ILIAS  release_5-4 Revision v5.4.26-12-gabc799a52e6
Public Member Functions | Protected Member Functions | Private Attributes
ilAuthProviderLDAP Class Reference

Description of class class. More...

+ Inheritance diagram for ilAuthProviderLDAP:
+ Collaboration diagram for ilAuthProviderLDAP:

Public Member Functions

 __construct (\ilAuthCredentials $credentials, $a_server_id=0)
 Constructor. More...
 
 getServer ()
 Get server. More...
 
 doAuthentication (\ilAuthStatus $status)
 Do authentication. More...
 
 createNewAccount (ilAuthStatus $status)
 Create new ILIAS account for external_account.
Parameters
ilAuthStatus
More...
 
 migrateAccount (ilAuthStatus $status)
 Create new account.
Parameters
ilAuthStatus
More...
 
 getTriggerAuthMode ()
 Get trigger auth mode. More...
 
 getUserAuthModeName ()
 Get user auth mode name. More...
 
 getExternalAccountName ()
 Get external account name. More...
 
 setExternalAccountName ($a_name)
 Set external account name. More...
 
- Public Member Functions inherited from ilAuthProvider
 __construct (ilAuthCredentials $credentials)
 Constructor. More...
 
 getLogger ()
 Get logger. More...
 
 getCredentials ()
 

Protected Member Functions

 updateAccount (ilAuthStatus $status, array $user)
 Update Account. More...
 
 initServer ($a_server_id)
 Init Server. More...
 
 changeKeyCase ($a_string)
 Change case similar to array_change_key_case, to avoid further encoding problems. More...
 
- Protected Member Functions inherited from ilAuthProvider
 handleAuthenticationFail (ilAuthStatus $status, $a_reason)
 Handle failed authentication. More...
 

Private Attributes

 $server = null
 
 $migration_account = ''
 
 $force_new_account = false
 

Additional Inherited Members

- Data Fields inherited from ilAuthProvider
const STATUS_UNDEFINED = 0
 
const STATUS_AUTHENTICATION_SUCCESS = 1
 
const STATUS_AUTHENTICATION_FAILED = 2
 
const STATUS_MIGRATION = 3
 

Detailed Description

Description of class class.

Author
Stefan Meyer smeye.nosp@m.r.il.nosp@m.ias@g.nosp@m.mx.d.nosp@m.e

Definition at line 15 of file class.ilAuthProviderLDAP.php.

Constructor & Destructor Documentation

◆ __construct()

ilAuthProviderLDAP::__construct ( \ilAuthCredentials  $credentials,
  $a_server_id = 0 
)

Constructor.

Parameters
\ilAuthCredentials$credentials

Definition at line 25 of file class.ilAuthProviderLDAP.php.

References initServer().

26  {
27  parent::__construct($credentials);
28  $this->initServer($a_server_id);
29  }
ilAuthProviderLDAP\initServer
initServer($a_server_id)
Init Server.
Definition: class.ilAuthProviderLDAP.php:147
+ Here is the call graph for this function:

Member Function Documentation

◆ changeKeyCase()

ilAuthProviderLDAP::changeKeyCase (   $a_string)
protected

Change case similar to array_change_key_case, to avoid further encoding problems.

Parameters
string$a_string
Returns
string

Definition at line 257 of file class.ilAuthProviderLDAP.php.

References $key.

Referenced by createNewAccount(), doAuthentication(), and migrateAccount().

258  {
259  $as_array = array_change_key_case(array($a_string => $a_string));
260  foreach ($as_array as $key => $string) {
261  return $key;
262  }
263  }
$key
$key
Definition: croninfo.php:18
+ Here is the caller graph for this function:

◆ createNewAccount()

ilAuthProviderLDAP::createNewAccount ( ilAuthStatus  $status)

Create new ILIAS account for external_account.

Parameters
ilAuthStatus

Implements ilAuthProviderAccountMigrationInterface.

Definition at line 158 of file class.ilAuthProviderLDAP.php.

References $query, $users, changeKeyCase(), ilAuthProvider\getCredentials(), ilAuthProvider\getLogger(), getServer(), ilAuthProvider\handleAuthenticationFail(), IL_LDAP_BIND_DEFAULT, and updateAccount().

159  {
160  $this->force_new_account = true;
161 
162  try {
163  include_once './Services/LDAP/classes/class.ilLDAPQuery.php';
164  $query = new ilLDAPQuery($this->getServer());
165  $query->bind(IL_LDAP_BIND_DEFAULT);
166  } catch (ilLDAPQueryException $e) {
167  $this->getLogger()->error('Cannot bind to LDAP server... ' . $e->getMessage());
168  $this->handleAuthenticationFail($status, 'auth_err_ldap_exception');
169  return false;
170  }
171  try {
172  // fetch user
173  $users = $query->fetchUser(
174  $this->getCredentials()->getUsername()
175  );
176  if (!$users) {
177  $this->handleAuthenticationFail($status, 'err_wrong_login');
178  return false;
179  }
180  if (!array_key_exists($this->changeKeyCase($this->getCredentials()->getUsername()), $users)) {
181  $this->handleAuthenticationFail($status, 'err_wrong_login');
182  return false;
183  }
184  } catch (ilLDAPQueryException $e) {
185  $this->getLogger()->error('Cannot fetch LDAP user data... ' . $e->getMessage());
186  $this->handleAuthenticationFail($status, 'auth_err_ldap_exception');
187  return false;
188  }
189 
190  // authentication success update profile
191  $this->updateAccount($status, $users[$this->changeKeyCase($this->getCredentials()->getUsername())]);
192  }
ilAuthProviderLDAP\updateAccount
updateAccount(ilAuthStatus $status, array $user)
Update Account.
Definition: class.ilAuthProviderLDAP.php:107
IL_LDAP_BIND_DEFAULT
const IL_LDAP_BIND_DEFAULT
Definition: class.ilLDAPQuery.php:24
$query
$query
Definition: proxy_ylocal.php:13
$users
$users
Definition: authpage.php:44
ilAuthProvider\getLogger
getLogger()
Get logger.
Definition: class.ilAuthProvider.php:38
ilAuthProvider\handleAuthenticationFail
handleAuthenticationFail(ilAuthStatus $status, $a_reason)
Handle failed authentication.
Definition: class.ilAuthProvider.php:55
ilAuthProviderLDAP\changeKeyCase
changeKeyCase($a_string)
Change case similar to array_change_key_case, to avoid further encoding problems. ...
Definition: class.ilAuthProviderLDAP.php:257
+ Here is the call graph for this function:

◆ doAuthentication()

ilAuthProviderLDAP::doAuthentication ( \ilAuthStatus  $status)

Do authentication.

Parameters
\ilAuthStatus$status

Implements ilAuthProviderInterface.

Definition at line 45 of file class.ilAuthProviderLDAP.php.

References $query, $users, changeKeyCase(), ilAuthProvider\getCredentials(), ilAuthProvider\getLogger(), getServer(), ilAuthProvider\handleAuthenticationFail(), IL_LDAP_BIND_AUTH, IL_LDAP_BIND_DEFAULT, and updateAccount().

46  {
47  try {
48  // bind
49  include_once './Services/LDAP/classes/class.ilLDAPQuery.php';
50  $query = new ilLDAPQuery($this->getServer());
51  $query->bind(IL_LDAP_BIND_DEFAULT);
52  } catch (ilLDAPQueryException $e) {
53  $this->getLogger()->error('Cannot bind to LDAP server... ' . $e->getMessage());
54  $this->handleAuthenticationFail($status, 'auth_err_ldap_exception');
55  return false;
56  }
57  try {
58  // Read user data, which does ensure a sucessful authentication.
59  $users = $query->fetchUser(
60  $this->getCredentials()->getUsername()
61  );
62 
63  if (!$users) {
64  $this->handleAuthenticationFail($status, 'err_wrong_login');
65  return false;
66  }
67  if (!trim($this->getCredentials()->getPassword())) {
68  $this->handleAuthenticationFail($status, 'err_wrong_login');
69  return false;
70  }
71  if (!array_key_exists($this->changeKeyCase($this->getCredentials()->getUsername()), $users)) {
72  $this->getLogger()->warning('Cannot find user: ' . $this->changeKeyCase($this->getCredentials()->getUsername()));
73  $this->handleAuthenticationFail($status, 'auth_err_ldap_exception');
74  return false;
75  }
76 
77  // check group membership
78  if (!$query->checkGroupMembership(
79  $this->getCredentials()->getUsername(),
80  $users[$this->changeKeyCase($this->getCredentials()->getUsername())]
81  )) {
82  $this->handleAuthenticationFail($status, 'err_wrong_login');
83  return false;
84  }
85  } catch (ilLDAPQueryException $e) {
86  $this->getLogger()->error('Cannot fetch LDAP user data... ' . $e->getMessage());
87  $this->handleAuthenticationFail($status, 'auth_err_ldap_exception');
88  return false;
89  }
90  try {
91  // now bind with login credentials
92  $query->bind(IL_LDAP_BIND_AUTH, $users[$this->changeKeyCase($this->getCredentials()->getUsername())]['dn'], $this->getCredentials()->getPassword());
93  } catch (ilLDAPQueryException $e) {
94  $this->handleAuthenticationFail($status, 'err_wrong_login');
95  return false;
96  }
97 
98  // authentication success update profile
99  return $this->updateAccount($status, $users[$this->changeKeyCase($this->getCredentials()->getUsername())]);
100  }
ilAuthProviderLDAP\updateAccount
updateAccount(ilAuthStatus $status, array $user)
Update Account.
Definition: class.ilAuthProviderLDAP.php:107
IL_LDAP_BIND_AUTH
const IL_LDAP_BIND_AUTH
Definition: class.ilLDAPQuery.php:27
IL_LDAP_BIND_DEFAULT
const IL_LDAP_BIND_DEFAULT
Definition: class.ilLDAPQuery.php:24
$query
$query
Definition: proxy_ylocal.php:13
$users
$users
Definition: authpage.php:44
ilAuthProvider\getLogger
getLogger()
Get logger.
Definition: class.ilAuthProvider.php:38
ilAuthProvider\handleAuthenticationFail
handleAuthenticationFail(ilAuthStatus $status, $a_reason)
Handle failed authentication.
Definition: class.ilAuthProvider.php:55
ilAuthProviderLDAP\changeKeyCase
changeKeyCase($a_string)
Change case similar to array_change_key_case, to avoid further encoding problems. ...
Definition: class.ilAuthProviderLDAP.php:257
+ Here is the call graph for this function:

◆ getExternalAccountName()

ilAuthProviderLDAP::getExternalAccountName ( )

Get external account name.

Returns
string

Implements ilAuthProviderAccountMigrationInterface.

Definition at line 238 of file class.ilAuthProviderLDAP.php.

References $migration_account.

239  {
240  return $this->migration_account;
241  }

◆ getServer()

ilAuthProviderLDAP::getServer ( )

Get server.

Returns

Definition at line 35 of file class.ilAuthProviderLDAP.php.

References $server.

Referenced by createNewAccount(), doAuthentication(), getTriggerAuthMode(), getUserAuthModeName(), migrateAccount(), and updateAccount().

36  {
37  return $this->server;
38  }
+ Here is the caller graph for this function:

◆ getTriggerAuthMode()

ilAuthProviderLDAP::getTriggerAuthMode ( )

Get trigger auth mode.

Implements ilAuthProviderAccountMigrationInterface.

Definition at line 221 of file class.ilAuthProviderLDAP.php.

References AUTH_LDAP, and getServer().

222  {
223  return AUTH_LDAP . '_' . $this->getServer()->getServerId();
224  }
AUTH_LDAP
const AUTH_LDAP
Definition: class.ilAuthUtils.php:8
+ Here is the call graph for this function:

◆ getUserAuthModeName()

ilAuthProviderLDAP::getUserAuthModeName ( )

Get user auth mode name.

Implements ilAuthProviderAccountMigrationInterface.

Definition at line 229 of file class.ilAuthProviderLDAP.php.

References getServer().

230  {
231  return 'ldap_' . $this->getServer()->getServerId();
232  }
+ Here is the call graph for this function:

◆ initServer()

ilAuthProviderLDAP::initServer (   $a_server_id)
protected

Init Server.

Definition at line 147 of file class.ilAuthProviderLDAP.php.

Referenced by __construct().

148  {
149  include_once './Services/LDAP/classes/class.ilLDAPServer.php';
150  $this->server = new ilLDAPServer($a_server_id);
151  }
+ Here is the caller graph for this function:

◆ migrateAccount()

ilAuthProviderLDAP::migrateAccount ( ilAuthStatus  $status)

Create new account.

Parameters
ilAuthStatus

Implements ilAuthProviderAccountMigrationInterface.

Definition at line 199 of file class.ilAuthProviderLDAP.php.

References $query, $users, changeKeyCase(), ilAuthProvider\getCredentials(), ilAuthProvider\getLogger(), getServer(), ilAuthProvider\handleAuthenticationFail(), IL_LDAP_BIND_DEFAULT, and updateAccount().

200  {
201  $this->force_new_account = true;
202 
203  try {
204  include_once './Services/LDAP/classes/class.ilLDAPQuery.php';
205  $query = new ilLDAPQuery($this->getServer());
206  $query->bind(IL_LDAP_BIND_DEFAULT);
207  } catch (ilLDAPQueryException $e) {
208  $this->getLogger()->error('Cannot bind to LDAP server... ' . $e->getMessage());
209  $this->handleAuthenticationFail($status, 'auth_err_ldap_exception');
210  return false;
211  }
212 
213  $users = $query->fetchUser($this->getCredentials()->getUsername());
214  $this->updateAccount($status, $users[$this->changeKeyCase($this->getCredentials()->getUsername())]);
215  return true;
216  }
ilAuthProviderLDAP\updateAccount
updateAccount(ilAuthStatus $status, array $user)
Update Account.
Definition: class.ilAuthProviderLDAP.php:107
IL_LDAP_BIND_DEFAULT
const IL_LDAP_BIND_DEFAULT
Definition: class.ilLDAPQuery.php:24
$query
$query
Definition: proxy_ylocal.php:13
$users
$users
Definition: authpage.php:44
ilAuthProvider\getLogger
getLogger()
Get logger.
Definition: class.ilAuthProvider.php:38
ilAuthProvider\handleAuthenticationFail
handleAuthenticationFail(ilAuthStatus $status, $a_reason)
Handle failed authentication.
Definition: class.ilAuthProvider.php:55
ilAuthProviderLDAP\changeKeyCase
changeKeyCase($a_string)
Change case similar to array_change_key_case, to avoid further encoding problems. ...
Definition: class.ilAuthProviderLDAP.php:257
+ Here is the call graph for this function:

◆ setExternalAccountName()

ilAuthProviderLDAP::setExternalAccountName (   $a_name)

Set external account name.

Parameters
string$a_name

Definition at line 247 of file class.ilAuthProviderLDAP.php.

Referenced by updateAccount().

248  {
249  $this->migration_account = $a_name;
250  }
+ Here is the caller graph for this function:

◆ updateAccount()

ilAuthProviderLDAP::updateAccount ( ilAuthStatus  $status,
array  $user 
)
protected

Update Account.

Parameters
array$user
Returns
bool

Definition at line 107 of file class.ilAuthProviderLDAP.php.

References $sync, ilObjUser\_lookupId(), ilLogLevel\DEBUG, ilAuthProvider\getCredentials(), ilAuthProvider\getLogger(), getServer(), ilAuthProvider\handleAuthenticationFail(), ilAuthStatus\setAuthenticatedUserId(), setExternalAccountName(), ilAuthStatus\setStatus(), ilAuthStatus\STATUS_ACCOUNT_MIGRATION_REQUIRED, and ilAuthStatus\STATUS_AUTHENTICATED.

Referenced by createNewAccount(), doAuthentication(), and migrateAccount().

