ILIAS  release_5-4 Revision v5.4.26-12-gabc799a52e6
Public Member Functions | Private Attributes
sspmod_ldap_ConfigHelper Class Reference
+ Collaboration diagram for sspmod_ldap_ConfigHelper:

Public Member Functions

 __construct ($config, $location)
 Constructor for this configuration parser. More...
 
 login ($username, $password, array $sasl_args=null)
 Attempt to log in using the given username and password. More...
 
 searchfordn ($attribute, $value, $allowZeroHits)
 Search for a DN. More...
 
 getAttributes ($dn, $attributes=null)
 

Private Attributes

 $location
 String with the location of this configuration. More...
 
 $hostname
 The hostname of the LDAP server. More...
 
 $enableTLS
 Whether we should use TLS/SSL when contacting the LDAP server. More...
 
 $debug
 
 $timeout
 
 $port
 
 $referrals
 Whether to follow referrals. More...
 
 $searchEnable
 Whether we need to search for the users DN. More...
 
 $searchUsername
 The username we should bind with before we can search for the user. More...
 
 $searchPassword
 The password we should bind with before we can search for the user. More...
 
 $searchBase
 Array with the base DN(s) for the search. More...
 
 $searchScope
 The scope of the search. More...
 
 $searchFilter
 Additional LDAP filter fields for the search. More...
 
 $searchAttributes
 The attributes which should match the username. More...
 
 $dnPattern
 The DN pattern we should use to create the DN from the username. More...
 
 $attributes
 The attributes we should fetch. More...
 
 $privRead
 The user cannot get all attributes, privileged reader required. More...
 
 $privUsername
 The DN we should bind with before we can get the attributes. More...
 
 $privPassword
 The password we should bind with before we can get the attributes. More...
 

Detailed Description

Definition at line 11 of file ConfigHelper.php.

Constructor & Destructor Documentation

◆ __construct()

sspmod_ldap_ConfigHelper::__construct (   $config,
  $location 
)

Constructor for this configuration parser.

Parameters
array$configConfiguration.
string$locationThe location of this configuration. Used for error reporting.

Definition at line 126 of file ConfigHelper.php.

References $config, $location, and SimpleSAML_Configuration\loadFromArray().

127  {
128  assert(is_array($config));
129  assert(is_string($location));
130 
131  $this->location = $location;
132 
133  // Parse configuration
134  $config = SimpleSAML_Configuration::loadFromArray($config, $location);
135 
136  $this->hostname = $config->getString('hostname');
137  $this->enableTLS = $config->getBoolean('enable_tls', false);
138  $this->debug = $config->getBoolean('debug', false);
139  $this->timeout = $config->getInteger('timeout', 0);
140  $this->port = $config->getInteger('port', 389);
141  $this->referrals = $config->getBoolean('referrals', true);
142  $this->searchEnable = $config->getBoolean('search.enable', false);
143  $this->privRead = $config->getBoolean('priv.read', false);
144 
145  if ($this->searchEnable) {
146  $this->searchUsername = $config->getString('search.username', null);
147  if ($this->searchUsername !== null) {
148  $this->searchPassword = $config->getString('search.password');
149  }
150 
151  $this->searchBase = $config->getArrayizeString('search.base');
152  $this->searchScope = $config->getString('search.scope', 'subtree');
153  $this->searchFilter = $config->getString('search.filter', null);
154  $this->searchAttributes = $config->getArray('search.attributes');
155 
156  } else {
157  $this->dnPattern = $config->getString('dnpattern');
158  }
159 
160  // Are privs needed to get to the attributes?
161  if ($this->privRead) {
162  $this->privUsername = $config->getString('priv.username');
163  $this->privPassword = $config->getString('priv.password');
164  }
165 
166  $this->attributes = $config->getArray('attributes', null);
167  }
$config
$config
Definition: bootstrap.php:15
sspmod_ldap_ConfigHelper\$location
$location
String with the location of this configuration.
Definition: ConfigHelper.php:17
SimpleSAML_Configuration\loadFromArray
static loadFromArray($config, $location='[ARRAY]', $instance=null)
Loads a configuration from the given array.
Definition: Configuration.php:297
+ Here is the call graph for this function:

Member Function Documentation

◆ getAttributes()

sspmod_ldap_ConfigHelper::getAttributes (   $dn,
  $attributes = null 
)

Definition at line 278 of file ConfigHelper.php.

References $attributes.

279  {
280  if ($attributes == null) {
281  $attributes = $this->attributes;
282  }
283 
284  $ldap = new SimpleSAML_Auth_LDAP($this->hostname,
285  $this->enableTLS,
286  $this->debug,
287  $this->timeout,
288  $this->port,
289  $this->referrals);
290 
291  /* Are privs needed to get the attributes? */
292  if ($this->privRead) {
293  /* Yes, rebind with privs */
294  if (!$ldap->bind($this->privUsername, $this->privPassword)) {
295  throw new Exception('Error authenticating using privileged DN & password.');
296  }
297  }
298  return $ldap->getAttributes($dn, $attributes);
299  }
SimpleSAML_Auth_LDAP
Definition: LDAP.php:25
sspmod_ldap_ConfigHelper\$attributes
$attributes
The attributes we should fetch.
Definition: ConfigHelper.php:102

◆ login()

sspmod_ldap_ConfigHelper::login (   $username,
  $password,
array  $sasl_args = null 
)

Attempt to log in using the given username and password.

Will throw a SimpleSAML_Error_Error('WRONGUSERPASS') if the username or password is wrong. If there is a configuration problem, an Exception will be thrown.

Parameters
string$usernameThe username the user wrote.
string$passwordThe password the user wrote.
arrray$sasl_argsArray of SASL options for LDAP bind.
Returns
array Associative array with the users attributes.

Definition at line 181 of file ConfigHelper.php.

References $password, and SimpleSAML\Logger\info().

182  {
183  assert(is_string($username));
184  assert(is_string($password));
185 
186  if (empty($password)) {
187  SimpleSAML\Logger::info($this->location.': Login with empty password disallowed.');
188  throw new SimpleSAML_Error_Error('WRONGUSERPASS');
189  }
190 
191  $ldap = new SimpleSAML_Auth_LDAP($this->hostname, $this->enableTLS, $this->debug, $this->timeout, $this->port, $this->referrals);
192 
193  if (!$this->searchEnable) {
194  $ldapusername = addcslashes($username, ',+"\\<>;*');
195  $dn = str_replace('%username%', $ldapusername, $this->dnPattern);
196  } else {
197  if ($this->searchUsername !== null) {
198  if (!$ldap->bind($this->searchUsername, $this->searchPassword)) {
199  throw new Exception('Error authenticating using search username & password.');
200  }
201  }
202 
203  $dn = $ldap->searchfordn($this->searchBase, $this->searchAttributes, $username, true, $this->searchFilter, $this->searchScope);
204  if ($dn === null) {
205  /* User not found with search. */
206  SimpleSAML\Logger::info($this->location.': Unable to find users DN. username=\''.$username.'\'');
207  throw new SimpleSAML_Error_Error('WRONGUSERPASS');
208  }
209  }
210 
211  if (!$ldap->bind($dn, $password, $sasl_args)) {
212  SimpleSAML\Logger::info($this->location.': '.$username.' failed to authenticate. DN='.$dn);
213  throw new SimpleSAML_Error_Error('WRONGUSERPASS');
214  }
215 
216  /* In case of SASL bind, authenticated and authorized DN may differ */
217  if (isset($sasl_args)) {
218  $dn = $ldap->whoami($this->searchBase, $this->searchAttributes);
219  }
220 
221  /* Are privs needed to get the attributes? */
222  if ($this->privRead) {
223  /* Yes, rebind with privs */
224  if (!$ldap->bind($this->privUsername, $this->privPassword)) {
225  throw new Exception('Error authenticating using privileged DN & password.');
226  }
227  }
228 
229  return $ldap->getAttributes($dn, $this->attributes);
230  }
SimpleSAML_Auth_LDAP
Definition: LDAP.php:25
SimpleSAML\Logger\info
static info($string)
Definition: Logger.php:199
SimpleSAML_Error_Error
Definition: Error.php:10
$password
$password
Definition: cron.php:14
+ Here is the call graph for this function:

◆ searchfordn()

sspmod_ldap_ConfigHelper::searchfordn (   $attribute,
  $value,
  $allowZeroHits 
)

Search for a DN.

Parameters
string | array$attributeThe attribute name(s) searched for. If set to NULL, values from configuration is used.
string$valueThe attribute value searched for.
bool$allowZeroHitsDetermines if the method will throw an exception if no hits are found. Defaults to FALSE.
Returns
string The DN of the matching element, if found. If no element was found and $allowZeroHits is set to FALSE, an exception will be thrown; otherwise NULL will be returned.
Exceptions
SimpleSAML_Error_AuthSourceif:
  • LDAP search encounter some problems when searching cataloge
  • Not able to connect to LDAP server
SimpleSAML_Error_UserNotFoundif:
  • $allowZeroHits is FALSE and no result is found

Definition at line 255 of file ConfigHelper.php.

References $searchAttributes.

256  {
257  $ldap = new SimpleSAML_Auth_LDAP($this->hostname,
258  $this->enableTLS,
259  $this->debug,
260  $this->timeout,
261  $this->port,
262  $this->referrals);
263 
264  if ($attribute == null) {
265  $attribute = $this->searchAttributes;
266  }
267 
268  if ($this->searchUsername !== null) {
269  if (!$ldap->bind($this->searchUsername, $this->searchPassword)) {
270  throw new Exception('Error authenticating using search username & password.');
271  }
272  }
273 
274  return $ldap->searchfordn($this->searchBase, $attribute,
275  $value, $allowZeroHits, $this->searchFilter, $this->searchScope);
276  }
SimpleSAML_Auth_LDAP
Definition: LDAP.php:25
sspmod_ldap_ConfigHelper\$searchAttributes
$searchAttributes
The attributes which should match the username.
Definition: ConfigHelper.php:92

Field Documentation

◆ $attributes

sspmod_ldap_ConfigHelper::$attributes
private

The attributes we should fetch.

Can be NULL in which case we will fetch all attributes.

Definition at line 102 of file ConfigHelper.php.

Referenced by getAttributes().

◆ $debug

sspmod_ldap_ConfigHelper::$debug
private

Definition at line 37 of file ConfigHelper.php.

◆ $dnPattern

sspmod_ldap_ConfigHelper::$dnPattern
private

The DN pattern we should use to create the DN from the username.

Definition at line 97 of file ConfigHelper.php.

◆ $enableTLS

sspmod_ldap_ConfigHelper::$enableTLS
private

Whether we should use TLS/SSL when contacting the LDAP server.

Definition at line 29 of file ConfigHelper.php.

◆ $hostname

sspmod_ldap_ConfigHelper::$hostname
private

The hostname of the LDAP server.

Definition at line 23 of file ConfigHelper.php.

◆ $location

sspmod_ldap_ConfigHelper::$location
private

String with the location of this configuration.

Used for error reporting.

Definition at line 17 of file ConfigHelper.php.

Referenced by __construct().

◆ $port

sspmod_ldap_ConfigHelper::$port
private

Definition at line 52 of file ConfigHelper.php.

◆ $privPassword

sspmod_ldap_ConfigHelper::$privPassword
private

The password we should bind with before we can get the attributes.

Definition at line 117 of file ConfigHelper.php.

◆ $privRead

sspmod_ldap_ConfigHelper::$privRead
private

The user cannot get all attributes, privileged reader required.

Definition at line 107 of file ConfigHelper.php.

◆ $privUsername

sspmod_ldap_ConfigHelper::$privUsername
private

The DN we should bind with before we can get the attributes.

Definition at line 112 of file ConfigHelper.php.

◆ $referrals

sspmod_ldap_ConfigHelper::$referrals
private

Whether to follow referrals.

Definition at line 57 of file ConfigHelper.php.

◆ $searchAttributes

sspmod_ldap_ConfigHelper::$searchAttributes
private

The attributes which should match the username.

Definition at line 92 of file ConfigHelper.php.

Referenced by searchfordn().

◆ $searchBase

sspmod_ldap_ConfigHelper::$searchBase
private

Array with the base DN(s) for the search.

Definition at line 77 of file ConfigHelper.php.

◆ $searchEnable

sspmod_ldap_ConfigHelper::$searchEnable
private

Whether we need to search for the users DN.

Definition at line 62 of file ConfigHelper.php.

◆ $searchFilter

sspmod_ldap_ConfigHelper::$searchFilter
private

Additional LDAP filter fields for the search.

Definition at line 87 of file ConfigHelper.php.

◆ $searchPassword

sspmod_ldap_ConfigHelper::$searchPassword
private

The password we should bind with before we can search for the user.

Definition at line 72 of file ConfigHelper.php.

◆ $searchScope

sspmod_ldap_ConfigHelper::$searchScope
private

The scope of the search.

Definition at line 82 of file ConfigHelper.php.

◆ $searchUsername

sspmod_ldap_ConfigHelper::$searchUsername
private

The username we should bind with before we can search for the user.

Definition at line 67 of file ConfigHelper.php.

◆ $timeout

sspmod_ldap_ConfigHelper::$timeout
private

Definition at line 45 of file ConfigHelper.php.

The documentation for this class was generated from the following file: