ILIAS  release_5-3 Revision v5.3.23-19-g915713cf615
Public Member Functions | Static Public Member Functions | Static Public Attributes | Protected Member Functions | Private Member Functions
ilAuthContainerApache Class Reference
Services/Database

Authentication against ILIAS database. More...

+ Inheritance diagram for ilAuthContainerApache:
+ Collaboration diagram for ilAuthContainerApache:

Public Member Functions

 __construct ()
 Constructor. More...
 

Static Public Member Functions

static forceCreation ($value)
 

Static Public Attributes

static $force_creation = false
 

Protected Member Functions

 updateRequired ($a_username)
 Check if an update is required. More...
 
 handleLDAPDataSource ($a_auth, $ext_account, $settings)
 Handle ldap as data source. More...
 

Private Member Functions

 initLDAPAttributeToUser ()
 Init LDAP attribute mapping private. More...
 

Detailed Description

Authentication against ILIAS database.

Author
Stefan Meyer meyer.nosp@m.@lei.nosp@m.fos.c.nosp@m.om
Version
$Id$

Definition at line 12 of file class.ilAuthContainerApache.php.

Constructor & Destructor Documentation

◆ __construct()

ilAuthContainerApache::__construct ( )

Constructor.

Definition at line 22 of file class.ilAuthContainerApache.php.

23  {
24  parent::__construct();
25  }

Member Function Documentation

◆ forceCreation()

static ilAuthContainerApache::forceCreation (   $value)
static
Parameters
boolean$value

Definition at line 30 of file class.ilAuthContainerApache.php.

References $_GET, $_POST, $_SERVER, $_SESSION, $config, $ilDB, $ilSetting, $info, $key, $list, $password, $query, ilObjUser\_checkExternalAuthAccount(), ilAuthModeDetermination\_getInstance(), array, AUTH_APACHE, AUTH_APACHE_FAILED, AUTH_LDAP, defined, ilLDAPServer\doConnectionCheck(), ilLDAPRoleAssignmentRules\getAssignmentsForCreation(), ilLoggerFactory\getLogger(), handleLDAPDataSource(), initLDAPAttributeToUser(), ilUtil\isLogin(), ilUtil\redirect(), ilLDAPRoleAssignmentRules\ROLE_ACTION_ASSIGN, time, and updateRequired().

31  {
32  self::$force_creation = $value;
33  }
+ Here is the call graph for this function:

◆ handleLDAPDataSource()

ilAuthContainerApache::handleLDAPDataSource (   $a_auth,
  $ext_account,
  $settings 
)
protected

Handle ldap as data source.

Parameters
Auth$auth
string$ext_account

Definition at line 278 of file class.ilAuthContainerApache.php.

References $server, $sync, array, AUTH_RADIUS_NO_ILIAS_USER, ilLDAPServer\getInstanceByServerId(), ilLoggerFactory\getLogger(), and ilUtil\redirect().

Referenced by forceCreation().

279  {
280  include_once './Services/LDAP/classes/class.ilLDAPServer.php';
281  $server = ilLDAPServer::getInstanceByServerId(
282  $settings->get('apache_ldap_sid')
283  );
284 
285  ilLoggerFactory::getLogger('auth')->debug('Using ldap data source with server configuration: ' . $server->getName());
286 
287  include_once './Services/LDAP/classes/class.ilLDAPUserSynchronisation.php';
288  $sync = new ilLDAPUserSynchronisation('ldap_' . $server->getServerId(), $server->getServerId());
289  $sync->setExternalAccount($ext_account);
290  $sync->setUserData(array());
291  $sync->forceCreation(self::$force_creation);
292  $sync->forceReadLdapData(true);
293 
294  try {
295  $internal_account = $sync->sync();
296  } catch (UnexpectedValueException $e) {
297  ilLoggerFactory::getLogger('auth')->info('Login failed with message: ' . $e->getMessage());
298  $a_auth->status = AUTH_WRONG_LOGIN;
299  $a_auth->logout();
300  return false;
301  } catch (ilLDAPSynchronisationForbiddenException $e) {
302  // No syncronisation allowed => create Error
303  ilLoggerFactory::getLogger('auth')->info('Login failed with message: ' . $e->getMessage());
304  $a_auth->status = AUTH_RADIUS_NO_ILIAS_USER;
305  $a_auth->logout();
306  return false;
307  } catch (ilLDAPAccountMigrationRequiredException $e) {
308  ilLoggerFactory::getLogger('auth')->debug('Starting account migration');
309  $a_auth->logout();
310  ilUtil::redirect('ilias.php?baseClass=ilStartUpGUI&cmdClass=ilstartupgui&cmd=showAccountMigration');
311  }
312 
313  $a_auth->setAuth($internal_account);
314  return true;
315  }
ilLDAPUserSynchronisation
Synchronization of user accounts used in auth container ldap, radius , cas,...
Definition: class.ilLDAPUserSynchronisation.php:14
AUTH_RADIUS_NO_ILIAS_USER
const AUTH_RADIUS_NO_ILIAS_USER
Definition: class.ilAuthUtils.php:32
ilLDAPAccountMigrationRequiredException
Description of ilLDAPAccountMigrationRequiredException.
Definition: class.ilLDAPAccountMigrationRequiredException.php:12
ilLDAPServer\getInstanceByServerId
static getInstanceByServerId($a_server_id)
Get instance by server id.
Definition: class.ilLDAPServer.php:58
$sync
$sync
Definition: memcacheSync.php:62
array
Create styles array
The data for the language used.
Definition: 40duplicateStyle.php:19
$server
$server
Definition: getUserInfo.php:12
ilLoggerFactory\getLogger
static getLogger($a_component_id)
Get component logger.
Definition: class.ilLoggerFactory.php:79
ilUtil\redirect
static redirect($a_script)
Definition: class.ilUtil.php:3353
+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ initLDAPAttributeToUser()

ilAuthContainerApache::initLDAPAttributeToUser ( )
private

Init LDAP attribute mapping private.

Definition at line 266 of file class.ilAuthContainerApache.php.

Referenced by forceCreation().

267  {
268  include_once('Services/LDAP/classes/class.ilLDAPAttributeToUser.php');
269  $this->ldap_attr_to_user = new ilLDAPAttributeToUser($this->server);
270  }
ilLDAPAttributeToUser
Update/create ILIAS user account by given LDAP attributes according to user attribute mapping setting...
Definition: class.ilLDAPAttributeToUser.php:34
+ Here is the caller graph for this function:

◆ updateRequired()

ilAuthContainerApache::updateRequired (   $a_username)
protected

Check if an update is required.

Returns
Parameters
string$a_username

Definition at line 245 of file class.ilAuthContainerApache.php.

References ilObjUser\_checkExternalAuthAccount(), ilLDAPRoleAssignmentRule\hasRulesForUpdate(), and ilLDAPAttributeMapping\hasRulesForUpdate().

Referenced by forceCreation().

246  {
247  if (!ilObjUser::_checkExternalAuthAccount("ldap_" . $this->server->getServerId(), $a_username)) {
248  return true;
249  }
250  // Check attribute mapping on login
251  include_once './Services/LDAP/classes/class.ilLDAPAttributeMapping.php';
252  if (ilLDAPAttributeMapping::hasRulesForUpdate($this->server->getServerId())) {
253  return true;
254  }
255  include_once './Services/LDAP/classes/class.ilLDAPRoleAssignmentRule.php';
256  if (ilLDAPRoleAssignmentRule::hasRulesForUpdate()) {
257  return true;
258  }
259  return false;
260  }
ilLDAPRoleAssignmentRule\hasRulesForUpdate
static hasRulesForUpdate()
Check if there any rule for updates.
Definition: class.ilLDAPRoleAssignmentRule.php:71
ilLDAPAttributeMapping\hasRulesForUpdate
static hasRulesForUpdate($a_server_id)
Check if there is ldap attribute -> user data mapping which which is updated on login.
Definition: class.ilLDAPAttributeMapping.php:118
ilObjUser\_checkExternalAuthAccount
static _checkExternalAuthAccount($a_auth, $a_account, $tryFallback=true)
check whether external account and authentication method matches with a user
Definition: class.ilObjUser.php:3692
+ Here is the call graph for this function:
+ Here is the caller graph for this function:

Field Documentation

◆ $force_creation

ilAuthContainerApache::$force_creation = false
static

Definition at line 17 of file class.ilAuthContainerApache.php.

The documentation for this class was generated from the following file: