24define(
'IL_LDAP_BIND_DEFAULT', 0);
 
   25define(
'IL_LDAP_BIND_ADMIN', 1);
 
   26define(
'IL_LDAP_BIND_TEST', 2);
 
   27define(
'IL_LDAP_BIND_AUTH', 10);
 
   29include_once(
'Services/LDAP/classes/class.ilLDAPAttributeMapping.php');
 
   30include_once(
'Services/LDAP/classes/class.ilLDAPResult.php');
 
   31include_once(
'Services/LDAP/classes/class.ilLDAPQueryException.php');
 
   67            $this->ldap_server_url = $a_url;
 
   69            $this->ldap_server_url = $this->
settings->getUrl();
 
   73        $this->log = 
$GLOBALS[
'DIC']->logger()->auth();
 
  126        if (strlen($this->
settings->getGroupName())) {
 
  127            $this->log->debug(
'Searching for group members.');
 
  129            $groups = $this->
settings->getGroupNames();
 
  130            if (count($groups) <= 1) {
 
  133                foreach ($groups as $group) {
 
  138        if (!strlen($this->
settings->getGroupName()) or $this->settings->isMembershipOptional()) {
 
  139            $this->log->info(
'Start reading all users...');
 
  141            #throw new ilLDAPQueryException('LDAP: Called import of users without specifying group restrictions. NOT IMPLEMENTED YET!'); 
  143        return $this->users ? $this->users : array();
 
  157    public function query($a_search_base, $a_filter, $a_scope, $a_attributes)
 
  159        $res = $this->
queryByScope($a_scope, $a_search_base, $a_filter, $a_attributes);
 
  160        if (
$res === 
false) {
 
  163                    'DN: %s, Filter: %s, Scope: %s',
 
  178    public function modAdd($a_dn, $a_attribute)
 
  180        if (@ldap_mod_add($this->lh, $a_dn, $a_attribute)) {
 
  194        if (@ldap_mod_del($this->lh, $a_dn, $a_attribute)) {
 
  211        if (($dn = $this->
settings->getSearchBase()) && substr($dn, -1) != 
',') {
 
  214        $dn .= $this->
settings->getBaseDN();
 
  217        $filter = $this->
settings->getFilter();
 
  218        $page_filter = array(
'a',
'b',
'c',
'd',
'e',
'f',
'g',
'h',
'i',
'j',
'k',
'l',
'm',
'n',
'o',
'p',
'q',
'r',
's',
't',
'u',
'v',
'w',
'x',
'y',
'z',
'-');
 
  219        $chars = array(
'a',
'b',
'c',
'd',
'e',
'f',
'g',
'h',
'i',
'j',
'k',
'l',
'm',
'n',
'o',
'p',
'q',
'r',
's',
't',
'u',
'v',
'w',
'x',
'y',
'z');
 
  221        foreach ($page_filter as $letter) {
 
  223            $new_filter .= $filter;
 
  227                    $new_filter .= (
'(!(|');
 
  228                    foreach ($chars as $char) {
 
  229                        $new_filter .= (
'(' . $this->
settings->getUserAttribute() . 
'=' . $char . 
'*)');
 
  231                    $new_filter .= 
')))';
 
  235                    $new_filter .= (
'(' . $this->
settings->getUserAttribute() . 
'=' . $letter . 
'*))');
 
  239            $this->log->info(
'Searching with ldap search and filter ' . $new_filter . 
' in ' . $dn);
 
  244                array($this->
settings->getUserAttribute())
 
  248            if (!$tmp_result->numRows()) {
 
  249                $this->log->notice(
'No users found. Aborting.');
 
  252            $this->log->info(
'Found ' . $tmp_result->numRows() . 
' users.');
 
  253            $attribute = strtolower($this->
settings->getUserAttribute());
 
  254            foreach ($tmp_result->getRows() as 
$data) {
 
  255                if (isset(
$data[$attribute])) {
 
  258                    $this->log->warning(
'Unknown error. No user attribute found.');
 
  274        $group_names = $this->
getServer()->getGroupNames();
 
  276        if (!count($group_names)) {
 
  277            $this->
getLogger()->debug(
'No LDAP group restrictions found');
 
  281        $group_dn = $this->
getServer()->getGroupDN();
 
  284            (substr($group_dn, -1) != 
',')
 
  288        $group_dn .= $this->
getServer()->getBaseDN();
 
  290        foreach ($group_names as $group) {
 
  291            $user = $a_ldap_user_name;
 
  292            if ($this->
getServer()->enabledGroupMemberIsDN()) {
 
  293                if ($this->
getServer()->enabledEscapeDN()) {
 
  294                    $user = ldap_escape($ldap_user_data[
'dn'], 
"", LDAP_ESCAPE_FILTER);
 
  296                    $user = $ldap_user_data[
'dn'];
 
  301                '(&(%s=%s)(%s=%s)%s)',
 
  308            $this->
getLogger()->debug(
'Current group search base: ' . $group_dn);
 
  309            $this->
getLogger()->debug(
'Current group filter: ' . $filter);
 
  321            $group_result = $tmp_result->getRows();
 
  323            $this->
getLogger()->debug(
'Group query returned: ');
 
  326            if (count($group_result)) {
 
  332        if ($this->
getServer()->isMembershipOptional()) {
 
  333            $this->
getLogger()->debug(
'Group restrictions failed, checking user filter.');
 
  334            if ($this->
readUserData($a_ldap_user_name, 
true, 
true)) {
 
  335                $this->
getLogger()->debug(
'User filter matches.');
 
  339        $this->
getLogger()->debug(
'Group restrictions failed.');
 
  352        $group_name = strlen($a_name) ? $a_name : $this->
settings->getGroupName();
 
  357            $this->
settings->getGroupAttribute(),
 
  359            $this->settings->getGroupFilter()
 
  364        if (($gdn = $this->
settings->getGroupDN()) && substr($gdn, -1) != 
',') {
 
  367        $gdn .= $this->
settings->getBaseDN();
 
  369        $this->log->debug(
'Using filter ' . $filter);
 
  370        $this->log->debug(
'Using DN ' . $gdn);
 
  375            array($this->
settings->getGroupMember())
 
  379        $group_data = $tmp_result->getRows();
 
  382        if (!$tmp_result->numRows()) {
 
  383            $this->log->info(
'No group found.');
 
  387        $attribute_name = strtolower($this->
settings->getGroupMember());
 
  390        foreach ($group_data as 
$data) {
 
  391            if (is_array(
$data[$attribute_name])) {
 
  392                    $this->log->debug(
'Found ' . count(
$data[$attribute_name]) . 
' group members for group ' . 
$data[
'dn']);
 
  397                $this->
readUserData($data[$attribute_name], 
true, 
true);
 
  410    private function readUserData($a_name, $a_check_dn = 
false, $a_try_group_user_filter = 
false)
 
  412        $filter = $this->
settings->getFilter();
 
  413        if ($a_try_group_user_filter) {
 
  414            if ($this->
settings->isMembershipOptional()) {
 
  415                $filter = $this->
settings->getGroupUserFilter();
 
  420        if ($this->
settings->enabledGroupMemberIsDN() and $a_check_dn) {
 
  422            #$res = $this->queryByScope(IL_LDAP_SCOPE_BASE,$dn,$filter,$this->user_fields); 
  424            $fields = array_merge($this->user_fields, array(
'useraccountcontrol'));
 
  429                $this->
settings->getUserAttribute(),
 
  435            if (($dn = $this->
settings->getSearchBase()) && substr($dn, -1) != 
',') {
 
  438            $dn .= $this->
settings->getBaseDN();
 
  439            $fields = array_merge($this->user_fields, array(
'useraccountcontrol'));
 
  445        if (!$tmp_result->numRows()) {
 
  446            $this->log->info(
'LDAP: No user data found for: ' . $a_name);
 
  451        if ($user_data = $tmp_result->get()) {
 
  452            if (isset($user_data[
'useraccountcontrol'])) {
 
  453                if (($user_data[
'useraccountcontrol'] & 0x02)) {
 
  454                    $this->log->notice(
'LDAP: ' . $a_name . 
' account disabled.');
 
  459            $account = $user_data[strtolower($this->
settings->getUserAttribute())];
 
  460            if (is_array($account)) {
 
  461                $user_ext = strtolower(array_shift($account));
 
  463                $user_ext = strtolower($account);
 
  467            $auth_mode = $this->
settings->getAuthenticationMappingKey();
 
  469            $this->users[$user_ext] = $user_data;
 
  480        return $this->
settings->getAuthenticationMappingKey();
 
  492    private function queryByScope($a_scope, $a_base_dn, $a_filter, $a_attributes)
 
  494        $a_filter = $a_filter ? $a_filter : 
"(objectclass=*)";
 
  498                $res = @ldap_search($this->lh, $a_base_dn, $a_filter, $a_attributes);
 
  502                $res = @ldap_list($this->lh, $a_base_dn, $a_filter, $a_attributes);
 
  507                $res = @ldap_read($this->lh, $a_base_dn, $a_filter, $a_attributes);
 
  511                $this->log->warning(
"LDAP: LDAPQuery: Unknown search scope");
 
  514        $error = ldap_error($this->lh);
 
  515        if (strcmp(
'Success', $error) !== 0) {
 
  517            $this->
getLogger()->warning(
'Base DN:' . $a_base_dn);
 
  518            $this->
getLogger()->warning(
'Filter: ' . $a_filter);
 
  533        $this->lh = @ldap_connect($this->ldap_server_url);
 
  540        if (!ldap_set_option($this->lh, LDAP_OPT_PROTOCOL_VERSION, $this->
settings->getVersion())) {
 
  544        if ($this->
settings->isActiveReferrer()) {
 
  545            if (!ldap_set_option($this->lh, LDAP_OPT_REFERRALS, 
true)) {
 
  548            #@ldap_set_rebind_proc($this->lh,'referralRebind'); 
  550            ldap_set_option($this->lh, LDAP_OPT_REFERRALS, 
false);
 
  551            $this->log->debug(
'Switching referrals to false.');
 
  554        if ($this->
settings->isActiveTLS()) {
 
  555            if (!ldap_start_tls($this->lh)) {
 
  571        switch ($a_binding_type) {
 
  580                    strlen($this->
settings->getBindUser())
 
  585                    define(
'IL_LDAP_REBIND_USER', 
$user);
 
  586                    define(
'IL_LDAP_REBIND_PASS', 
$pass);
 
  587                    $this->log->debug(
'Bind as ' . 
$user);
 
  590                    $this->log->debug(
'Bind anonymous');
 
  603                define(
'IL_LDAP_REBIND_USER', 
$user);
 
  604                define(
'IL_LDAP_REBIND_PASS', 
$pass);
 
  608                $this->log->debug(
'Trying to bind as: ' . $a_user_dn);
 
  619            throw new ilLDAPQueryException(
'LDAP: Cannot bind as ' . 
$user . 
' with message: ' . ldap_err2str(ldap_errno($this->lh)) . 
' Trying fallback...', ldap_errno($this->lh));
 
  621            $this->log->debug(
'Bind successful.');
 
  634        include_once(
'Services/LDAP/classes/class.ilLDAPRoleAssignmentRules.php');
 
  636        $this->user_fields = array_merge(
 
  637            array($this->
settings->getUserAttribute()),
 
  639            $this->mapping->getFields(),
 
  655            @ldap_unbind($this->lh);
 
  670            @ldap_unbind($this->lh);
 
  681    $ilLog->write(
'LDAP: Called referralRebind.');
 
  683    ldap_set_option($a_ds, LDAP_OPT_PROTOCOL_VERSION, 3);
 
  685    if (!ldap_bind($a_ds, IL_LDAP_REBIND_USER, IL_LDAP_REBIND_PASS)) {
 
  686        $ilLog->write(
'LDAP: Rebind failed');
 
An exception for terminatinating execution or to throw for unit testing.
const IL_LDAP_BIND_DEFAULT
referralRebind($a_ds, $a_url)
static _getInstanceByServerId($a_server_id)
Get instance of class.
modAdd($a_dn, $a_attribute)
Add value to an existing attribute.
fetchUsers()
Fetch all users.
queryByScope($a_scope, $a_base_dn, $a_filter, $a_attributes)
Query by scope IL_SCOPE_SUB => ldap_search IL_SCOPE_ONE => ldap_list.
fetchGroupMembers($a_name='')
Fetch group member ids.
fetchUserProfileFields()
fetch required fields of user profile data
bind($a_binding_type=IL_LDAP_BIND_DEFAULT, $a_user_dn='', $a_password='')
Bind to LDAP server.
connect()
Connect to LDAP server.
parseAuthMode()
Parse authentication mode.
readUserData($a_name, $a_check_dn=false, $a_try_group_user_filter=false)
Read user data.
__destruct()
Destructor unbind from ldap server.
readAllUsers()
Fetch all users This function splits the query to filters like e.g (uid=a*) (uid=b*)....
__construct(ilLDAPServer $a_server, $a_url='')
Constructur.
fetchUser($a_name)
Get one user by login name.
checkGroupMembership($a_ldap_user_name, $ldap_user_data)
check group membership
query($a_search_base, $a_filter, $a_scope, $a_attributes)
Perform a query.
modDelete($a_dn, $a_attribute)
Delete value from an existing attribute.
static getAttributeNames($a_server_id)
get all possible attribute names
const DEFAULT_NETWORK_TIMEOUT
static _checkExternalAuthAccount($a_auth, $a_account, $tryFallback=true)
check whether external account and authentication method matches with a user
$GLOBALS['JPEG_Segment_Names']
Global Variable: XMP_tag_captions.
foreach($_POST as $key=> $value) $res