108  {
109  $user = array_change_key_case($user, CASE_LOWER);
110  $this->getLogger()->dump($user, ilLogLevel::DEBUG);
111 
112  include_once './Services/LDAP/classes/class.ilLDAPUserSynchronisation.php';
113  $sync = new ilLDAPUserSynchronisation('ldap_' . $this->getServer()->getServerId(), $this->getServer()->getServerId());
114  $sync->setExternalAccount($this->getCredentials()->getUsername());
115  $sync->setUserData($user);
116  $sync->forceCreation($this->force_new_account);
117 
118  try {
119  $internal_account = $sync->sync();
120  $this->getLogger()->debug('Internal account: ' . $internal_account);
121  } catch (UnexpectedValueException $e) {
122  $this->getLogger()->info('Login failed with message: ' . $e->getMessage());
123  $this->handleAuthenticationFail($status, 'err_wrong_login');
124  return false;
125  } catch (ilLDAPSynchronisationForbiddenException $e) {
126  // No syncronisation allowed => create Error
127  $this->getLogger()->info('Login failed with message: ' . $e->getMessage());
128  $this->handleAuthenticationFail($status, 'err_auth_ldap_no_ilias_user');
129  return false;
130  } catch (ilLDAPAccountMigrationRequiredException $e) {
131  // Account migration required
132  $this->setExternalAccountName($this->getCredentials()->getUsername());
133  $this->getLogger()->info('Authentication failed: account migration required for external account: ' . $this->getCredentials()->getUsername());
134  $status->setStatus(ilAuthStatus::STATUS_ACCOUNT_MIGRATION_REQUIRED);
135  return false;
136  }
137  $status->setStatus(ilAuthStatus::STATUS_AUTHENTICATED);
138  $status->setAuthenticatedUserId(ilObjUser::_lookupId($internal_account));
139  return true;
140  }
ilLDAPUserSynchronisation
Synchronization of user accounts used in auth container ldap, radius , cas,...
Definition: class.ilLDAPUserSynchronisation.php:14
ilObjUser\_lookupId
static _lookupId($a_user_str)
Lookup id by login.
Definition: class.ilObjUser.php:827
ilLDAPAccountMigrationRequiredException
Description of ilLDAPAccountMigrationRequiredException.
Definition: class.ilLDAPAccountMigrationRequiredException.php:12
ilAuthStatus\setAuthenticatedUserId
setAuthenticatedUserId($a_id)
Definition: class.ilAuthStatus.php:116
ilAuthStatus\setStatus
setStatus($a_status)
Set auth status.
Definition: class.ilAuthStatus.php:63
$sync
$sync
Definition: memcacheSync.php:62
ilAuthProviderLDAP\setExternalAccountName
setExternalAccountName($a_name)
Set external account name.
Definition: class.ilAuthProviderLDAP.php:247
$user
$user
Definition: migrateto20.php:57
ilAuthProvider\getLogger
getLogger()
Get logger.
Definition: class.ilAuthProvider.php:38
ilAuthProvider\handleAuthenticationFail
handleAuthenticationFail(ilAuthStatus $status, $a_reason)
Handle failed authentication.
Definition: class.ilAuthProvider.php:55
ilAuthStatus\STATUS_ACCOUNT_MIGRATION_REQUIRED
const STATUS_ACCOUNT_MIGRATION_REQUIRED
Definition: class.ilAuthStatus.php:20
+ Here is the call graph for this function:
+ Here is the caller graph for this function:

Field Documentation

◆ $force_new_account

ilAuthProviderLDAP::$force_new_account = false
private

Definition at line 19 of file class.ilAuthProviderLDAP.php.

◆ $migration_account

ilAuthProviderLDAP::$migration_account = ''
private

Definition at line 18 of file class.ilAuthProviderLDAP.php.

Referenced by getExternalAccountName().

◆ $server

ilAuthProviderLDAP::$server = null
private

Definition at line 17 of file class.ilAuthProviderLDAP.php.

Referenced by getServer().

The documentation for this class was generated from the following file: