ILIAS  release_5-4 Revision v5.4.26-12-gabc799a52e6
class.ilLDAPServer.php
Go to the documentation of this file.
1 <?php
2 
3 /* Copyright (c) 1998-2009 ILIAS open source, Extended GPL, see docs/LICENSE */
4 
5 define('IL_LDAP_BIND_ANONYMOUS', 0);
6 define('IL_LDAP_BIND_USER', 1);
7 
8 define('IL_LDAP_SCOPE_SUB', 0);
9 define('IL_LDAP_SCOPE_ONE', 1);
10 define('IL_LDAP_SCOPE_BASE', 2);
11 
24 class ilLDAPServer
25 {
26  private static $instances = array();
27 
28  const DEBUG = false;
29  const DEFAULT_VERSION = 3;
30  const DEFAULT_NETWORK_TIMEOUT = 5;
31 
32  private $role_bind_dn = '';
33  private $role_bind_pass = '';
34  private $role_sync_active = 0;
35 
36  private $server_id = null;
37  private $fallback_urls = array();
38 
39  private $enabled_authentication = true;
40  private $authentication_mapping = 0;
41  private $escape_dn = false;
42 
43  public function __construct($a_server_id = 0)
44  {
45  global $DIC;
46 
47  $ilDB = $DIC['ilDB'];
48  $lng = $DIC['lng'];
49 
50  $this->db = $ilDB;
51  $this->lng = $lng;
52  $this->server_id = $a_server_id;
53 
54  $this->read();
55  }
56 
62  public static function getInstanceByServerId($a_server_id)
63  {
64  if (isset(self::$instances[$a_server_id])) {
65  return self::$instances[$a_server_id];
66  }
67  return self::$instances[$a_server_id] = new ilLDAPServer($a_server_id);
68  }
69 
74  public function rotateFallbacks()
75  {
76  global $DIC;
77 
78  $ilDB = $DIC['ilDB'];
79 
80  if (!$this->fallback_urls) {
81  return false;
82  }
83 
84  $all_urls = array_merge($this->fallback_urls);
85  $all_urls[] = $this->getUrl();
86 
87  $query = 'UPDATE ldap_server_settings SET ' .
88  'url = ' . $ilDB->quote(implode(',', $all_urls), 'text') . ' ' .
89  'WHERE server_id = ' . $ilDB->quote($this->getServerId(), 'integer');
90  $ilDB->manipulate($query);
91  return true;
92  }
93 
94 
99  public static function checkLDAPLib()
100  {
101  return function_exists('ldap_bind');
102  }
103 
109  public static function _getActiveServerList()
110  {
111  global $DIC;
112 
113  $ilDB = $DIC['ilDB'];
114 
115  $query = "SELECT server_id FROM ldap_server_settings " .
116  "WHERE active = 1 AND authentication = 1 " .
117  "ORDER BY name ";
118  $res = $ilDB->query($query);
119  $server_ids = array();
120  while ($row = $ilDB->fetchObject($res)) {
121  $server_ids[] = $row->server_id;
122  }
123  return $server_ids;
124  }
125 
131  public static function _getCronServerIds()
132  {
133  global $DIC;
134 
135  $ilDB = $DIC['ilDB'];
136 
137  $query = "SELECT server_id FROM ldap_server_settings " .
138  "WHERE active = 1 " .
139  "AND sync_per_cron = 1 " .
140  "ORDER BY name";
141 
142  $res = $ilDB->query($query);
143  while ($row = $ilDB->fetchObject($res)) {
144  $server_ids[] = $row->server_id;
145  }
146  return $server_ids ? $server_ids : array();
147  }
148 
156  public static function _getRoleSyncServerIds()
157  {
158  global $DIC;
159 
160  $ilDB = $DIC['ilDB'];
161 
162  $query = "SELECT server_id FROM ldap_server_settings " .
163  "WHERE active = 1 " .
164  "AND role_sync_active = 1 ";
165 
166  $res = $ilDB->query($query);
167  $server_ids = array();
168  while ($row = $ilDB->fetchObject($res)) {
169  $server_ids[] = $row->server_id;
170  }
171  return $server_ids;
172  }
173 
181  public static function _getPasswordServers()
182  {
183  return ilLDAPServer::_getActiveServerList();
184  }
185 
186 
192  public static function _getFirstActiveServer()
193  {
194  $servers = ilLDAPServer::_getActiveServerList();
195  if (count($servers)) {
196  return $servers[0];
197  }
198  return 0;
199  }
200 
206  public static function _getServerList()
207  {
208  global $DIC;
209 
210  $ilDB = $DIC['ilDB'];
211 
212  $query = "SELECT server_id FROM ldap_server_settings ORDER BY name";
213 
214  $res = $ilDB->query($query);
215  while ($row = $ilDB->fetchObject($res)) {
216  $server_ids[] = $row->server_id;
217  }
218  return $server_ids ? $server_ids : array();
219  }
220 
226  public static function getServerIds()
227  {
228  global $DIC;
229 
230  $ilDB = $DIC['ilDB'];
231 
232  $query = "SELECT server_id FROM ldap_server_settings ORDER BY name";
233 
234 
235  $res = $ilDB->query($query);
236 
237  $server = array();
238  while ($row = $res->fetchRow(ilDBConstants::FETCHMODE_OBJECT)) {
239  $server[] = $row->server_id;
240  }
241  return $server;
242  }
243 
249  public static function _getAllServer()
250  {
251  global $DIC;
252 
253  $ilDB = $DIC['ilDB'];
254 
255  $query = "SELECT * FROM ldap_server_settings ORDER BY name";
256 
257  $server = array();
258 
259  $res = $ilDB->query($query);
260  while ($row = $ilDB->fetchAssoc($res)) {
261  $server[] = $row;
262  }
263  return $server;
264  }
265 
266  /*
267  * Get first server id
268  *
269  * @return integer server_id
270  */
271  public static function _getFirstServer()
272  {
273  $servers = ilLDAPServer::_getServerList();
274 
275  if (count($servers)) {
276  return $servers[0];
277  }
278  return 0;
279  }
280 
281 
282  public static function getAvailableDataSources($a_auth_mode)
283  {
284  global $DIC;
285 
286  $ilDB = $DIC['ilDB'];
287 
288  $query = "SELECT server_id FROM ldap_server_settings " .
289  "WHERE active = " . $ilDB->quote(1, 'integer') . " " .
290  "AND authentication = " . $ilDB->quote(0, 'integer') . " " .
291  "AND ( authentication_type = " . $ilDB->quote($a_auth_mode, 'integer') . " " .
292  "OR authentication_type = " . $ilDB->quote(0, 'integer') . ")";
293  $res = $ilDB->query($query);
294 
295  $server_ids = array();
296  while ($row = $res->fetchRow(ilDBConstants::FETCHMODE_OBJECT)) {
297  $server_ids[] = $row->server_id;
298  }
299  return $server_ids;
300  }
301 
308  public static function isDataSourceActive($a_auth_mode)
309  {
310  global $DIC;
311 
312  $ilDB = $DIC['ilDB'];
313 
314  $query = "SELECT server_id FROM ldap_server_settings " .
315  "WHERE authentication_type = " . $ilDB->quote($a_auth_mode, 'integer') . " " .
316  "AND authentication = " . $ilDB->quote(0, 'integer');
317  $res = $ilDB->query($query);
318  while ($row = $res->fetchRow(ilDBConstants::FETCHMODE_OBJECT)) {
319  return true;
320  }
321  return false;
322  }
323 
324  public static function getDataSource($a_auth_mode)
325  {
326  global $DIC;
327 
328  $ilDB = $DIC['ilDB'];
329 
330  $query = "SELECT server_id FROM ldap_server_settings " .
331  "WHERE authentication_type = " . $ilDB->quote($a_auth_mode, 'integer') . " ";
332  $res = $ilDB->query($query);
333  while ($row = $res->fetchRow(ilDBConstants::FETCHMODE_OBJECT)) {
334  return $row->server_id;
335  }
336  return 0;
337  }
338 
342  public static function disableDataSourceForAuthMode($a_authmode)
343  {
344  global $DIC;
345 
346  $ilDB = $DIC['ilDB'];
347 
348  $query = 'UPDATE ldap_server_settings ' .
349  'SET authentication_type = ' . $ilDB->quote(0, 'integer') . ' ' .
350  'WHERE authentication_type = ' . $ilDB->quote($a_authmode, 'integer');
351  $ilDB->manipulate($query);
352  return true;
353  }
354 
355 
356 
363  public static function toggleDataSource($a_ldap_server_id, $a_auth_mode, $a_status)
364  {
365  global $DIC;
366 
367  $ilDB = $DIC['ilDB'];
368 
369  self::disableDataSourceForAuthMode($a_auth_mode);
370 
371  if ($a_status) {
372  $query = "UPDATE ldap_server_settings " .
373  'SET authentication_type = ' . $ilDB->quote($a_auth_mode, 'integer') . " " .
374  'WHERE server_id = ' . $ilDB->quote($a_ldap_server_id, 'integer');
375  $ilDB->manipulate($query);
376  }
377  return true;
378  }
379 
380  // begin-patch ldap_multiple
385  public static function isAuthModeLDAP($a_auth_mode)
386  {
387  if (!$a_auth_mode) {
388  $GLOBALS['DIC']['ilLog']->write(__METHOD__ . ': No auth mode given..............');
389  return false;
390  }
391  $auth_arr = explode('_', $a_auth_mode);
392  return ($auth_arr[0] == AUTH_LDAP) and $auth_arr[1];
393  }
394 
400  public static function getServerIdByAuthMode($a_auth_mode)
401  {
402  if (self::isAuthModeLDAP($a_auth_mode)) {
403  $auth_arr = explode('_', $a_auth_mode);
404  return $auth_arr[1];
405  }
406  return null;
407  }
408 
413  public static function getAuthModeByKey($a_auth_key)
414  {
415  $auth_arr = explode('_', $a_auth_key);
416  if (count((array) $auth_arr) > 1) {
417  return 'ldap_' . $auth_arr[1];
418  }
419  return 'ldap';
420  }
421 
427  public static function getKeyByAuthMode($a_auth_mode)
428  {
429  $auth_arr = explode('_', $a_auth_mode);
430  if (count((array) $auth_arr) > 1) {
431  return AUTH_LDAP . '_' . $auth_arr[1];
432  }
433  return AUTH_LDAP;
434  }
435 
436  // end-patch ldap_multiple
437 
438  // Set/Get
439  public function getServerId()
440  {
441  return $this->server_id;
442  }
443 
448  public function enableAuthentication($a_status)
449  {
450  $this->enabled_authentication = (bool) $a_status;
451  }
452 
457  public function isAuthenticationEnabled()
458  {
459  return (bool) $this->enabled_authentication;
460  }
461 
466  public function setAuthenticationMapping($a_map)
467  {
468  $this->authentication_mapping = $a_map;
469  }
470 
475  public function getAuthenticationMapping()
476  {
477  return $this->authentication_mapping;
478  }
479 
485  public function getAuthenticationMappingKey()
486  {
487  if ($this->isAuthenticationEnabled() or !$this->getAuthenticationMapping()) {
488  // begin-patch ldap_multiple
489  return 'ldap_' . $this->getServerId();
490  #return 'ldap';
491  // end-patch ldap_multiple
492  }
493  return ilAuthUtils::_getAuthModeName($this->getAuthenticationMapping());
494  }
495 
496  public function toggleActive($a_status)
497  {
498  $this->active = $a_status;
499  }
500  public function isActive()
501  {
502  return $this->active;
503  }
504  public function getUrl()
505  {
506  return $this->url;
507  }
508  public function setUrl($a_url)
509  {
510  $this->url_string = $a_url;
511 
512  // Maybe there are more than one url's (comma seperated).
513  $urls = explode(',', $a_url);
514 
515  $counter = 0;
516  foreach ($urls as $url) {
517  $url = trim($url);
518  if (!$counter++) {
519  $this->url = $url;
520  } else {
521  $this->fallback_urls[] = $url;
522  }
523  }
524  }
525  public function getUrlString()
526  {
527  return $this->url_string;
528  }
529 
537  public function doConnectionCheck()
538  {
539  include_once('Services/LDAP/classes/class.ilLDAPQuery.php');
540 
541  foreach (array_merge(array(0 => $this->url), $this->fallback_urls) as $url) {
542  try {
543  ilLoggerFactory::getLogger('auth')->debug('Using url: ' . $url);
544  // Need to do a full bind, since openldap return valid connection links for invalid hosts
545  $query = new ilLDAPQuery($this, $url);
546  $query->bind(IL_LDAP_BIND_TEST);
547  $this->url = $url;
548  return true;
549  } catch (ilLDAPQueryException $exc) {
550  $this->rotateFallbacks();
551  ilLoggerFactory::getLogger('auth')->error('Cannot connect to LDAP server: ' . $url . ' ' . $exc->getCode() . ' ' . $exc->getMessage());
552  }
553  }
554  ilLoggerFactory::getLogger('auth')->warning('No valid LDAP server found');
555  return false;
556  }
557 
558 
559  public function getName()
560  {
561  return $this->name;
562  }
563  public function setName($a_name)
564  {
565  $this->name = $a_name;
566  }
567  public function getVersion()
568  {
569  return $this->version ? $this->version : self::DEFAULT_VERSION;
570  }
571  public function setVersion($a_version)
572  {
573  $this->version = $a_version;
574  }
575  public function getBaseDN()
576  {
577  return $this->base_dn;
578  }
579  public function setBaseDN($a_base_dn)
580  {
581  $this->base_dn = $a_base_dn;
582  }
583  public function isActiveReferrer()
584  {
585  return $this->referrals ? true : false;
586  }
587  public function toggleReferrer($a_status)
588  {
589  $this->referrals = $a_status;
590  }
591  public function isActiveTLS()
592  {
593  return $this->tls ? true : false;
594  }
595  public function toggleTLS($a_status)
596  {
597  $this->tls = $a_status;
598  }
599  public function getBindingType()
600  {
601  return $this->binding_type;
602  }
603  public function setBindingType($a_type)
604  {
605  if ($a_type == IL_LDAP_BIND_USER) {
606  $this->binding_type = IL_LDAP_BIND_USER;
607  } else {
608  $this->binding_type = IL_LDAP_BIND_ANONYMOUS;
609  }
610  }
611  public function getBindUser()
612  {
613  return $this->bind_user;
614  }
615  public function setBindUser($a_user)
616  {
617  $this->bind_user = $a_user;
618  }
619  public function getBindPassword()
620  {
621  return $this->bind_password;
622  }
623  public function setBindPassword($a_password)
624  {
625  $this->bind_password = $a_password;
626  }
627  public function getSearchBase()
628  {
629  return $this->search_base;
630  }
631  public function setSearchBase($a_search_base)
632  {
633  $this->search_base = $a_search_base;
634  }
635  public function getUserAttribute()
636  {
637  return $this->user_attribute;
638  }
639  public function setUserAttribute($a_user_attr)
640  {
641  $this->user_attribute = $a_user_attr;
642  }
643  public function getFilter()
644  {
645  return $this->prepareFilter($this->filter);
646  }
647  public function setFilter($a_filter)
648  {
649  $this->filter = $a_filter;
650  }
651  public function getGroupDN()
652  {
653  return $this->group_dn;
654  }
655  public function setGroupDN($a_value)
656  {
657  $this->group_dn = $a_value;
658  }
659  public function getGroupFilter()
660  {
661  return $this->prepareFilter($this->group_filter);
662  }
663  public function setGroupFilter($a_value)
664  {
665  $this->group_filter = $a_value;
666  }
667  public function getGroupMember()
668  {
669  return $this->group_member;
670  }
671  public function setGroupMember($a_value)
672  {
673  $this->group_member = $a_value;
674  }
675  public function getGroupName()
676  {
677  return $this->group_name;
678  }
679  public function setGroupName($a_value)
680  {
681  $this->group_name = $a_value;
682  }
683 
688  public function getGroupNames()
689  {
690  $names = explode(',', $this->getGroupName());
691 
692  if (!is_array($names)) {
693  return array();
694  }
695 
696  return array_filter(array_map('trim', $names));
697  }
698 
699 
700  public function getGroupAttribute()
701  {
702  return $this->group_attribute;
703  }
704  public function setGroupAttribute($a_value)
705  {
706  $this->group_attribute = $a_value;
707  }
708 
709  public function toggleMembershipOptional($a_status)
710  {
711  $this->group_optional = (bool) $a_status;
712  }
713  public function isMembershipOptional()
714  {
715  return (bool) $this->group_optional;
716  }
717  public function setGroupUserFilter($a_filter)
718  {
719  $this->group_user_filter = $a_filter;
720  }
721  public function getGroupUserFilter()
722  {
723  return $this->group_user_filter;
724  }
725 
726  public function enabledGroupMemberIsDN()
727  {
728  return (bool) $this->memberisdn;
729  }
730  public function enableGroupMemberIsDN($a_value)
731  {
732  $this->memberisdn = (bool) $a_value;
733  }
734  public function setGroupScope($a_value)
735  {
736  $this->group_scope = $a_value;
737  }
738  public function getGroupScope()
739  {
740  return $this->group_scope;
741  }
742  public function setUserScope($a_value)
743  {
744  $this->user_scope = $a_value;
745  }
746  public function getUserScope()
747  {
748  return $this->user_scope;
749  }
750  public function enabledSyncOnLogin()
751  {
752  return $this->sync_on_login;
753  }
754  public function enableSyncOnLogin($a_value)
755  {
756  $this->sync_on_login = (int) $a_value;
757  }
758  public function enabledSyncPerCron()
759  {
760  return $this->sync_per_cron;
761  }
762  public function enableSyncPerCron($a_value)
763  {
764  $this->sync_per_cron = (int) $a_value;
765  }
766  public function setGlobalRole($a_role)
767  {
768  $this->global_role = $a_role;
769  }
770  public function getRoleBindDN()
771  {
772  return $this->role_bind_dn;
773  }
774  public function setRoleBindDN($a_value)
775  {
776  $this->role_bind_dn = $a_value;
777  }
778  public function getRoleBindPassword()
779  {
780  return $this->role_bind_pass;
781  }
782  public function setRoleBindPassword($a_value)
783  {
784  $this->role_bind_pass = $a_value;
785  }
786  public function enabledRoleSynchronization()
787  {
788  return $this->role_sync_active;
789  }
790  public function enableRoleSynchronization($a_value)
791  {
792  $this->role_sync_active = $a_value;
793  }
794  // start Patch Name Filter
795  public function getUsernameFilter()
796  {
797  return $this->username_filter;
798  }
799  public function setUsernameFilter($a_value)
800  {
801  $this->username_filter = $a_value;
802  }
803 
804  public function enableEscapeDN(bool $a_value)
805  {
806  $this->escape_dn = $a_value;
807  }
808 
809  public function enabledEscapeDN() : bool
810  {
811  return $this->escape_dn;
812  }
813 
821  public function enableAccountMigration($a_status)
822  {
823  $this->account_migration = $a_status;
824  }
825 
832  public function isAccountMigrationEnabled()
833  {
834  return $this->account_migration ? true : false;
835  }
836 
837 
843  public function validate()
844  {
845  global $DIC;
846 
847  $ilErr = $DIC['ilErr'];
848 
849  $ilErr->setMessage('');
850  if (!strlen($this->getName()) ||
851  !strlen($this->getUrl()) ||
852  !strlen($this->getBaseDN()) ||
853  !strlen($this->getUserAttribute())) {
854  $ilErr->setMessage($this->lng->txt('fill_out_all_required_fields'));
855  }
856 
857  if ($this->getBindingType() == IL_LDAP_BIND_USER
858  && (!strlen($this->getBindUser()) || !strlen($this->getBindPassword()))) {
859  $ilErr->appendMessage($this->lng->txt('ldap_missing_bind_user'));
860  }
861 
862  if (($this->enabledSyncPerCron() or $this->enabledSyncOnLogin()) and !$this->global_role) {
863  $ilErr->appendMessage($this->lng->txt('ldap_missing_role_assignment'));
864  }
865  if ($this->getVersion() == 2 and $this->isActiveTLS()) {
866  $ilErr->appendMessage($this->lng->txt('ldap_tls_conflict'));
867  }
868 
869  return strlen($ilErr->getMessage()) ? false : true;
870  }
871 
872  public function create()
873  {
874  global $DIC;
875 
876  $ilDB = $DIC['ilDB'];
877  $next_id = $ilDB->nextId('ldap_server_settings');
878 
879  $query = 'INSERT INTO ldap_server_settings (server_id,active,name,url,version,base_dn,referrals,tls,bind_type,bind_user,bind_pass,' .
880  'search_base,user_scope,user_attribute,filter,group_dn,group_scope,group_filter,group_member,group_memberisdn,group_name,' .
881  'group_attribute,group_optional,group_user_filter,sync_on_login,sync_per_cron,role_sync_active,role_bind_dn,role_bind_pass,migration, ' .
882  'authentication,authentication_type,username_filter, escape_dn) ' .
883  'VALUES (%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s)';
884  $res = $ilDB->queryF(
885  $query,
886  array(
887  'integer','integer','text','text','integer','text','integer','integer','integer','text','text','text','integer',
888  'text','text','text','integer','text','text','integer','text','text','integer','text','integer','integer','integer',
889  'text','text', 'integer','integer','integer',"text", 'integer'),
890  array(
891  $next_id,
892  $this->isActive(),
893  $this->getName(),
894  $this->getUrlString(),
895  $this->getVersion(),
896  $this->getBaseDN(),
897  $this->isActiveReferrer(),
898  $this->isActiveTLS(),
899  $this->getBindingType(),
900  $this->getBindUser(),
901  $this->getBindPassword(),
902  $this->getSearchBase(),
903  $this->getUserScope(),
904  $this->getUserAttribute(),
905  $this->getFilter(),
906  $this->getGroupDN(),
907  $this->getGroupScope(),
908  $this->getGroupFilter(),
909  $this->getGroupMember(),
910  $this->enabledGroupMemberIsDN(),
911  $this->getGroupName(),
912  $this->getGroupAttribute(),
913  $this->isMembershipOptional(),
914  $this->getGroupUserFilter(),
915  $this->enabledSyncOnLogin(),
916  $this->enabledSyncPerCron(),
917  $this->enabledRoleSynchronization(),
918  $this->getRoleBindDN(),
919  $this->getRoleBindPassword(),
920  $this->isAccountMigrationEnabled(),
921  $this->isAuthenticationEnabled(),
922  $this->getAuthenticationMapping(),
923  $this->getUsernameFilter(),
924  (int) $this->enabledEscapeDN()
925  )
926  );
927  // end Patch Name Filter
928  $this->server_id = $next_id;
929  return $next_id;
930  }
931 
932  public function update()
933  {
934  global $DIC;
935 
936  $ilDB = $DIC['ilDB'];
937 
938  $query = "UPDATE ldap_server_settings SET " .
939  "active = " . $this->db->quote($this->isActive(), 'integer') . ", " .
940  "name = " . $this->db->quote($this->getName(), 'text') . ", " .
941  "url = " . $this->db->quote($this->getUrlString(), 'text') . ", " .
942  "version = " . $this->db->quote($this->getVersion(), 'integer') . ", " .
943  "base_dn = " . $this->db->quote($this->getBaseDN(), 'text') . ", " .
944  "referrals = " . $this->db->quote($this->isActiveReferrer(), 'integer') . ", " .
945  "tls = " . $this->db->quote($this->isActiveTLS(), 'integer') . ", " .
946  "bind_type = " . $this->db->quote($this->getBindingType(), 'integer') . ", " .
947  "bind_user = " . $this->db->quote($this->getBindUser(), 'text') . ", " .
948  "bind_pass = " . $this->db->quote($this->getBindPassword(), 'text') . ", " .
949  "search_base = " . $this->db->quote($this->getSearchBase(), 'text') . ", " .
950  "user_scope = " . $this->db->quote($this->getUserScope(), 'integer') . ", " .
951  "user_attribute = " . $this->db->quote($this->getUserAttribute(), 'text') . ", " .
952  "filter = " . $this->db->quote($this->getFilter(), 'text') . ", " .
953  "group_dn = " . $this->db->quote($this->getGroupDN(), 'text') . ", " .
954  "group_scope = " . $this->db->quote($this->getGroupScope(), 'integer') . ", " .
955  "group_filter = " . $this->db->quote($this->getGroupFilter(), 'text') . ", " .
956  "group_member = " . $this->db->quote($this->getGroupMember(), 'text') . ", " .
957  "group_memberisdn =" . $this->db->quote((int) $this->enabledGroupMemberIsDN(), 'integer') . ", " .
958  "group_name = " . $this->db->quote($this->getGroupName(), 'text') . ", " .
959  "group_attribute = " . $this->db->quote($this->getGroupAttribute(), 'text') . ", " .
960  "group_optional = " . $this->db->quote((int) $this->isMembershipOptional(), 'integer') . ", " .
961  "group_user_filter = " . $this->db->quote($this->getGroupUserFilter(), 'text') . ", " .
962  "sync_on_login = " . $this->db->quote(($this->enabledSyncOnLogin() ? 1 : 0), 'integer') . ", " .
963  "sync_per_cron = " . $this->db->quote(($this->enabledSyncPerCron() ? 1 : 0), 'integer') . ", " .
964  "role_sync_active = " . $this->db->quote($this->enabledRoleSynchronization(), 'integer') . ", " .
965  "role_bind_dn = " . $this->db->quote($this->getRoleBindDN(), 'text') . ", " .
966  "role_bind_pass = " . $this->db->quote($this->getRoleBindPassword(), 'text') . ", " .
967  "migration = " . $this->db->quote((int) $this->isAccountMigrationEnabled(), 'integer') . ", " .
968  'authentication = ' . $this->db->quote((int) $this->isAuthenticationEnabled(), 'integer') . ', ' .
969  'authentication_type = ' . $this->db->quote((int) $this->getAuthenticationMapping(), 'integer') . ' ' .
970  ", username_filter = " . $this->db->quote($this->getUsernameFilter(), "text") . " " .
971  ", escape_dn = " . $this->db->quote($this->enabledEscapeDN() ? 1 : 0, 'integer') . " " .
972  "WHERE server_id = " . $this->db->quote($this->getServerId(), 'integer');
973 
974  $res = $ilDB->manipulate($query);
975  return true;
976  }
977 
981  public function delete()
982  {
983  if (!$this->getServerId()) {
984  return false;
985  }
986 
987  include_once 'Services/LDAP/classes/class.ilLDAPAttributeMapping.php';
988  ilLDAPAttributeMapping::_delete($this->getServerId());
989 
990  include_once 'Services/LDAP/classes/class.ilLDAPRoleAssignmentRule.php';
991  $rules = ilLDAPRoleAssignmentRule::_getRules($this->getServerId());
992 
993  foreach ($rules as $ruleAssigment) {
994  $ruleAssigment->delete();
995  }
996 
997  include_once 'Services/LDAP/classes/class.ilLDAPRoleGroupMappingSettings.php';
998  ilLDAPRoleGroupMappingSettings::_deleteByServerId($this->getServerId());
999 
1000  $query = "DELETE FROM ldap_server_settings " .
1001  "WHERE server_id = " . $this->db->quote($this->getServerId(), 'integer');
1002  $res = $this->db->manipulate($query);
1003  }
1004 
1010  public function toPearAuthArray()
1011  {
1012  $options = array(
1013  'url' => $this->getUrl(),
1014  'version' => (int) $this->getVersion(),
1015  'referrals' => (bool) $this->isActiveReferrer());
1016 
1017  if ($this->getBindingType() == IL_LDAP_BIND_USER) {
1018  $options['binddn'] = $this->getBindUser();
1019  $options['bindpw'] = $this->getBindPassword();
1020  }
1021  $options['basedn'] = $this->getBaseDN();
1022  $options['start_tls'] = (bool) $this->isActiveTLS();
1023  $options['userdn'] = $this->getSearchBase();
1024  switch ($this->getUserScope()) {
1025  case IL_LDAP_SCOPE_ONE:
1026  $options['userscope'] = 'one';
1027  break;
1028  default:
1029  $options['userscope'] = 'sub';
1030  break;
1031  }
1032 
1033  $options['userattr'] = $this->getUserAttribute();
1034  $options['userfilter'] = $this->getFilter();
1035  $options['attributes'] = $this->getPearAtributeArray();
1036  $options['debug'] = self::DEBUG;
1037 
1038  if (@include_once('Log.php')) {
1039  if (@include_once('Log/observer.php')) {
1040  $options['enableLogging'] = true;
1041  }
1042  }
1043  switch ($this->getGroupScope()) {
1044  case IL_LDAP_SCOPE_BASE:
1045  $options['groupscope'] = 'base';
1046  break;
1047  case IL_LDAP_SCOPE_ONE:
1048  $options['groupscope'] = 'one';
1049  break;
1050  default:
1051  $options['groupscope'] = 'sub';
1052  break;
1053  }
1054  $options['escape_dn'] = $this->enabledEscapeDN();
1055  $options['groupdn'] = $this->getGroupDN();
1056  $options['groupattr'] = $this->getGroupAttribute();
1057  $options['groupfilter'] = $this->getGroupFilter();
1058  $options['memberattr'] = $this->getGroupMember();
1059  $options['memberisdn'] = $this->enabledGroupMemberIsDN();
1060  $options['group'] = $this->getGroupName();
1061 
1062 
1063  return $options;
1064  }
1065 
1073  private function prepareFilter($a_filter)
1074  {
1075  $filter = trim($a_filter);
1076 
1077  if (!strlen($filter)) {
1078  return $filter;
1079  }
1080 
1081  if (strpos($filter, '(') !== 0) {
1082  $filter = ('(' . $filter);
1083  }
1084  if (substr($filter, -1) != ')') {
1085  $filter = ($filter . ')');
1086  }
1087  return $filter;
1088  }
1089 
1097  private function getPearAtributeArray()
1098  {
1099  if ($this->enabledSyncOnLogin()) {
1100  include_once('Services/LDAP/classes/class.ilLDAPAttributeMapping.php');
1101  include_once('Services/LDAP/classes/class.ilLDAPRoleAssignmentRules.php');
1102  $mapping = ilLDAPAttributeMapping::_getInstanceByServerId($this->getServerId());
1103  return array_merge(
1104  array($this->getUserAttribute()),
1105  $mapping->getFields(),
1106  array('dn'),
1107  ilLDAPRoleAssignmentRules::getAttributeNames($this->getServerId())
1108  );
1109  } else {
1110  return array($this->getUserAttribute());
1111  }
1112  }
1113 
1114 
1115 
1120  private function read()
1121  {
1122  if (!$this->server_id) {
1123  return true;
1124  }
1125  $query = "SELECT * FROM ldap_server_settings WHERE server_id = " . $this->db->quote($this->server_id) . "";
1126 
1127  $res = $this->db->query($query);
1128  while ($row = $res->fetchRow(ilDBConstants::FETCHMODE_OBJECT)) {
1129  $this->toggleActive($row->active);
1130  $this->setName($row->name);
1131  $this->setUrl($row->url);
1132  $this->setVersion($row->version);
1133  $this->setBaseDN($row->base_dn);
1134  $this->toggleReferrer($row->referrals);
1135  $this->toggleTLS($row->tls);
1136  $this->setBindingType($row->bind_type);
1137  $this->setBindUser($row->bind_user);
1138  $this->setBindPassword($row->bind_pass);
1139  $this->setSearchBase($row->search_base);
1140  $this->setUserScope($row->user_scope);
1141  $this->setUserAttribute($row->user_attribute);
1142  $this->setFilter($row->filter);
1143  $this->setGroupDN($row->group_dn);
1144  $this->setGroupScope($row->group_scope);
1145  $this->setGroupFilter($row->group_filter);
1146  $this->setGroupMember($row->group_member);
1147  $this->setGroupAttribute($row->group_attribute);
1148  $this->toggleMembershipOptional($row->group_optional);
1149  $this->setGroupUserFilter($row->group_user_filter);
1150  $this->enableGroupMemberIsDN($row->group_memberisdn);
1151  $this->setGroupName($row->group_name);
1152  $this->enableSyncOnLogin($row->sync_on_login);
1153  $this->enableSyncPerCron($row->sync_per_cron);
1154  $this->enableRoleSynchronization($row->role_sync_active);
1155  $this->setRoleBindDN($row->role_bind_dn);
1156  $this->setRoleBindPassword($row->role_bind_pass);
1157  $this->enableAccountMigration($row->migration);
1158  $this->enableAuthentication($row->authentication);
1159  $this->setAuthenticationMapping($row->authentication_type);
1160  $this->setUsernameFilter($row->username_filter);
1161  $this->enableEscapeDN($row->escape_dn);
1162  }
1163  }
1164 }
ilLDAPServer\checkLDAPLib
static checkLDAPLib()
Check if ldap module is installed.
Definition: class.ilLDAPServer.php:99
ilLDAPServer\__construct
__construct($a_server_id=0)
Definition: class.ilLDAPServer.php:43
ilLDAPServer\_getFirstActiveServer
static _getFirstActiveServer()
Get first active server.
Definition: class.ilLDAPServer.php:192
ilLDAPServer\prepareFilter
prepareFilter($a_filter)
Create brackets for filters if they do not exist.
Definition: class.ilLDAPServer.php:1073
ilLDAPServer\setVersion
setVersion($a_version)
Definition: class.ilLDAPServer.php:571
ilLDAPServer\read
read()
Read server settings.
Definition: class.ilLDAPServer.php:1120
IL_LDAP_BIND_USER
const IL_LDAP_BIND_USER
Definition: class.ilLDAPServer.php:6
ilLDAPServer\enableSyncOnLogin
enableSyncOnLogin($a_value)
Definition: class.ilLDAPServer.php:754
ilLDAPServer\isAuthModeLDAP
static isAuthModeLDAP($a_auth_mode)
Check if user auth mode is LDAP.
Definition: class.ilLDAPServer.php:385
ilLDAPServer\setGroupScope
setGroupScope($a_value)
Definition: class.ilLDAPServer.php:734
ilLDAPAttributeMapping\_getInstanceByServerId
static _getInstanceByServerId($a_server_id)
Get instance of class.
Definition: class.ilLDAPAttributeMapping.php:68
ilLDAPServer\toggleTLS
toggleTLS($a_status)
Definition: class.ilLDAPServer.php:595
ilLDAPServer\_getServerList
static _getServerList()
Get list of all configured servers.
Definition: class.ilLDAPServer.php:206
ilLDAPServer\setAuthenticationMapping
setAuthenticationMapping($a_map)
Set mapped authentication mapping.
Definition: class.ilLDAPServer.php:466
ilLDAPServer\enableGroupMemberIsDN
enableGroupMemberIsDN($a_value)
Definition: class.ilLDAPServer.php:730
$DIC
global $DIC
Definition: saml.php:7
ilLDAPServer\enableAccountMigration
enableAccountMigration($a_status)
Enable account migration.
Definition: class.ilLDAPServer.php:821
ilLDAPServer\getAuthModeByKey
static getAuthModeByKey($a_auth_key)
get auth mode by key
Definition: class.ilLDAPServer.php:413
AUTH_LDAP
const AUTH_LDAP
Definition: class.ilAuthUtils.php:8
IL_LDAP_BIND_ANONYMOUS
const IL_LDAP_BIND_ANONYMOUS
Definition: class.ilLDAPServer.php:5
ilLDAPServer\enableRoleSynchronization
enableRoleSynchronization($a_value)
Definition: class.ilLDAPServer.php:790
ilLDAPServer\_getAllServer
static _getAllServer()
Get list of all configured servers.
Definition: class.ilLDAPServer.php:249
ilLDAPServer\setGroupFilter
setGroupFilter($a_value)
Definition: class.ilLDAPServer.php:663
ilLDAPServer\validate
validate()
Validate user input.
Definition: class.ilLDAPServer.php:843
ilLDAPServer\getAvailableDataSources
static getAvailableDataSources($a_auth_mode)
Definition: class.ilLDAPServer.php:282
ilLDAPServer\enableSyncPerCron
enableSyncPerCron($a_value)
Definition: class.ilLDAPServer.php:762
ilLDAPServer\_getActiveServerList
static _getActiveServerList()
Get active server list.
Definition: class.ilLDAPServer.php:109
ilLDAPServer\getPearAtributeArray
getPearAtributeArray()
Get attribute array for pear auth data.
Definition: class.ilLDAPServer.php:1097
ilLDAPServer\toggleReferrer
toggleReferrer($a_status)
Definition: class.ilLDAPServer.php:587
$server
$server
Definition: sabredav.php:48
ilAuthUtils\_getAuthModeName
static _getAuthModeName($a_auth_key)
Definition: class.ilAuthUtils.php:256
ilLDAPServer\getInstanceByServerId
static getInstanceByServerId($a_server_id)
Get instance by server id.
Definition: class.ilLDAPServer.php:62
ilLDAPRoleAssignmentRules\getAttributeNames
static getAttributeNames($a_server_id)
get all possible attribute names
Definition: class.ilLDAPRoleAssignmentRules.php:83
ilLDAPServer\disableDataSourceForAuthMode
static disableDataSourceForAuthMode($a_authmode)
Disable data source.
Definition: class.ilLDAPServer.php:342
ilLDAPRoleAssignmentRule\_getRules
static _getRules($a_server_id)
Get all rules.
Definition: class.ilLDAPRoleAssignmentRule.php:182
ilLDAPServer\toggleMembershipOptional
toggleMembershipOptional($a_status)
Definition: class.ilLDAPServer.php:709
$ilErr
$ilErr
Definition: raiseError.php:18
IL_LDAP_BIND_TEST
const IL_LDAP_BIND_TEST
Definition: class.ilLDAPQuery.php:26
ilLDAPServer\toggleActive
toggleActive($a_status)
Definition: class.ilLDAPServer.php:496
DEBUG
const DEBUG
Definition: inc.setup_header.php:41
$a_type
$a_type
Definition: workflow.php:92
ilLDAPServer\setRoleBindPassword
setRoleBindPassword($a_value)
Definition: class.ilLDAPServer.php:782
$urls
$urls
Definition: croninfo.php:28
ilLDAPServer\setUserScope
setUserScope($a_value)
Definition: class.ilLDAPServer.php:742
ilLDAPServer\DEFAULT_NETWORK_TIMEOUT
const DEFAULT_NETWORK_TIMEOUT
Definition: class.ilLDAPServer.php:30
ilLDAPServer\getGroupNames
getGroupNames()
Get group names as array.
Definition: class.ilLDAPServer.php:688
ilLDAPServer\isDataSourceActive
static isDataSourceActive($a_auth_mode)
Check if a data source is active for a specific auth mode ilDB $ilDB.
Definition: class.ilLDAPServer.php:308
ilLDAPServer\getServerIds
static getServerIds()
Get all server ids ilDB $ilDB.
Definition: class.ilLDAPServer.php:226
$res
foreach($_POST as $key=> $value) $res
Definition: save_question_post_data.php:15
$lng
$lng
Definition: save_question_post_data.php:23
ilLDAPServer\setGroupUserFilter
setGroupUserFilter($a_filter)
Definition: class.ilLDAPServer.php:717
ilLDAPServer\getAuthenticationMapping
getAuthenticationMapping()
Get authentication mode that is mapped.
Definition: class.ilLDAPServer.php:475
ilLDAPServer\doConnectionCheck
doConnectionCheck()
Check ldap connection and do a fallback to the next server if no connection is possible.
Definition: class.ilLDAPServer.php:537
ilLDAPServer\enableEscapeDN
enableEscapeDN(bool $a_value)
Definition: class.ilLDAPServer.php:804
ilLDAPServer\setBaseDN
setBaseDN($a_base_dn)
Definition: class.ilLDAPServer.php:579
IL_LDAP_SCOPE_ONE
const IL_LDAP_SCOPE_ONE
Definition: class.ilLDAPServer.php:9
ilLDAPServer\setGroupMember
setGroupMember($a_value)
Definition: class.ilLDAPServer.php:671
ilLDAPServer\_getCronServerIds
static _getCronServerIds()
Get list of acticve servers with option &#39;SyncCron&#39;.
Definition: class.ilLDAPServer.php:131
ilLDAPAttributeMapping\_delete
static _delete($a_server_id)
Delete mapping rules by server id.
Definition: class.ilLDAPAttributeMapping.php:84
ilLDAPServer\getDataSource
static getDataSource($a_auth_mode)
Definition: class.ilLDAPServer.php:324
$query
$query
Definition: proxy_ylocal.php:13
ilLDAPServer\setRoleBindDN
setRoleBindDN($a_value)
Definition: class.ilLDAPServer.php:774
ilLDAPServer\setBindPassword
setBindPassword($a_password)
Definition: class.ilLDAPServer.php:623
ilLDAPServer\toPearAuthArray
toPearAuthArray()
Creates an array of options compatible to PEAR Auth.
Definition: class.ilLDAPServer.php:1010
ilLDAPServer\getServerIdByAuthMode
static getServerIdByAuthMode($a_auth_mode)
Get auth id by auth mode.
Definition: class.ilLDAPServer.php:400
ilLDAPServer\isAuthenticationEnabled
isAuthenticationEnabled()
Check if authentication is enabled.
Definition: class.ilLDAPServer.php:457
ilLDAPServer\setSearchBase
setSearchBase($a_search_base)
Definition: class.ilLDAPServer.php:631
$row
$row
Definition: migrateto20.php:360
ilLDAPServer\getKeyByAuthMode
static getKeyByAuthMode($a_auth_mode)
Get auth id by auth mode.
Definition: class.ilLDAPServer.php:427
ilLDAPServer\setGroupName
setGroupName($a_value)
Definition: class.ilLDAPServer.php:679
ilLDAPServer\enableAuthentication
enableAuthentication($a_status)
Enable authentication for this ldap server.
Definition: class.ilLDAPServer.php:448
ilLDAPServer\setUserAttribute
setUserAttribute($a_user_attr)
Definition: class.ilLDAPServer.php:639
ilLDAPServer\setFilter
setFilter($a_filter)
Definition: class.ilLDAPServer.php:647
ilLDAPServer\rotateFallbacks
rotateFallbacks()
Rotate fallback urls in case of connect timeouts.
Definition: class.ilLDAPServer.php:74
$ilDB
global $ilDB
Definition: storeScorm2004.php:16
ilLDAPServer\_getPasswordServers
static _getPasswordServers()
Checks whether password synchronistation is enabled for an user.
Definition: class.ilLDAPServer.php:181
ilLDAPServer\setUsernameFilter
setUsernameFilter($a_value)
Definition: class.ilLDAPServer.php:799
$name
$name
Definition: client_example.php:35
ilLDAPServer\getAuthenticationMappingKey
getAuthenticationMappingKey()
Get authentication mapping key Default is ldap.
Definition: class.ilLDAPServer.php:485
ilLoggerFactory\getLogger
static getLogger($a_component_id)
Get component logger.
Definition: class.ilLoggerFactory.php:74
$url
$url
Definition: proxy_ylocal.php:28
ilLDAPServer\setGroupAttribute
setGroupAttribute($a_value)
Definition: class.ilLDAPServer.php:704
IL_LDAP_SCOPE_BASE
const IL_LDAP_SCOPE_BASE
Definition: class.ilLDAPServer.php:10
ilLDAPServer\_getRoleSyncServerIds
static _getRoleSyncServerIds()
Check whether there if there is an active server with option role_sync_active.
Definition: class.ilLDAPServer.php:156
ilLDAPServer\_getFirstServer
static _getFirstServer()
Definition: class.ilLDAPServer.php:271
$GLOBALS
$GLOBALS['JPEG_Segment_Names']
Global Variable: XMP_tag_captions.
Definition: module.tag.xmp.php:702
ilLDAPServer\toggleDataSource
static toggleDataSource($a_ldap_server_id, $a_auth_mode, $a_status)
Toggle Data Source.
Definition: class.ilLDAPServer.php:363
ilLDAPServer\isAccountMigrationEnabled
isAccountMigrationEnabled()
enabled account migration
Definition: class.ilLDAPServer.php:832