24include_once(
'Services/LDAP/classes/class.ilLDAPServer.php');
 
   62        $this->log = 
$DIC->logger()->auth();
 
   75        if (is_object(self::$instance)) {
 
   92        if (!$this->active_servers) {
 
   96            if (isset($this->mapping_info_strict[$a_obj_id]) and is_array($this->mapping_info_strict[$a_obj_id])) {
 
   97                return $this->mapping_info_strict[$a_obj_id];
 
  100            if (isset($this->mapping_info[$a_obj_id]) and is_array($this->mapping_info[$a_obj_id])) {
 
  101                return $this->mapping_info[$a_obj_id];
 
  117    public function assign($a_role_id, $a_usr_id)
 
  120        if (!$this->active_servers) {
 
  128            $this->log->info(
'LDAP assign: User ID: ' . $a_usr_id . 
' has no LDAP account');
 
  131        $this->log->info(
'LDAP assigned: User ID: ' . $a_usr_id . 
' Role Id: ' . $a_role_id);
 
  150        $rbacreview = 
$DIC[
'rbacreview'];
 
  153        if (!$this->active_servers) {
 
  161        foreach ($rbacreview->assignedUsers($a_role_id) as $usr_id) {
 
  162            $this->
deassign($a_role_id, $usr_id);
 
  180        if (!$this->active_servers) {
 
  189        $this->log->info(
'LDAP deassigned: User ID: ' . $a_usr_id . 
' Role Id: ' . $a_role_id);
 
  203        foreach ($this->mappings as $role_id => 
$data) {
 
  204            $this->
deassign($role_id, $a_usr_id);
 
  221        if (!count($server_ids)) {
 
  226        include_once(
'Services/LDAP/classes/class.ilLDAPRoleGroupMappingSettings.php');
 
  228        $this->active_servers = 
true;
 
  229        $this->mappings = array();
 
  231        foreach ($server_ids as $server_id) {
 
  232            $this->servers[$server_id] = 
new ilLDAPServer($server_id);
 
  235                'ldap_' . $server_id,
 
  239        $this->mapping_info = array();
 
  240        $this->mapping_info_strict = array();
 
  241        foreach ($this->mappings as $mapping) {
 
  243                if (strlen(
$data[
'info']) and 
$data[
'object_id']) {
 
  244                    $this->mapping_info[
$data[
'object_id']][] = 
$data[
'info'];
 
  247                    $this->mapping_info_strict[
$data[
'object_id']][] = 
$data[
'info'];
 
  264        return array_key_exists($a_role_id, $this->mappings);
 
  274        foreach ($this->users as $server_id => 
$users) {
 
  275            if (array_key_exists($a_usr_id, 
$users)) {
 
  292        foreach ($this->mappings[$a_role_id] as 
$data) {
 
  295                    $external_account = $this->
readDN($a_usr_id, 
$data[
'server_id']);
 
  297                    $external_account = $this->users[
$data[
'server_id']][$a_usr_id];
 
  301                $query_obj->modAdd(
$data[
'dn'], array(
$data[
'member'] => $external_account));
 
  302                $this->log->info(
'LDAP assign: Assigned ' . $external_account . 
' to group ' . 
$data[
'dn']);
 
  304                $this->log->warning($exc->getMessage());
 
  321        foreach ($this->mappings[$a_role_id] as 
$data) {
 
  324                    $external_account = $this->
readDN($a_usr_id, 
$data[
'server_id']);
 
  326                    $external_account = $this->users[
$data[
'server_id']][$a_usr_id];
 
  331                    $this->log->info(
'LDAP deassign: User is still assigned to role "' . $role_id . 
'".');
 
  336                $query_obj->modDelete(
$data[
'dn'], array(
$data[
'member'] => $external_account));
 
  337                $this->log->info(
'LDAP deassign: Deassigned ' . $external_account . 
' from group ' . 
$data[
'dn']);
 
  340                if (is_array($this->mapping_members[
$data[
'mapping_id']])) {
 
  341                    $key = array_search($external_account, $this->mapping_members[
$data[
'mapping_id']]);
 
  343                        unset($this->mapping_members[
$data[
'mapping_id']]);
 
  347                $this->log->warning($exc->getMessage());
 
  366        $rbacreview = 
$DIC[
'rbacreview'];
 
  367        $ilObjDataCache = 
$DIC[
'ilObjDataCache'];
 
  369        foreach ($this->mappings as $role_id => $tmp_data) {
 
  370            foreach ($tmp_data as 
$data) {
 
  371                if ($role_id == $a_role_id) {
 
  374                if (
$data[
'server_id'] != $a_data[
'server_id']) {
 
  377                if (
$data[
'dn'] != $a_data[
'dn']) {
 
  380                if ($rbacreview->isAssigned($a_usr_id, $role_id)) {
 
  381                    return $ilObjDataCache->lookupTitle($role_id);
 
  396        $this->mapping_members[$a_mapping_id] = array();
 
  397        foreach ($a_data as $field => $value) {
 
  398            if (strtolower($field) == 
'dn') {
 
  402            if (!is_array($value)) {
 
  403                $this->mapping_members[$a_mapping_id][] = $value;
 
  406            foreach ($value as $external_account) {
 
  407                $this->mapping_members[$a_mapping_id][] = $external_account;
 
  421    private function readDN($a_usr_id, $a_server_id)
 
  423        if (isset($this->user_dns[$a_usr_id])) {
 
  424            return $this->user_dns[$a_usr_id];
 
  427        $external_account = $this->users[$a_server_id][$a_usr_id];
 
  430            $server = $this->servers[$a_server_id];
 
  433            if ($search_base = 
$server->getSearchBase()) {
 
  436            $search_base .= 
$server->getBaseDN();
 
  439            if (
$server->isMembershipOptional() and 
$server->getGroupUserFilter()) {
 
  440                $userFilter = 
$server->getGroupUserFilter();
 
  442                $userFilter = 
$server->getFilter();
 
  452            $res = $query_obj->query($search_base, $filter, 
$server->getUserScope(), array(
'dn'));
 
  454            if (!
$res->numRows()) {
 
  455                include_once(
'Services/LDAP/classes/class.ilLDAPQueryException.php');
 
  458            if (
$res->numRows() > 1) {
 
  459                include_once(
'Services/LDAP/classes/class.ilLDAPQueryException.php');
 
  460                throw new ilLDAPQueryException(__METHOD__ . 
' found multiple distinguished name for: ' . $external_account);
 
  464            return $this->user_dns[$a_usr_id] = 
$data[
'dn'];
 
  479        include_once 
'Services/LDAP/classes/class.ilLDAPQuery.php';
 
  481        if (array_key_exists($a_server_id, $this->query) and
 
  482            array_key_exists($a_url, $this->query[$a_server_id]) and
 
  483            is_object($this->query[$a_server_id][$a_url])) {
 
  484            return $this->query[$a_server_id][$a_url];
 
  487            $tmp_query = 
new ilLDAPQuery($this->servers[$a_server_id], $a_url);
 
  492        return $this->query[$a_server_id][$a_url] = $tmp_query;
 
An exception for terminatinating execution or to throw for unit testing.
static _getAllActiveMappings()
isHandledRole($a_role_id)
Check if a role is handled or not.
initServers()
Check if there is any active server with.
storeMembers($a_mapping_id, $a_data)
Store Members.
readDN($a_usr_id, $a_server_id)
Read DN of user.
getLDAPQueryInstance($a_server_id, $a_url)
Get LDAPQueryInstance.
assignToGroup($a_role_id, $a_usr_id)
Assign user to group.
getInfoStrings($a_obj_id, $a_check_type=false)
Get info string for object If check info type is enabled this function will check if the info string ...
checkOtherMembership($a_usr_id, $a_role_id, $a_data)
Check other membership.
deleteUser($a_usr_id)
Delete user => deassign from all ldap groups.
deassign($a_role_id, $a_usr_id)
This method is typically called from class RbacAdmin::deassignUser() It checks if there is a role map...
assign($a_role_id, $a_usr_id)
This method is typically called from class RbacAdmin::assignUser() It checks if there is a role mappi...
isHandledUser($a_usr_id)
Check if user is ldap user.
static _getInstance()
Get singleton instance of this class.
__construct()
Singleton contructor.
deleteRole($a_role_id)
Delete role.
deassignFromGroup($a_role_id, $a_usr_id)
Deassign user from group.
static _getRoleSyncServerIds()
Check whether there if there is an active server with option role_sync_active.
static _getExternalAccountsByAuthMode($a_auth_mode, $a_read_auth_default=false)
Get list of external account by authentication method Note: If login == ext_account for two user with...
foreach($_POST as $key=> $value) $res