242 while ($row = $ilDB->fetchAssoc($res)) {
243 $server[] = $row;
244 }
245 return $server;
246 }
247
248 /*
249 * Get first server id
250 *
251 * @return integer server_id
252 */
253 public static function _getFirstServer()
254 {
255 $servers = ilLDAPServer::_getServerList();
256
257 if (count($servers)) {
258 return $servers[0];
259 }
260 return 0;
261 }
262
263
264 public static function getAvailableDataSources($a_auth_mode)
265 {
266 global $ilDB;
267
268 $query = "SELECT server_id FROM ldap_server_settings " .
269 "WHERE active = " . $ilDB->quote(1, 'integer') . " " .
270 "AND authentication = " . $ilDB->quote(0, 'integer') . " " .
271 "AND ( authentication_type = " . $ilDB->quote($a_auth_mode, 'integer') . " " .
272 "OR authentication_type = " . $ilDB->quote(0, 'integer') . ")";
273 $res = $ilDB->query($query);
274
275 $server_ids = array();
276 while ($row = $res->fetchRow(ilDBConstants::FETCHMODE_OBJECT)) {
277 $server_ids[] = $row->server_id;
278 }
279 return $server_ids;
280 }
281
288 public static function isDataSourceActive($a_auth_mode)
289 {
290 global $ilDB;
291
292 $query = "SELECT server_id FROM ldap_server_settings " .
293 "WHERE authentication_type = " . $ilDB->quote($a_auth_mode, 'integer') . " " .
294 "AND authentication = " . $ilDB->quote(0, 'integer');
295 $res = $ilDB->query($query);
296 while ($row = $res->fetchRow(ilDBConstants::FETCHMODE_OBJECT)) {
297 return true;
298 }
299 return false;
300 }
301
302 public static function getDataSource($a_auth_mode)
303 {
304 global $ilDB;
305
306 $query = "SELECT server_id FROM ldap_server_settings " .
307 "WHERE authentication_type = " . $ilDB->quote($a_auth_mode, 'integer') . " ";
308 $res = $ilDB->query($query);
309 while ($row = $res->fetchRow(ilDBConstants::FETCHMODE_OBJECT)) {
310 return $row->server_id;
311 }
312 return 0;
313 }
314
318 public static function disableDataSourceForAuthMode($a_authmode)
319 {
320 global $ilDB;
321
322 $query = 'UPDATE ldap_server_settings ' .
323 'SET authentication_type = ' . $ilDB->quote(0, 'integer') . ' ' .
324 'WHERE authentication_type = ' . $ilDB->quote($a_authmode, 'integer');
325 $ilDB->manipulate($query);
326 return true;
327 }
328
329
330
337 public static function toggleDataSource($a_ldap_server_id, $a_auth_mode, $a_status)
338 {
339 global $ilDB;
340
341 self::disableDataSourceForAuthMode($a_auth_mode);
342
343 if ($a_status) {
344 $query = "UPDATE ldap_server_settings " .
345 'SET authentication_type = ' . $ilDB->quote($a_auth_mode, 'integer') . " " .
346 'WHERE server_id = ' . $ilDB->quote($a_ldap_server_id, 'integer');
347 $ilDB->manipulate($query);
348 }
349 return true;
350 }
351
352 // begin-patch ldap_multiple
357 public static function isAuthModeLDAP($a_auth_mode)
358 {
359 if (!$a_auth_mode) {
360 $GLOBALS['ilLog']->write(__METHOD__ . ': No auth mode given..............');
361 return false;
362 }
363 $auth_arr = explode('_', $a_auth_mode);
364 return ($auth_arr[0] == AUTH_LDAP) and $auth_arr[1];
365 }
366
372 public static function getServerIdByAuthMode($a_auth_mode)
373 {
374 if (self::isAuthModeLDAP($a_auth_mode)) {
375 $auth_arr = explode('_', $a_auth_mode);
376 return $auth_arr[1];
377 }
378 return null;
379 }
380
385 public static function getAuthModeByKey($a_auth_key)
386 {
387 $auth_arr = explode('_', $a_auth_key);
388 if (count((array) $auth_arr) > 1) {
389 return 'ldap_' . $auth_arr[1];
390 }
391 return 'ldap';
392 }
393
399 public static function getKeyByAuthMode($a_auth_mode)
400 {
401 $auth_arr = explode('_', $a_auth_mode);
402 if (count((array) $auth_arr) > 1) {
403 return AUTH_LDAP . '_' . $auth_arr[1];
404 }
405 return AUTH_LDAP;
406 }
407
408 // end-patch ldap_multiple
409
410 // Set/Get
411 public function getServerId()
412 {
413 return $this->server_id;
414 }
415
420 public function enableAuthentication($a_status)
421 {
422 $this->enabled_authentication = (bool) $a_status;
423 }
424
429 public function isAuthenticationEnabled()
430 {
431 return (bool) $this->enabled_authentication;
432 }
433
438 public function setAuthenticationMapping($a_map)
439 {
440 $this->authentication_mapping = $a_map;
441 }
442
447 public function getAuthenticationMapping()
448 {
449 return $this->authentication_mapping;
450 }
451
457 public function getAuthenticationMappingKey()
458 {
459 if ($this->isAuthenticationEnabled() or !$this->getAuthenticationMapping()) {
460 // begin-patch ldap_multiple
461 return 'ldap_' . $this->getServerId();
462 #return 'ldap';
463 // end-patch ldap_multiple
464 }
465 return ilAuthUtils::_getAuthModeName($this->getAuthenticationMapping());
466 }
467
468 public function toggleActive($a_status)
469 {
470 $this->active = $a_status;
471 }
472 public function isActive()
473 {
474 return $this->active;
475 }
476 public function getUrl()
477 {
478 return $this->url;
479 }
480 public function setUrl($a_url)
481 {
482 $this->url_string = $a_url;
483
484 // Maybe there are more than one url's (comma seperated).
485 $urls = explode(',', $a_url);
486
487 $counter = 0;
488 foreach ($urls as $url) {
489 $url = trim($url);
490 if (!$counter++) {
491 $this->url = $url;
492 } else {
493 $this->fallback_urls[] = $url;
494 }
495 }
496 }
497 public function getUrlString()
498 {
499 return $this->url_string;
500 }
501
509 public function doConnectionCheck()
510 {
511 include_once('Services/LDAP/classes/class.ilLDAPQuery.php');
512
513 foreach (array_merge(array(0 => $this->url), $this->fallback_urls) as $url) {
514 try {
515 ilLoggerFactory::getLogger('auth')->debug('Using url: ' . $url);
516 // Need to do a full bind, since openldap return valid connection links for invalid hosts
517 $query = new ilLDAPQuery($this, $url);
518 $query->bind(IL_LDAP_BIND_TEST);
519 $this->url = $url;
520 return true;
521 } catch (ilLDAPQueryException $exc) {
522 $this->rotateFallbacks();
523 ilLoggerFactory::getLogger('auth')->error('Cannot connect to LDAP server: ' . $url . ' ' . $exc->getCode() . ' ' . $exc->getMessage());
524 }
525 }
526 ilLoggerFactory::getLogger('auth')->warning('No valid LDAP server found');
527 return false;
528 }
529
530
531 public function getName()
532 {
533 return $this->name;
534 }
535 public function setName($a_name)
536 {
537 $this->name = $a_name;
538 }
539 public function getVersion()
540 {
541 return $this->version ? $this->version : self::DEFAULT_VERSION;
542 }
543 public function setVersion($a_version)
544 {
545 $this->version = $a_version;
546 }
547 public function getBaseDN()
548 {
549 return $this->base_dn;
550 }
551 public function setBaseDN($a_base_dn)
552 {
553 $this->base_dn = $a_base_dn;
554 }
555 public function isActiveReferrer()
556 {
557 return $this->referrals ? true : false;
558 }
559 public function toggleReferrer($a_status)
560 {
561 $this->referrals = $a_status;
562 }
563 public function isActiveTLS()
564 {
565 return $this->tls ? true : false;
566 }
567 public function toggleTLS($a_status)
568 {
569 $this->tls = $a_status;
570 }
571 public function getBindingType()
572 {
573 return $this->binding_type;
574 }
575 public function setBindingType($a_type)
576 {
577 if ($a_type == IL_LDAP_BIND_USER) {
578 $this->binding_type = IL_LDAP_BIND_USER;
579 } else {
580 $this->binding_type = IL_LDAP_BIND_ANONYMOUS;
581 }
582 }
583 public function getBindUser()
584 {
585 return $this->bind_user;
586 }
587 public function setBindUser($a_user)
588 {
589 $this->bind_user = $a_user;
590 }
591 public function getBindPassword()
592 {
593 return $this->bind_password;
594 }
595 public function setBindPassword($a_password)
596 {
597 $this->bind_password = $a_password;
598 }
599 public function getSearchBase()
600 {
601 return $this->search_base;
602 }
603 public function setSearchBase($a_search_base)
604 {
605 $this->search_base = $a_search_base;
606 }
607 public function getUserAttribute()
608 {
609 return $this->user_attribute;
610 }
611 public function setUserAttribute($a_user_attr)
612 {
613 $this->user_attribute = $a_user_attr;
614 }
615 public function getFilter()
616 {
617 return $this->prepareFilter($this->filter);
618 }
619 public function setFilter($a_filter)
620 {
621 $this->filter = $a_filter;
622 }
623 public function getGroupDN()
624 {
625 return $this->group_dn;
626 }
627 public function setGroupDN($a_value)
628 {
629 $this->group_dn = $a_value;
630 }
631 public function getGroupFilter()
632 {
633 return $this->prepareFilter($this->group_filter);
634 }
635 public function setGroupFilter($a_value)
636 {
637 $this->group_filter = $a_value;
638 }
639 public function getGroupMember()
640 {
641 return $this->group_member;
642 }
643 public function setGroupMember($a_value)
644 {
645 $this->group_member = $a_value;
646 }
647 public function getGroupName()
648 {
649 return $this->group_name;
650 }
651 public function setGroupName($a_value)
652 {
653 $this->group_name = $a_value;
654 }
655
660 public function getGroupNames()
661 {
662 $names = explode(',', $this->getGroupName());
663
664 if (!is_array($names)) {
665 return array();
666 }
667
668 return array_filter(array_map('trim', $names));
669 }
670
671
672 public function getGroupAttribute()
673 {
674 return $this->group_attribute;
675 }
676 public function setGroupAttribute($a_value)
677 {
678 $this->group_attribute = $a_value;
679 }
680
681 public function toggleMembershipOptional($a_status)
682 {
683 $this->group_optional = (bool) $a_status;
684 }
685 public function isMembershipOptional()
686 {
687 return (bool) $this->group_optional;
688 }
689 public function setGroupUserFilter($a_filter)
690 {
691 $this->group_user_filter = $a_filter;
692 }
693 public function getGroupUserFilter()
694 {
695 return $this->group_user_filter;
696 }
697
698 public function enabledGroupMemberIsDN()
699 {
700 return (bool) $this->memberisdn;
701 }
702 public function enableGroupMemberIsDN($a_value)
703 {
704 $this->memberisdn = (bool) $a_value;
705 }
706 public function setGroupScope($a_value)
707 {
708 $this->group_scope = $a_value;
709 }
710 public function getGroupScope()
711 {
712 return $this->group_scope;
713 }
714 public function setUserScope($a_value)
715 {
716 $this->user_scope = $a_value;
717 }
718 public function getUserScope()
719 {
720 return $this->user_scope;
721 }
722 public function enabledSyncOnLogin()
723 {
724 return $this->sync_on_login;
725 }
726 public function enableSyncOnLogin($a_value)
727 {
728 $this->sync_on_login = (int) $a_value;
729 }
730 public function enabledSyncPerCron()
731 {
732 return $this->sync_per_cron;
733 }
734 public function enableSyncPerCron($a_value)
735 {
736 $this->sync_per_cron = (int) $a_value;
737 }
738 public function setGlobalRole($a_role)
739 {
740 $this->global_role = $a_role;
741 }
742 public function getRoleBindDN()
743 {
744 return $this->role_bind_dn;
745 }
746 public function setRoleBindDN($a_value)
747 {
748 $this->role_bind_dn = $a_value;
749 }
750 public function getRoleBindPassword()
751 {
752 return $this->role_bind_pass;
753 }
754 public function setRoleBindPassword($a_value)
755 {
756 $this->role_bind_pass = $a_value;
757 }
758 public function enabledRoleSynchronization()
759 {
760 return $this->role_sync_active;
761 }
762 public function enableRoleSynchronization($a_value)
763 {
764 $this->role_sync_active = $a_value;
765 }
766 // start Patch Name Filter
767 public function getUsernameFilter()
768 {
769 return $this->username_filter;
770 }
771 public function setUsernameFilter($a_value)
772 {
773 $this->username_filter = $a_value;
774 }// end Patch Name Filter
775
783 public function enableAccountMigration($a_status)
784 {
785 $this->account_migration = $a_status;
786 }
787
794 public function isAccountMigrationEnabled()
795 {
796 return $this->account_migration ? true : false;
797 }
798
799
805 public function validate()
806 {
807 global $ilErr;
808
809 $ilErr->setMessage('');
810 if (!strlen($this->getName()) ||
811 !strlen($this->getUrl()) ||
812 !strlen($this->getBaseDN()) ||
813 !strlen($this->getUserAttribute())) {
814 $ilErr->setMessage($this->lng->txt('fill_out_all_required_fields'));
815 }
816
817 if ($this->getBindingType() == IL_LDAP_BIND_USER
818 && (!strlen($this->getBindUser()) || !strlen($this->getBindPassword()))) {
819 $ilErr->appendMessage($this->lng->txt('ldap_missing_bind_user'));
820 }
821
822 if (($this->enabledSyncPerCron() or $this->enabledSyncOnLogin()) and !$this->global_role) {
823 $ilErr->appendMessage($this->lng->txt('ldap_missing_role_assignment'));
824 }
825 if ($this->getVersion() == 2 and $this->isActiveTLS()) {
826 $ilErr->appendMessage($this->lng->txt('ldap_tls_conflict'));
827 }
828
829 return strlen($ilErr->getMessage()) ? false : true;
830 }
831
832 public function create()
833 {
834 global $ilDB;
835 // start Patch Name Filter remove ",username_filter", ",%s", ",$this->getUsernameFilter()"
836 $next_id = $ilDB->nextId('ldap_server_settings');
837
838 $query = 'INSERT INTO ldap_server_settings (server_id,active,name,url,version,base_dn,referrals,tls,bind_type,bind_user,bind_pass,' .
839 'search_base,user_scope,user_attribute,filter,group_dn,group_scope,group_filter,group_member,group_memberisdn,group_name,' .
840 'group_attribute,group_optional,group_user_filter,sync_on_login,sync_per_cron,role_sync_active,role_bind_dn,role_bind_pass,migration, ' .
841 'authentication,authentication_type,username_filter) ' .
842 'VALUES (%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s)';
843 $res = $ilDB->queryF(
844 $query,
845 array(
846 'integer','integer','text','text','integer','text','integer','integer','integer','text','text','text','integer',
847 'text','text','text','integer','text','text','integer','text','text','integer','text','integer','integer','integer',
848 'text','text', 'integer','integer','integer',"text"),
849 array(
850 $next_id,
851 $this->isActive(),
852 $this->getName(),
853 $this->getUrlString(),
854 $this->getVersion(),
855 $this->getBaseDN(),
856 $this->isActiveReferrer(),
857 $this->isActiveTLS(),
858 $this->getBindingType(),
859 $this->getBindUser(),
860 $this->getBindPassword(),
861 $this->getSearchBase(),
862 $this->getUserScope(),
863 $this->getUserAttribute(),
864 $this->getFilter(),
865 $this->getGroupDN(),
866 $this->getGroupScope(),
867 $this->getGroupFilter(),
868 $this->getGroupMember(),
869 $this->enabledGroupMemberIsDN(),
870 $this->getGroupName(),
871 $this->getGroupAttribute(),
872 $this->isMembershipOptional(),
873 $this->getGroupUserFilter(),
874 $this->enabledSyncOnLogin(),
875 $this->enabledSyncPerCron(),
876 $this->enabledRoleSynchronization(),
877 $this->getRoleBindDN(),
878 $this->getRoleBindPassword(),
879 $this->isAccountMigrationEnabled(),
880 $this->isAuthenticationEnabled(),
881 $this->getAuthenticationMapping(),
882 $this->getUsernameFilter()
883 )
884 );
885 // end Patch Name Filter
886 $this->server_id = $next_id;
887 return $next_id;
888 }
889
890 public function update()
891 {
892 global $ilDB;
893
894 $query = "UPDATE ldap_server_settings SET " .
895 "active = " . $this->db->quote($this->isActive(), 'integer') . ", " .
896 "name = " . $this->db->quote($this->getName(), 'text') . ", " .
897 "url = " . $this->db->quote($this->getUrlString(), 'text') . ", " .
898 "version = " . $this->db->quote($this->getVersion(), 'integer') . ", " .
899 "base_dn = " . $this->db->quote($this->getBaseDN(), 'text') . ", " .
900 "referrals = " . $this->db->quote($this->isActiveReferrer(), 'integer') . ", " .
901 "tls = " . $this->db->quote($this->isActiveTLS(), 'integer') . ", " .
902 "bind_type = " . $this->db->quote($this->getBindingType(), 'integer') . ", " .
903 "bind_user = " . $this->db->quote($this->getBindUser(), 'text') . ", " .
904 "bind_pass = " . $this->db->quote($this->getBindPassword(), 'text') . ", " .
905 "search_base = " . $this->db->quote($this->getSearchBase(), 'text') . ", " .
906 "user_scope = " . $this->db->quote($this->getUserScope(), 'integer') . ", " .
907 "user_attribute = " . $this->db->quote($this->getUserAttribute(), 'text') . ", " .
908 "filter = " . $this->db->quote($this->getFilter(), 'text') . ", " .
909 "group_dn = " . $this->db->quote($this->getGroupDN(), 'text') . ", " .
910 "group_scope = " . $this->db->quote($this->getGroupScope(), 'integer') . ", " .
911 "group_filter = " . $this->db->quote($this->getGroupFilter(), 'text') . ", " .
912 "group_member = " . $this->db->quote($this->getGroupMember(), 'text') . ", " .
913 "group_memberisdn =" . $this->db->quote((int) $this->enabledGroupMemberIsDN(), 'integer') . ", " .
914 "group_name = " . $this->db->quote($this->getGroupName(), 'text') . ", " .
915 "group_attribute = " . $this->db->quote($this->getGroupAttribute(), 'text') . ", " .
916 "group_optional = " . $this->db->quote((int) $this->isMembershipOptional(), 'integer') . ", " .
917 "group_user_filter = " . $this->db->quote($this->getGroupUserFilter(), 'text') . ", " .
918 "sync_on_login = " . $this->db->quote(($this->enabledSyncOnLogin() ? 1 : 0), 'integer') . ", " .
919 "sync_per_cron = " . $this->db->quote(($this->enabledSyncPerCron() ? 1 : 0), 'integer') . ", " .
920 "role_sync_active = " . $this->db->quote($this->enabledRoleSynchronization(), 'integer') . ", " .
921 "role_bind_dn = " . $this->db->quote($this->getRoleBindDN(), 'text') . ", " .
922 "role_bind_pass = " . $this->db->quote($this->getRoleBindPassword(), 'text') . ", " .
923 "migration = " . $this->db->quote((int) $this->isAccountMigrationEnabled(), 'integer') . ", " .
924 'authentication = ' . $this->db->quote((int) $this->isAuthenticationEnabled(), 'integer') . ', ' .
925 'authentication_type = ' . $this->db->quote((int) $this->getAuthenticationMapping(), 'integer') . ' ' .
926 // start Patch Name Filter
927 ", username_filter = " . $this->db->quote($this->getUsernameFilter(), "text") . " " .
928 // end Patch Name Filter
929 "WHERE server_id = " . $this->db->quote($this->getServerId(), 'integer');
930
931 $res = $ilDB->manipulate($query);
932 return true;
933 }
934
938 public function delete()
939 {
940 if (!$this->getServerId()) {
941 return false;
942 }
943
944 include_once 'Services/LDAP/classes/class.ilLDAPAttributeMapping.php';
945 ilLDAPAttributeMapping::_delete($this->getServerId());
946
947 include_once 'Services/LDAP/classes/class.ilLDAPRoleAssignmentRule.php';
948 $rules = ilLDAPRoleAssignmentRule::_getRules($this->getServerId());
949
950 foreach ($rules as $ruleAssigment) {
951 $ruleAssigment->delete();
952 }
953
954 include_once 'Services/LDAP/classes/class.ilLDAPRoleGroupMappingSettings.php';
955 ilLDAPRoleGroupMappingSettings::_deleteByServerId($this->getServerId());
956
957 $query = "DELETE FROM ldap_server_settings " .
958 "WHERE server_id = " . $this->db->quote($this->getServerId(), 'integer');
959 $res = $this->db->manipulate($query);
960 }
961
967 public function toPearAuthArray()
968 {
969 $options = array(
970 'url' => $this->getUrl(),
971 'version' => (int) $this->getVersion(),
972 'referrals' => (bool) $this->isActiveReferrer());
973
974 if ($this->getBindingType() == IL_LDAP_BIND_USER) {
975 $options['binddn'] = $this->getBindUser();
976 $options['bindpw'] = $this->getBindPassword();
977 }
978 $options['basedn'] = $this->getBaseDN();
979 $options['start_tls'] = (bool) $this->isActiveTLS();
980 $options['userdn'] = $this->getSearchBase();
981 switch ($this->getUserScope()) {
982 case IL_LDAP_SCOPE_ONE:
983 $options['userscope'] = 'one';
984 break;
985 default:
986 $options['userscope'] = 'sub';
987 break;
988 }
989
990 $options['userattr'] = $this->getUserAttribute();
991 $options['userfilter'] = $this->getFilter();
992 $options['attributes'] = $this->getPearAtributeArray();
993 $options['debug'] = self::DEBUG;
994
995 if (@include_once('Log.php')) {
996 if (@include_once('Log/observer.php')) {
997 $options['enableLogging'] = true;
998 }
999 }
1000 switch ($this->getGroupScope()) {
1001 case IL_LDAP_SCOPE_BASE:
1002 $options['groupscope'] = 'base';
1003 break;
1004 case IL_LDAP_SCOPE_ONE:
1005 $options['groupscope'] = 'one';
1006 break;
1007 default:
1008 $options['groupscope'] = 'sub';
1009 break;
1010 }
1011 $options['groupdn'] = $this->getGroupDN();
1012 $options['groupattr'] = $this->getGroupAttribute();
1013 $options['groupfilter'] = $this->getGroupFilter();
1014 $options['memberattr'] = $this->getGroupMember();
1015 $options['memberisdn'] = $this->enabledGroupMemberIsDN();
1016 $options['group'] = $this->getGroupName();
1017
1018
1019 return $options;
1020 }
1021
1029 private function prepareFilter($a_filter)
1030 {
1031 $filter = trim($a_filter);
1032
1033 if (!strlen($filter)) {
1034 return $filter;
1035 }
1036
1037 if (strpos($filter, '(') !== 0) {
1038 $filter = ('(' . $filter);
1039 }
1040 if (substr($filter, -1) != ')') {
1041 $filter = ($filter . ')');
1042 }
1043 return $filter;
1044 }
1045
1053 private function getPearAtributeArray()
1054 {
1055 if ($this->enabledSyncOnLogin()) {
1056 include_once('Services/LDAP/classes/class.ilLDAPAttributeMapping.php');
1057 include_once('Services/LDAP/classes/class.ilLDAPRoleAssignmentRules.php');
1058 $mapping = ilLDAPAttributeMapping::_getInstanceByServerId($this->getServerId());
1059 return array_merge(
1060 array($this->getUserAttribute()),
1061 $mapping->getFields(),
1062 array('dn'),
1063 ilLDAPRoleAssignmentRules::getAttributeNames($this->getServerId())
1064 );
1065 } else {
1066 return array($this->getUserAttribute());
1067 }
1068 }
1069
1070
1071
1076 private function read()
1077 {
1078 if (!$this->server_id) {
1079 return true;
1080 }
1081 $query = "SELECT * FROM ldap_server_settings WHERE server_id = " . $this->db->quote($this->server_id) . "";
1082
1083 $res = $this->db->query($query);
1084 while ($row = $res->fetchRow(ilDBConstants::FETCHMODE_OBJECT)) {
1085 $this->toggleActive($row->active);
1086 $this->setName($row->name);
1087 $this->setUrl($row->url);
1088 $this->setVersion($row->version);
1089 $this->setBaseDN($row->base_dn);
1090 $this->toggleReferrer($row->referrals);
1091 $this->toggleTLS($row->tls);
1092 $this->setBindingType($row->bind_type);
1093 $this->setBindUser($row->bind_user);
1094 $this->setBindPassword($row->bind_pass);
1095 $this->setSearchBase($row->search_base);
1096 $this->setUserScope($row->user_scope);
1097 $this->setUserAttribute($row->user_attribute);
1098 $this->setFilter($row->filter);
1099 $this->setGroupDN($row->group_dn);
1100 $this->setGroupScope($row->group_scope);
1101 $this->setGroupFilter($row->group_filter);
1102 $this->setGroupMember($row->group_member);
1103 $this->setGroupAttribute($row->group_attribute);
1104 $this->toggleMembershipOptional($row->group_optional);
1105 $this->setGroupUserFilter($row->group_user_filter);
1106 $this->enableGroupMemberIsDN($row->group_memberisdn);
1107 $this->setGroupName($row->group_name);
1108 $this->enableSyncOnLogin($row->sync_on_login);
1109 $this->enableSyncPerCron($row->sync_per_cron);
1110 $this->enableRoleSynchronization($row->role_sync_active);
1111 $this->setRoleBindDN($row->role_bind_dn);
1112 $this->setRoleBindPassword($row->role_bind_pass);
1113 $this->enableAccountMigration($row->migration);
1114 $this->enableAuthentication($row->authentication);
1115 $this->setAuthenticationMapping($row->authentication_type);
1116 // start Patch Name Filter
1117 $this->setUsernameFilter($row->username_filter);
1118 // end Patch Name Filter
1119 }
1120 }
1121}
$options
if(!isset( $_REQUEST[ 'ReturnTo'])) if(!isset($_REQUEST['AuthId'])) $options
Definition: as_login.php:20
php
An exception for terminatinating execution or to throw for unit testing.
AUTH_LDAP
const AUTH_LDAP
Definition: class.ilAuthUtils.php:8
IL_LDAP_BIND_TEST
const IL_LDAP_BIND_TEST
Definition: class.ilLDAPQuery.php:26
IL_LDAP_BIND_USER
const IL_LDAP_BIND_USER
Definition: class.ilLDAPServer.php:6
IL_LDAP_SCOPE_BASE
const IL_LDAP_SCOPE_BASE
Definition: class.ilLDAPServer.php:10
IL_LDAP_BIND_ANONYMOUS
const IL_LDAP_BIND_ANONYMOUS
Definition: class.ilLDAPServer.php:5
IL_LDAP_SCOPE_ONE
const IL_LDAP_SCOPE_ONE
Definition: class.ilLDAPServer.php:9
ilAuthUtils\_getAuthModeName
static _getAuthModeName($a_auth_key)
Definition: class.ilAuthUtils.php:245
ilLDAPAttributeMapping\_delete
static _delete($a_server_id)
Delete mapping rules by server id.
Definition: class.ilLDAPAttributeMapping.php:81
ilLDAPAttributeMapping\_getInstanceByServerId
static _getInstanceByServerId($a_server_id)
Get instance of class.
Definition: class.ilLDAPAttributeMapping.php:65
ilLDAPRoleAssignmentRule\_getRules
static _getRules($a_server_id)
Get all rules.
Definition: class.ilLDAPRoleAssignmentRule.php:179
ilLDAPRoleAssignmentRules\getAttributeNames
static getAttributeNames($a_server_id)
get all possible attribute names
Definition: class.ilLDAPRoleAssignmentRules.php:81
ilLDAPServer\getServerIdByAuthMode
static getServerIdByAuthMode($a_auth_mode)
Get auth id by auth mode.
Definition: class.ilLDAPServer.php:372
ilLDAPServer\setGroupScope
setGroupScope($a_value)
Definition: class.ilLDAPServer.php:706
ilLDAPServer\_getServerList
static _getServerList()
Get list of all configured servers.
Definition: class.ilLDAPServer.php:194
ilLDAPServer\isAuthenticationEnabled
isAuthenticationEnabled()
Check if authentication is enabled.
Definition: class.ilLDAPServer.php:429
ilLDAPServer\setGroupName
setGroupName($a_value)
Definition: class.ilLDAPServer.php:651
ilLDAPServer\getDataSource
static getDataSource($a_auth_mode)
Definition: class.ilLDAPServer.php:302
ilLDAPServer\read
read()
Read server settings.
Definition: class.ilLDAPServer.php:1076
ilLDAPServer\setGroupAttribute
setGroupAttribute($a_value)
Definition: class.ilLDAPServer.php:676
ilLDAPServer\setAuthenticationMapping
setAuthenticationMapping($a_map)
Set mapped authentication mapping.
Definition: class.ilLDAPServer.php:438
ilLDAPServer\_getCronServerIds
static _getCronServerIds()
Get list of acticve servers with option 'SyncCron'.
Definition: class.ilLDAPServer.php:123
ilLDAPServer\disableDataSourceForAuthMode
static disableDataSourceForAuthMode($a_authmode)
Disable data source.
Definition: class.ilLDAPServer.php:318
ilLDAPServer\checkLDAPLib
static checkLDAPLib()
Check if ldap module is installed.
Definition: class.ilLDAPServer.php:93
ilLDAPServer\setSearchBase
setSearchBase($a_search_base)
Definition: class.ilLDAPServer.php:603
ilLDAPServer\getInstanceByServerId
static getInstanceByServerId($a_server_id)
Get instance by server id.
Definition: class.ilLDAPServer.php:58
ilLDAPServer\enableSyncOnLogin
enableSyncOnLogin($a_value)
Definition: class.ilLDAPServer.php:726
ilLDAPServer\getAuthenticationMapping
getAuthenticationMapping()
Get authentication mode that is mapped.
Definition: class.ilLDAPServer.php:447
ilLDAPServer\doConnectionCheck
doConnectionCheck()
Check ldap connection and do a fallback to the next server if no connection is possible.
Definition: class.ilLDAPServer.php:509
ilLDAPServer\_getActiveServerList
static _getActiveServerList()
Get active server list.
Definition: class.ilLDAPServer.php:103
ilLDAPServer\_getPasswordServers
static _getPasswordServers()
Checks whether password synchronistation is enabled for an user.
Definition: class.ilLDAPServer.php:169
ilLDAPServer\getAuthModeByKey
static getAuthModeByKey($a_auth_key)
get auth mode by key
Definition: class.ilLDAPServer.php:385
ilLDAPServer\toggleTLS
toggleTLS($a_status)
Definition: class.ilLDAPServer.php:567
ilLDAPServer\setRoleBindDN
setRoleBindDN($a_value)
Definition: class.ilLDAPServer.php:746
ilLDAPServer\enableGroupMemberIsDN
enableGroupMemberIsDN($a_value)
Definition: class.ilLDAPServer.php:702
ilLDAPServer\setUsernameFilter
setUsernameFilter($a_value)
Definition: class.ilLDAPServer.php:771
ilLDAPServer\toPearAuthArray
toPearAuthArray()
Creates an array of options compatible to PEAR Auth.
Definition: class.ilLDAPServer.php:967
ilLDAPServer\validate
validate()
Validate user input.
Definition: class.ilLDAPServer.php:805
ilLDAPServer\_getAllServer
static _getAllServer()
Get list of all configured servers.
Definition: class.ilLDAPServer.php:233
ilLDAPServer\enableSyncPerCron
enableSyncPerCron($a_value)
Definition: class.ilLDAPServer.php:734
ilLDAPServer\toggleReferrer
toggleReferrer($a_status)
Definition: class.ilLDAPServer.php:559
ilLDAPServer\setUserScope
setUserScope($a_value)
Definition: class.ilLDAPServer.php:714
ilLDAPServer\setGroupUserFilter
setGroupUserFilter($a_filter)
Definition: class.ilLDAPServer.php:689
ilLDAPServer\enableRoleSynchronization
enableRoleSynchronization($a_value)
Definition: class.ilLDAPServer.php:762
ilLDAPServer\DEFAULT_NETWORK_TIMEOUT
const DEFAULT_NETWORK_TIMEOUT
Definition: class.ilLDAPServer.php:30
ilLDAPServer\isAuthModeLDAP
static isAuthModeLDAP($a_auth_mode)
Check if user auth mode is LDAP.
Definition: class.ilLDAPServer.php:357
ilLDAPServer\isDataSourceActive
static isDataSourceActive($a_auth_mode)
Check if a data source is active for a specific auth mode @global ilDB $ilDB.
Definition: class.ilLDAPServer.php:288
ilLDAPServer\getAuthenticationMappingKey
getAuthenticationMappingKey()
Get authentication mapping key Default is ldap.
Definition: class.ilLDAPServer.php:457
ilLDAPServer\setFilter
setFilter($a_filter)
Definition: class.ilLDAPServer.php:619
ilLDAPServer\getGroupNames
getGroupNames()
Get group names as array.
Definition: class.ilLDAPServer.php:660
ilLDAPServer\toggleMembershipOptional
toggleMembershipOptional($a_status)
Definition: class.ilLDAPServer.php:681
ilLDAPServer\__construct
__construct($a_server_id=0)
Definition: class.ilLDAPServer.php:42
ilLDAPServer\setRoleBindPassword
setRoleBindPassword($a_value)
Definition: class.ilLDAPServer.php:754
ilLDAPServer\getPearAtributeArray
getPearAtributeArray()
Get attribute array for pear auth data.
Definition: class.ilLDAPServer.php:1053
ilLDAPServer\isAccountMigrationEnabled
isAccountMigrationEnabled()
enabled account migration
Definition: class.ilLDAPServer.php:794
ilLDAPServer\rotateFallbacks
rotateFallbacks()
Rotate fallback urls in case of connect timeouts.
Definition: class.ilLDAPServer.php:70
ilLDAPServer\setBindPassword
setBindPassword($a_password)
Definition: class.ilLDAPServer.php:595
ilLDAPServer\toggleDataSource
static toggleDataSource($a_ldap_server_id, $a_auth_mode, $a_status)
Toggle Data Source.
Definition: class.ilLDAPServer.php:337
ilLDAPServer\toggleActive
toggleActive($a_status)
Definition: class.ilLDAPServer.php:468
ilLDAPServer\setGroupMember
setGroupMember($a_value)
Definition: class.ilLDAPServer.php:643
ilLDAPServer\setVersion
setVersion($a_version)
Definition: class.ilLDAPServer.php:543
ilLDAPServer\_getFirstServer
static _getFirstServer()
Definition: class.ilLDAPServer.php:253
ilLDAPServer\setGroupFilter
setGroupFilter($a_value)
Definition: class.ilLDAPServer.php:635
ilLDAPServer\setBaseDN
setBaseDN($a_base_dn)
Definition: class.ilLDAPServer.php:551
ilLDAPServer\setUserAttribute
setUserAttribute($a_user_attr)
Definition: class.ilLDAPServer.php:611
ilLDAPServer\_getRoleSyncServerIds
static _getRoleSyncServerIds()
Check whether there if there is an active server with option role_sync_active.
Definition: class.ilLDAPServer.php:146
ilLDAPServer\enableAccountMigration
enableAccountMigration($a_status)
Enable account migration.
Definition: class.ilLDAPServer.php:783
ilLDAPServer\enableAuthentication
enableAuthentication($a_status)
Enable authentication for this ldap server.
Definition: class.ilLDAPServer.php:420
ilLDAPServer\getAvailableDataSources
static getAvailableDataSources($a_auth_mode)
Definition: class.ilLDAPServer.php:264
ilLDAPServer\_getFirstActiveServer
static _getFirstActiveServer()
Get first active server.
Definition: class.ilLDAPServer.php:180
ilLDAPServer\getKeyByAuthMode
static getKeyByAuthMode($a_auth_mode)
Get auth id by auth mode.
Definition: class.ilLDAPServer.php:399
ilLDAPServer\getServerIds
static getServerIds()
Get all server ids @global ilDB $ilDB.
Definition: class.ilLDAPServer.php:212
ilLDAPServer\prepareFilter
prepareFilter($a_filter)
Create brackets for filters if they do not exist.
Definition: class.ilLDAPServer.php:1029
ilLoggerFactory\getLogger
static getLogger($a_component_id)
Get component logger.
Definition: class.ilLoggerFactory.php:79
$counter
$counter
Definition: config-scanner.php:59
$urls
$urls
Definition: croninfo.php:28
$GLOBALS
$GLOBALS['loaded']
Global hash that tracks already loaded includes.
Definition: generate-standalone.php:18
$server
$server
Definition: getUserInfo.php:12
$name
if($format !==null) $name
Definition: metadata.php:146
$lng
global $lng
Definition: privfeed.php:17
$query
$query
Definition: proxy_ylocal.php:13
$url
$url
Definition: proxy_ylocal.php:28
$ilErr
global $ilErr
Definition: raiseError.php:16
$res
foreach($_POST as $key=> $value) $res
Definition: save_question_post_data.php:15
$ilDB
global $ilDB
Definition: storeScorm2004.php:19
$a_type
$a_type
Definition: workflow.php:92