ILIAS  release_7 Revision v7.30-3-g800a261c036
class.ilLDAPServer.php
Go to the documentation of this file.
1<?php
2
3/* Copyright (c) 1998-2009 ILIAS open source, Extended GPL, see docs/LICENSE */
4
5define('IL_LDAP_BIND_ANONYMOUS', 0);
6define('IL_LDAP_BIND_USER', 1);
7
8define('IL_LDAP_SCOPE_SUB', 0);
9define('IL_LDAP_SCOPE_ONE', 1);
10define('IL_LDAP_SCOPE_BASE', 2);
11
24class ilLDAPServer
25{
26 private static $instances = array();
27
28 const DEBUG = false;
29 const DEFAULT_VERSION = 3;
30 const DEFAULT_NETWORK_TIMEOUT = 5;
31
32 private $role_bind_dn = '';
33 private $role_bind_pass = '';
34 private $role_sync_active = 0;
35
36 private $server_id = null;
37 private $fallback_urls = array();
38
39 private $enabled_authentication = true;
40 private $authentication_mapping = 0;
41 private $escape_dn = false;
42
43 public function __construct($a_server_id = 0)
44 {
45 global $DIC;
46
47 $ilDB = $DIC['ilDB'];
48 $lng = $DIC['lng'];
49
50 $this->db = $ilDB;
51 $this->lng = $lng;
52 $this->server_id = $a_server_id;
53
54 $this->read();
55 }
56
62 public static function getInstanceByServerId($a_server_id)
63 {
64 if (isset(self::$instances[$a_server_id])) {
65 return self::$instances[$a_server_id];
66 }
67 return self::$instances[$a_server_id] = new ilLDAPServer($a_server_id);
68 }
69
74 public function rotateFallbacks()
75 {
76 global $DIC;
77
78 $ilDB = $DIC['ilDB'];
79
80 if (!$this->fallback_urls) {
81 return false;
82 }
83
84 $all_urls = array_merge($this->fallback_urls);
85 $all_urls[] = $this->getUrl();
86
87 $query = 'UPDATE ldap_server_settings SET ' .
88 'url = ' . $ilDB->quote(implode(',', $all_urls), 'text') . ' ' .
89 'WHERE server_id = ' . $ilDB->quote($this->getServerId(), 'integer');
90 $ilDB->manipulate($query);
91 return true;
92 }
93
94
99 public static function checkLDAPLib()
100 {
101 return function_exists('ldap_bind');
102 }
103
109 public static function _getActiveServerList()
110 {
111 global $DIC;
112
113 $ilDB = $DIC['ilDB'];
114
115 $query = "SELECT server_id FROM ldap_server_settings " .
116 "WHERE active = 1 AND authentication = 1 " .
117 "ORDER BY name ";
118 $res = $ilDB->query($query);
119 $server_ids = array();
120 while ($row = $ilDB->fetchObject($res)) {
121 $server_ids[] = $row->server_id;
122 }
123 return $server_ids;
124 }
125
131 public static function _getCronServerIds()
132 {
133 global $DIC;
134
135 $ilDB = $DIC['ilDB'];
136
137 $query = "SELECT server_id FROM ldap_server_settings " .
138 "WHERE active = 1 " .
139 "AND sync_per_cron = 1 " .
140 "ORDER BY name";
141
142 $res = $ilDB->query($query);
143 while ($row = $ilDB->fetchObject($res)) {
144 $server_ids[] = $row->server_id;
145 }
146 return $server_ids ? $server_ids : array();
147 }
148
156 public static function _getRoleSyncServerIds()
157 {
158 global $DIC;
159
160 $ilDB = $DIC['ilDB'];
161
162 $query = "SELECT server_id FROM ldap_server_settings " .
163 "WHERE active = 1 " .
164 "AND role_sync_active = 1 ";
165
166 $res = $ilDB->query($query);
167 $server_ids = array();
168 while ($row = $ilDB->fetchObject($res)) {
169 $server_ids[] = $row->server_id;
170 }
171 return $server_ids;
172 }
173
181 public static function _getPasswordServers()
182 {
183 return ilLDAPServer::_getActiveServerList();
184 }
185
186
192 public static function _getFirstActiveServer()
193 {
194 $servers = ilLDAPServer::_getActiveServerList();
195 if (count($servers)) {
196 return $servers[0];
197 }
198 return 0;
199 }
200
206 public static function _getServerList()
207 {
208 global $DIC;
209
210 $ilDB = $DIC['ilDB'];
211
212 $query = "SELECT server_id FROM ldap_server_settings ORDER BY name";
213
214 $res = $ilDB->query($query);
215 while ($row = $ilDB->fetchObject($res)) {
216 $server_ids[] = $row->server_id;
217 }
218 return $server_ids ? $server_ids : array();
219 }
220
226 public static function getServerIds()
227 {
228 global $DIC;
229
230 $ilDB = $DIC['ilDB'];
231
232 $query = "SELECT server_id FROM ldap_server_settings ORDER BY name";
233
234
235 $res = $ilDB->query($query);
236
237 $server = array();
238 while ($row = $res->fetchRow(ilDBConstants::FETCHMODE_OBJECT)) {
239 $server[] = $row->server_id;
240 }
241 return $server;
242 }
243
249 public static function _getAllServer()
250 {
251 global $DIC;
252
253 $ilDB = $DIC['ilDB'];
254
255 $query = "SELECT * FROM ldap_server_settings ORDER BY name";
256
257 $server = array();
258
259 $res = $ilDB->query($query);
260 while ($row = $ilDB->fetchAssoc($res)) {
261 $server[] = $row;
262 }
263 return $server;
264 }
265
266 /*
267 * Get first server id
268 *
269 * @return integer server_id
270 */
271 public static function _getFirstServer()
272 {
273 $servers = ilLDAPServer::_getServerList();
274
275 if (count($servers)) {
276 return $servers[0];
277 }
278 return 0;
279 }
280
281
282 public static function getAvailableDataSources($a_auth_mode)
283 {
284 global $DIC;
285
286 $ilDB = $DIC['ilDB'];
287
288 $query = "SELECT server_id FROM ldap_server_settings " .
289 "WHERE active = " . $ilDB->quote(1, 'integer') . " " .
290 "AND authentication = " . $ilDB->quote(0, 'integer') . " " .
291 "AND ( authentication_type = " . $ilDB->quote($a_auth_mode, 'integer') . " " .
292 "OR authentication_type = " . $ilDB->quote(0, 'integer') . ")";
293 $res = $ilDB->query($query);
294
295 $server_ids = array();
296 while ($row = $res->fetchRow(ilDBConstants::FETCHMODE_OBJECT)) {
297 $server_ids[] = $row->server_id;
298 }
299 return $server_ids;
300 }
301
308 public static function isDataSourceActive($a_auth_mode)
309 {
310 global $DIC;
311
312 $ilDB = $DIC['ilDB'];
313
314 $query = "SELECT server_id FROM ldap_server_settings " .
315 "WHERE authentication_type = " . $ilDB->quote($a_auth_mode, 'integer') . " " .
316 "AND authentication = " . $ilDB->quote(0, 'integer');
317 $res = $ilDB->query($query);
318 while ($row = $res->fetchRow(ilDBConstants::FETCHMODE_OBJECT)) {
319 return true;
320 }
321 return false;
322 }
323
324 public static function getDataSource($a_auth_mode)
325 {
326 global $DIC;
327
328 $ilDB = $DIC['ilDB'];
329
330 $query = "SELECT server_id FROM ldap_server_settings " .
331 "WHERE authentication_type = " . $ilDB->quote($a_auth_mode, 'integer') . " ";
332 $res = $ilDB->query($query);
333 while ($row = $res->fetchRow(ilDBConstants::FETCHMODE_OBJECT)) {
334 return $row->server_id;
335 }
336 return 0;
337 }
338
342 public static function disableDataSourceForAuthMode($a_authmode)
343 {
344 global $DIC;
345
346 $ilDB = $DIC['ilDB'];
347
348 $query = 'UPDATE ldap_server_settings ' .
349 'SET authentication_type = ' . $ilDB->quote(0, 'integer') . ' ' .
350 'WHERE authentication_type = ' . $ilDB->quote($a_authmode, 'integer');
351 $ilDB->manipulate($query);
352 return true;
353 }
354
355
356
363 public static function toggleDataSource($a_ldap_server_id, $a_auth_mode, $a_status)
364 {
365 global $DIC;
366
367 $ilDB = $DIC['ilDB'];
368
369 self::disableDataSourceForAuthMode($a_auth_mode);
370
371 if ($a_status) {
372 $query = "UPDATE ldap_server_settings " .
373 'SET authentication_type = ' . $ilDB->quote($a_auth_mode, 'integer') . " " .
374 'WHERE server_id = ' . $ilDB->quote($a_ldap_server_id, 'integer');
375 $ilDB->manipulate($query);
376 }
377 return true;
378 }
379
380 // begin-patch ldap_multiple
385 public static function isAuthModeLDAP($a_auth_mode)
386 {
387 if (!$a_auth_mode) {
388 $GLOBALS['DIC']['ilLog']->write(__METHOD__ . ': No auth mode given..............');
389 return false;
390 }
391 $auth_arr = explode('_', $a_auth_mode);
392 return ($auth_arr[0] == AUTH_LDAP) and $auth_arr[1];
393 }
394
400 public static function getServerIdByAuthMode($a_auth_mode)
401 {
402 if (self::isAuthModeLDAP($a_auth_mode)) {
403 $auth_arr = explode('_', $a_auth_mode);
404 return $auth_arr[1];
405 }
406 return null;
407 }
408
413 public static function getAuthModeByKey($a_auth_key)
414 {
415 $auth_arr = explode('_', $a_auth_key);
416 if (count((array) $auth_arr) > 1) {
417 return 'ldap_' . $auth_arr[1];
418 }
419 return 'ldap';
420 }
421
427 public static function getKeyByAuthMode($a_auth_mode)
428 {
429 $auth_arr = explode('_', $a_auth_mode);
430 if (count((array) $auth_arr) > 1) {
431 return AUTH_LDAP . '_' . $auth_arr[1];
432 }
433 return AUTH_LDAP;
434 }
435
436 // end-patch ldap_multiple
437
438 // Set/Get
439 public function getServerId()
440 {
441 return $this->server_id;
442 }
443
448 public function enableAuthentication($a_status)
449 {
450 $this->enabled_authentication = (bool) $a_status;
451 }
452
457 public function isAuthenticationEnabled()
458 {
459 return (bool) $this->enabled_authentication;
460 }
461
466 public function setAuthenticationMapping($a_map)
467 {
468 $this->authentication_mapping = $a_map;
469 }
470
475 public function getAuthenticationMapping()
476 {
477 return $this->authentication_mapping;
478 }
479
485 public function getAuthenticationMappingKey()
486 {
487 if ($this->isAuthenticationEnabled() or !$this->getAuthenticationMapping()) {
488 // begin-patch ldap_multiple
489 return 'ldap_' . $this->getServerId();
490 #return 'ldap';
491 // end-patch ldap_multiple
492 }
493 return ilAuthUtils::_getAuthModeName($this->getAuthenticationMapping());
494 }
495
496 public function toggleActive($a_status)
497 {
498 $this->active = $a_status;
499 }
500 public function isActive()
501 {
502 return $this->active;
503 }
504 public function getUrl()
505 {
506 return $this->url;
507 }
508 public function setUrl($a_url)
509 {
510 $this->url_string = $a_url;
511
512 // Maybe there are more than one url's (comma seperated).
513 $urls = explode(',', $a_url);
514
515 $counter = 0;
516 foreach ($urls as $url) {
517 $url = trim($url);
518 if (!$counter++) {
519 $this->url = $url;
520 } else {
521 $this->fallback_urls[] = $url;
522 }
523 }
524 }
525 public function getUrlString()
526 {
527 return $this->url_string;
528 }
529
537 public function doConnectionCheck()
538 {
539 include_once('Services/LDAP/classes/class.ilLDAPQuery.php');
540
541 foreach (array_merge(array(0 => $this->url), $this->fallback_urls) as $url) {
542 try {
543 ilLoggerFactory::getLogger('auth')->debug('Using url: ' . $url);
544 // Need to do a full bind, since openldap return valid connection links for invalid hosts
545 $query = new ilLDAPQuery($this, $url);
546 $query->bind(IL_LDAP_BIND_TEST);
547 $this->url = $url;
548 return true;
549 } catch (ilLDAPQueryException $exc) {
550 $this->rotateFallbacks();
551 ilLoggerFactory::getLogger('auth')->error('Cannot connect to LDAP server: ' . $url . ' ' . $exc->getCode() . ' ' . $exc->getMessage());
552 }
553 }
554 ilLoggerFactory::getLogger('auth')->warning('No valid LDAP server found');
555 return false;
556 }
557
558
559 public function getName()
560 {
561 return $this->name;
562 }
563 public function setName($a_name)
564 {
565 $this->name = $a_name;
566 }
567 public function getVersion()
568 {
569 return $this->version ? $this->version : self::DEFAULT_VERSION;
570 }
571 public function setVersion($a_version)
572 {
573 $this->version = $a_version;
574 }
575 public function getBaseDN()
576 {
577 return $this->base_dn;
578 }
579 public function setBaseDN($a_base_dn)
580 {
581 $this->base_dn = $a_base_dn;
582 }
583 public function isActiveReferrer()
584 {
585 return $this->referrals ? true : false;
586 }
587 public function toggleReferrer($a_status)
588 {
589 $this->referrals = $a_status;
590 }
591 public function isActiveTLS()
592 {
593 return $this->tls ? true : false;
594 }
595 public function toggleTLS($a_status)
596 {
597 $this->tls = $a_status;
598 }
599 public function getBindingType()
600 {
601 return $this->binding_type;
602 }
603 public function setBindingType($a_type)
604 {
605 if ($a_type == IL_LDAP_BIND_USER) {
606 $this->binding_type = IL_LDAP_BIND_USER;
607 } else {
608 $this->binding_type = IL_LDAP_BIND_ANONYMOUS;
609 }
610 }
611 public function getBindUser()
612 {
613 return $this->bind_user;
614 }
615 public function setBindUser($a_user)
616 {
617 $this->bind_user = $a_user;
618 }
619 public function getBindPassword()
620 {
621 return $this->bind_password;
622 }
623 public function setBindPassword($a_password)
624 {
625 $this->bind_password = $a_password;
626 }
627 public function getSearchBase()
628 {
629 return $this->search_base;
630 }
631 public function setSearchBase($a_search_base)
632 {
633 $this->search_base = $a_search_base;
634 }
635 public function getUserAttribute()
636 {
637 return $this->user_attribute;
638 }
639 public function setUserAttribute($a_user_attr)
640 {
641 $this->user_attribute = $a_user_attr;
642 }
643 public function getFilter()
644 {
645 return $this->prepareFilter($this->filter);
646 }
647 public function setFilter($a_filter)
648 {
649 $this->filter = $a_filter;
650 }
651 public function getGroupDN()
652 {
653 return $this->group_dn;
654 }
655 public function setGroupDN($a_value)
656 {
657 $this->group_dn = $a_value;
658 }
659 public function getGroupFilter()
660 {
661 return $this->prepareFilter($this->group_filter);
662 }
663 public function setGroupFilter($a_value)
664 {
665 $this->group_filter = $a_value;
666 }
667 public function getGroupMember()
668 {
669 return $this->group_member;
670 }
671 public function setGroupMember($a_value)
672 {
673 $this->group_member = $a_value;
674 }
675 public function getGroupName()
676 {
677 return $this->group_name;
678 }
679 public function setGroupName($a_value)
680 {
681 $this->group_name = $a_value;
682 }
683
688 public function getGroupNames()
689 {
690 $names = explode(',', $this->getGroupName());
691
692 if (!is_array($names)) {
693 return array();
694 }
695
696 return array_filter(array_map('trim', $names));
697 }
698
699
700 public function getGroupAttribute()
701 {
702 return $this->group_attribute;
703 }
704 public function setGroupAttribute($a_value)
705 {
706 $this->group_attribute = $a_value;
707 }
708
709 public function toggleMembershipOptional($a_status)
710 {
711 $this->group_optional = (bool) $a_status;
712 }
713 public function isMembershipOptional()
714 {
715 return (bool) $this->group_optional;
716 }
717 public function setGroupUserFilter($a_filter)
718 {
719 $this->group_user_filter = $a_filter;
720 }
721 public function getGroupUserFilter()
722 {
723 return $this->group_user_filter;
724 }
725
726 public function enabledGroupMemberIsDN()
727 {
728 return (bool) $this->memberisdn;
729 }
730 public function enableGroupMemberIsDN($a_value)
731 {
732 $this->memberisdn = (bool) $a_value;
733 }
734 public function setGroupScope($a_value)
735 {
736 $this->group_scope = $a_value;
737 }
738 public function getGroupScope()
739 {
740 return $this->group_scope;
741 }
742 public function setUserScope($a_value)
743 {
744 $this->user_scope = $a_value;
745 }
746 public function getUserScope()
747 {
748 return $this->user_scope;
749 }
750 public function enabledSyncOnLogin()
751 {
752 return $this->sync_on_login;
753 }
754 public function enableSyncOnLogin($a_value)
755 {
756 $this->sync_on_login = (int) $a_value;
757 }
758 public function enabledSyncPerCron()
759 {
760 return $this->sync_per_cron;
761 }
762 public function enableSyncPerCron($a_value)
763 {
764 $this->sync_per_cron = (int) $a_value;
765 }
766 public function setGlobalRole($a_role)
767 {
768 $this->global_role = $a_role;
769 }
770 public function getRoleBindDN()
771 {
772 return $this->role_bind_dn;
773 }
774 public function setRoleBindDN($a_value)
775 {
776 $this->role_bind_dn = $a_value;
777 }
778 public function getRoleBindPassword()
779 {
780 return $this->role_bind_pass;
781 }
782 public function setRoleBindPassword($a_value)
783 {
784 $this->role_bind_pass = $a_value;
785 }
786 public function enabledRoleSynchronization()
787 {
788 return $this->role_sync_active;
789 }
790 public function enableRoleSynchronization($a_value)
791 {
792 $this->role_sync_active = $a_value;
793 }
794 // start Patch Name Filter
795 public function getUsernameFilter()
796 {
797 return $this->username_filter;
798 }
799 public function setUsernameFilter($a_value)
800 {
801 $this->username_filter = $a_value;
802 }
803
804 public function enableEscapeDN(bool $a_value)
805 {
806 $this->escape_dn = $a_value;
807 }
808
809 public function enabledEscapeDN() : bool
810 {
811 return $this->escape_dn;
812 }
813
821 public function enableAccountMigration($a_status)
822 {
823 $this->account_migration = $a_status;
824 }
825
832 public function isAccountMigrationEnabled()
833 {
834 return $this->account_migration ? true : false;
835 }
836
837
843 public function validate()
844 {
845 global $DIC;
846
847 $ilErr = $DIC['ilErr'];
848
849 $ilErr->setMessage('');
850 if (!strlen($this->getName()) ||
851 !strlen($this->getUrl()) ||
852 !strlen($this->getBaseDN()) ||
853 !strlen($this->getUserAttribute())) {
854 $ilErr->setMessage($this->lng->txt('fill_out_all_required_fields'));
855 }
856
857 if ($this->getBindingType() == IL_LDAP_BIND_USER
858 && (!strlen($this->getBindUser()) || !strlen($this->getBindPassword()))) {
859 $ilErr->appendMessage($this->lng->txt('ldap_missing_bind_user'));
860 }
861
862 if (($this->enabledSyncPerCron() or $this->enabledSyncOnLogin()) and !$this->global_role) {
863 $ilErr->appendMessage($this->lng->txt('ldap_missing_role_assignment'));
864 }
865 if ($this->getVersion() == 2 and $this->isActiveTLS()) {
866 $ilErr->appendMessage($this->lng->txt('ldap_tls_conflict'));
867 }
868
869 return strlen($ilErr->getMessage()) ? false : true;
870 }
871
872 public function create()
873 {
874 global $DIC;
875
876 $ilDB = $DIC['ilDB'];
877 $next_id = $ilDB->nextId('ldap_server_settings');
878
879 $query = 'INSERT INTO ldap_server_settings (server_id,active,name,url,version,base_dn,referrals,tls,bind_type,bind_user,bind_pass,' .
880 'search_base,user_scope,user_attribute,filter,group_dn,group_scope,group_filter,group_member,group_memberisdn,group_name,' .
881 'group_attribute,group_optional,group_user_filter,sync_on_login,sync_per_cron,role_sync_active,role_bind_dn,role_bind_pass,migration, ' .
882 'authentication,authentication_type,username_filter, escape_dn) ' .
883 'VALUES (%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s)';
884 $res = $ilDB->queryF(
885 $query,
886 array(
887 'integer','integer','text','text','integer','text','integer','integer','integer','text','text','text','integer',
888 'text','text','text','integer','text','text','integer','text','text','integer','text','integer','integer','integer',
889 'text','text', 'integer','integer','integer',"text", 'integer'),
890 array(
891 $next_id,
892 $this->isActive(),
893 $this->getName(),
894 $this->getUrlString(),
895 $this->getVersion(),
896 $this->getBaseDN(),
897 $this->isActiveReferrer(),
898 $this->isActiveTLS(),
899 $this->getBindingType(),
900 $this->getBindUser(),
901 $this->getBindPassword(),
902 $this->getSearchBase(),
903 $this->getUserScope(),
904 $this->getUserAttribute(),
905 $this->getFilter(),
906 $this->getGroupDN(),
907 $this->getGroupScope(),
908 $this->getGroupFilter(),
909 $this->getGroupMember(),
910 $this->enabledGroupMemberIsDN(),
911 $this->getGroupName(),
912 $this->getGroupAttribute(),
913 $this->isMembershipOptional(),
914 $this->getGroupUserFilter(),
915 $this->enabledSyncOnLogin(),
916 $this->enabledSyncPerCron(),
917 $this->enabledRoleSynchronization(),
918 $this->getRoleBindDN(),
919 $this->getRoleBindPassword(),
920 $this->isAccountMigrationEnabled(),
921 $this->isAuthenticationEnabled(),
922 $this->getAuthenticationMapping(),
923 $this->getUsernameFilter(),
924 (int) $this->enabledEscapeDN()
925 )
926 );
927 // end Patch Name Filter
928 $this->server_id = $next_id;
929 return $next_id;
930 }
931
932 public function update()
933 {
934 global $DIC;
935
936 $ilDB = $DIC['ilDB'];
937
938 $query = "UPDATE ldap_server_settings SET " .
939 "active = " . $this->db->quote($this->isActive(), 'integer') . ", " .
940 "name = " . $this->db->quote($this->getName(), 'text') . ", " .
941 "url = " . $this->db->quote($this->getUrlString(), 'text') . ", " .
942 "version = " . $this->db->quote($this->getVersion(), 'integer') . ", " .
943 "base_dn = " . $this->db->quote($this->getBaseDN(), 'text') . ", " .
944 "referrals = " . $this->db->quote($this->isActiveReferrer(), 'integer') . ", " .
945 "tls = " . $this->db->quote($this->isActiveTLS(), 'integer') . ", " .
946 "bind_type = " . $this->db->quote($this->getBindingType(), 'integer') . ", " .
947 "bind_user = " . $this->db->quote($this->getBindUser(), 'text') . ", " .
948 "bind_pass = " . $this->db->quote($this->getBindPassword(), 'text') . ", " .
949 "search_base = " . $this->db->quote($this->getSearchBase(), 'text') . ", " .
950 "user_scope = " . $this->db->quote($this->getUserScope(), 'integer') . ", " .
951 "user_attribute = " . $this->db->quote($this->getUserAttribute(), 'text') . ", " .
952 "filter = " . $this->db->quote($this->getFilter(), 'text') . ", " .
953 "group_dn = " . $this->db->quote($this->getGroupDN(), 'text') . ", " .
954 "group_scope = " . $this->db->quote($this->getGroupScope(), 'integer') . ", " .
955 "group_filter = " . $this->db->quote($this->getGroupFilter(), 'text') . ", " .
956 "group_member = " . $this->db->quote($this->getGroupMember(), 'text') . ", " .
957 "group_memberisdn =" . $this->db->quote((int) $this->enabledGroupMemberIsDN(), 'integer') . ", " .
958 "group_name = " . $this->db->quote($this->getGroupName(), 'text') . ", " .
959 "group_attribute = " . $this->db->quote($this->getGroupAttribute(), 'text') . ", " .
960 "group_optional = " . $this->db->quote((int) $this->isMembershipOptional(), 'integer') . ", " .
961 "group_user_filter = " . $this->db->quote($this->getGroupUserFilter(), 'text') . ", " .
962 "sync_on_login = " . $this->db->quote(($this->enabledSyncOnLogin() ? 1 : 0), 'integer') . ", " .
963 "sync_per_cron = " . $this->db->quote(($this->enabledSyncPerCron() ? 1 : 0), 'integer') . ", " .
964 "role_sync_active = " . $this->db->quote($this->enabledRoleSynchronization(), 'integer') . ", " .
965 "role_bind_dn = " . $this->db->quote($this->getRoleBindDN(), 'text') . ", " .
966 "role_bind_pass = " . $this->db->quote($this->getRoleBindPassword(), 'text') . ", " .
967 "migration = " . $this->db->quote((int) $this->isAccountMigrationEnabled(), 'integer') . ", " .
968 'authentication = ' . $this->db->quote((int) $this->isAuthenticationEnabled(), 'integer') . ', ' .
969 'authentication_type = ' . $this->db->quote((int) $this->getAuthenticationMapping(), 'integer') . ' ' .
970 ", username_filter = " . $this->db->quote($this->getUsernameFilter(), "text") . " " .
971 ", escape_dn = " . $this->db->quote($this->enabledEscapeDN() ? 1 : 0, 'integer') . " " .
972 "WHERE server_id = " . $this->db->quote($this->getServerId(), 'integer');
973
974 $res = $ilDB->manipulate($query);
975 return true;
976 }
977
981 public function delete()
982 {
983 if (!$this->getServerId()) {
984 return false;
985 }
986
987 include_once 'Services/LDAP/classes/class.ilLDAPAttributeMapping.php';
988 ilLDAPAttributeMapping::_delete($this->getServerId());
989
990 include_once 'Services/LDAP/classes/class.ilLDAPRoleAssignmentRule.php';
991 $rules = ilLDAPRoleAssignmentRule::_getRules($this->getServerId());
992
993 foreach ($rules as $ruleAssigment) {
994 $ruleAssigment->delete();
995 }
996
997 include_once 'Services/LDAP/classes/class.ilLDAPRoleGroupMappingSettings.php';
998 ilLDAPRoleGroupMappingSettings::_deleteByServerId($this->getServerId());
999
1000 $query = "DELETE FROM ldap_server_settings " .
1001 "WHERE server_id = " . $this->db->quote($this->getServerId(), 'integer');
1002 $res = $this->db->manipulate($query);
1003 }
1004
1010 public function toPearAuthArray()
1011 {
1012 $options = array(
1013 'url' => $this->getUrl(),
1014 'version' => (int) $this->getVersion(),
1015 'referrals' => (bool) $this->isActiveReferrer());
1016
1017 if ($this->getBindingType() == IL_LDAP_BIND_USER) {
1018 $options['binddn'] = $this->getBindUser();
1019 $options['bindpw'] = $this->getBindPassword();
1020 }
1021 $options['basedn'] = $this->getBaseDN();
1022 $options['start_tls'] = (bool) $this->isActiveTLS();
1023 $options['userdn'] = $this->getSearchBase();
1024 switch ($this->getUserScope()) {
1025 case IL_LDAP_SCOPE_ONE:
1026 $options['userscope'] = 'one';
1027 break;
1028 default:
1029 $options['userscope'] = 'sub';
1030 break;
1031 }
1032
1033 $options['userattr'] = $this->getUserAttribute();
1034 $options['userfilter'] = $this->getFilter();
1035 $options['attributes'] = $this->getPearAtributeArray();
1036 $options['debug'] = self::DEBUG;
1037
1038 if (@include_once('Log.php')) {
1039 if (@include_once('Log/observer.php')) {
1040 $options['enableLogging'] = true;
1041 }
1042 }
1043 switch ($this->getGroupScope()) {
1044 case IL_LDAP_SCOPE_BASE:
1045 $options['groupscope'] = 'base';
1046 break;
1047 case IL_LDAP_SCOPE_ONE:
1048 $options['groupscope'] = 'one';
1049 break;
1050 default:
1051 $options['groupscope'] = 'sub';
1052 break;
1053 }
1054 $options['escape_dn'] = $this->enabledEscapeDN();
1055 $options['groupdn'] = $this->getGroupDN();
1056 $options['groupattr'] = $this->getGroupAttribute();
1057 $options['groupfilter'] = $this->getGroupFilter();
1058 $options['memberattr'] = $this->getGroupMember();
1059 $options['memberisdn'] = $this->enabledGroupMemberIsDN();
1060 $options['group'] = $this->getGroupName();
1061
1062
1063 return $options;
1064 }
1065
1073 private function prepareFilter($a_filter)
1074 {
1075 $filter = trim($a_filter);
1076
1077 if (!strlen($filter)) {
1078 return $filter;
1079 }
1080
1081 if (strpos($filter, '(') !== 0) {
1082 $filter = ('(' . $filter);
1083 }
1084 if (substr($filter, -1) != ')') {
1085 $filter = ($filter . ')');
1086 }
1087 return $filter;
1088 }
1089
1097 private function getPearAtributeArray()
1098 {
1099 if ($this->enabledSyncOnLogin()) {
1100 include_once('Services/LDAP/classes/class.ilLDAPAttributeMapping.php');
1101 include_once('Services/LDAP/classes/class.ilLDAPRoleAssignmentRules.php');
1102 $mapping = ilLDAPAttributeMapping::_getInstanceByServerId($this->getServerId());
1103 return array_merge(
1104 array($this->getUserAttribute()),
1105 $mapping->getFields(),
1106 array('dn'),
1107 ilLDAPRoleAssignmentRules::getAttributeNames($this->getServerId())
1108 );
1109 } else {
1110 return array($this->getUserAttribute());
1111 }
1112 }
1113
1114
1115
1120 private function read()
1121 {
1122 if (!$this->server_id) {
1123 return true;
1124 }
1125 $query = "SELECT * FROM ldap_server_settings WHERE server_id = " . $this->db->quote($this->server_id) . "";
1126
1127 $res = $this->db->query($query);
1128 while ($row = $res->fetchRow(ilDBConstants::FETCHMODE_OBJECT)) {
1129 $this->toggleActive($row->active);
1130 $this->setName($row->name);
1131 $this->setUrl($row->url);
1132 $this->setVersion($row->version);
1133 $this->setBaseDN($row->base_dn);
1134 $this->toggleReferrer($row->referrals);
1135 $this->toggleTLS($row->tls);
1136 $this->setBindingType($row->bind_type);
1137 $this->setBindUser($row->bind_user);
1138 $this->setBindPassword($row->bind_pass);
1139 $this->setSearchBase($row->search_base);
1140 $this->setUserScope($row->user_scope);
1141 $this->setUserAttribute($row->user_attribute);
1142 $this->setFilter($row->filter);
1143 $this->setGroupDN($row->group_dn);
1144 $this->setGroupScope($row->group_scope);
1145 $this->setGroupFilter($row->group_filter);
1146 $this->setGroupMember($row->group_member);
1147 $this->setGroupAttribute($row->group_attribute);
1148 $this->toggleMembershipOptional($row->group_optional);
1149 $this->setGroupUserFilter($row->group_user_filter);
1150 $this->enableGroupMemberIsDN($row->group_memberisdn);
1151 $this->setGroupName($row->group_name);
1152 $this->enableSyncOnLogin($row->sync_on_login);
1153 $this->enableSyncPerCron($row->sync_per_cron);
1154 $this->enableRoleSynchronization($row->role_sync_active);
1155 $this->setRoleBindDN($row->role_bind_dn);
1156 $this->setRoleBindPassword($row->role_bind_pass);
1157 $this->enableAccountMigration($row->migration);
1158 $this->enableAuthentication($row->authentication);
1159 $this->setAuthenticationMapping($row->authentication_type);
1160 $this->setUsernameFilter($row->username_filter);
1161 $this->enableEscapeDN($row->escape_dn);
1162 }
1163 }
1164}
$GLOBALS
if(!defined('PATH_SEPARATOR')) $GLOBALS['_PEAR_default_error_mode']
Definition: PEAR.php:64
php
An exception for terminatinating execution or to throw for unit testing.
AUTH_LDAP
const AUTH_LDAP
Definition: class.ilAuthUtils.php:8
true
return true
Flag indicating whether or not HTTP headers will be sent when outputting captcha image/audio.
Definition: class.ilIniFile.php:168
IL_LDAP_BIND_TEST
const IL_LDAP_BIND_TEST
Definition: class.ilLDAPQuery.php:26
IL_LDAP_BIND_USER
const IL_LDAP_BIND_USER
Definition: class.ilLDAPServer.php:6
IL_LDAP_SCOPE_BASE
const IL_LDAP_SCOPE_BASE
Definition: class.ilLDAPServer.php:10
IL_LDAP_BIND_ANONYMOUS
const IL_LDAP_BIND_ANONYMOUS
Definition: class.ilLDAPServer.php:5
IL_LDAP_SCOPE_ONE
const IL_LDAP_SCOPE_ONE
Definition: class.ilLDAPServer.php:9
ilAuthUtils\_getAuthModeName
static _getAuthModeName($a_auth_key)
Definition: class.ilAuthUtils.php:196
ilLDAPAttributeMapping\_delete
static _delete($a_server_id)
Delete mapping rules by server id.
Definition: class.ilLDAPAttributeMapping.php:84
ilLDAPAttributeMapping\_getInstanceByServerId
static _getInstanceByServerId($a_server_id)
Get instance of class.
Definition: class.ilLDAPAttributeMapping.php:68
ilLDAPRoleAssignmentRule\_getRules
static _getRules($a_server_id)
Get all rules.
Definition: class.ilLDAPRoleAssignmentRule.php:182
ilLDAPRoleAssignmentRules\getAttributeNames
static getAttributeNames($a_server_id)
get all possible attribute names
Definition: class.ilLDAPRoleAssignmentRules.php:83
ilLDAPServer\getServerIdByAuthMode
static getServerIdByAuthMode($a_auth_mode)
Get auth id by auth mode.
Definition: class.ilLDAPServer.php:400
ilLDAPServer\setGroupScope
setGroupScope($a_value)
Definition: class.ilLDAPServer.php:734
ilLDAPServer\_getServerList
static _getServerList()
Get list of all configured servers.
Definition: class.ilLDAPServer.php:206
ilLDAPServer\isAuthenticationEnabled
isAuthenticationEnabled()
Check if authentication is enabled.
Definition: class.ilLDAPServer.php:457
ilLDAPServer\enableEscapeDN
enableEscapeDN(bool $a_value)
Definition: class.ilLDAPServer.php:804
ilLDAPServer\setGroupName
setGroupName($a_value)
Definition: class.ilLDAPServer.php:679
ilLDAPServer\getDataSource
static getDataSource($a_auth_mode)
Definition: class.ilLDAPServer.php:324
ilLDAPServer\read
read()
Read server settings.
Definition: class.ilLDAPServer.php:1120
ilLDAPServer\setGroupAttribute
setGroupAttribute($a_value)
Definition: class.ilLDAPServer.php:704
ilLDAPServer\setAuthenticationMapping
setAuthenticationMapping($a_map)
Set mapped authentication mapping.
Definition: class.ilLDAPServer.php:466
ilLDAPServer\_getCronServerIds
static _getCronServerIds()
Get list of acticve servers with option 'SyncCron'.
Definition: class.ilLDAPServer.php:131
ilLDAPServer\disableDataSourceForAuthMode
static disableDataSourceForAuthMode($a_authmode)
Disable data source.
Definition: class.ilLDAPServer.php:342
ilLDAPServer\checkLDAPLib
static checkLDAPLib()
Check if ldap module is installed.
Definition: class.ilLDAPServer.php:99
ilLDAPServer\setSearchBase
setSearchBase($a_search_base)
Definition: class.ilLDAPServer.php:631
ilLDAPServer\getInstanceByServerId
static getInstanceByServerId($a_server_id)
Get instance by server id.
Definition: class.ilLDAPServer.php:62
ilLDAPServer\enableSyncOnLogin
enableSyncOnLogin($a_value)
Definition: class.ilLDAPServer.php:754
ilLDAPServer\getAuthenticationMapping
getAuthenticationMapping()
Get authentication mode that is mapped.
Definition: class.ilLDAPServer.php:475
ilLDAPServer\doConnectionCheck
doConnectionCheck()
Check ldap connection and do a fallback to the next server if no connection is possible.
Definition: class.ilLDAPServer.php:537
ilLDAPServer\_getActiveServerList
static _getActiveServerList()
Get active server list.
Definition: class.ilLDAPServer.php:109
ilLDAPServer\_getPasswordServers
static _getPasswordServers()
Checks whether password synchronistation is enabled for an user.
Definition: class.ilLDAPServer.php:181
ilLDAPServer\getAuthModeByKey
static getAuthModeByKey($a_auth_key)
get auth mode by key
Definition: class.ilLDAPServer.php:413
ilLDAPServer\toggleTLS
toggleTLS($a_status)
Definition: class.ilLDAPServer.php:595
ilLDAPServer\setRoleBindDN
setRoleBindDN($a_value)
Definition: class.ilLDAPServer.php:774
ilLDAPServer\enableGroupMemberIsDN
enableGroupMemberIsDN($a_value)
Definition: class.ilLDAPServer.php:730
ilLDAPServer\setUsernameFilter
setUsernameFilter($a_value)
Definition: class.ilLDAPServer.php:799
ilLDAPServer\toPearAuthArray
toPearAuthArray()
Creates an array of options compatible to PEAR Auth.
Definition: class.ilLDAPServer.php:1010
ilLDAPServer\validate
validate()
Validate user input.
Definition: class.ilLDAPServer.php:843
ilLDAPServer\_getAllServer
static _getAllServer()
Get list of all configured servers.
Definition: class.ilLDAPServer.php:249
ilLDAPServer\enableSyncPerCron
enableSyncPerCron($a_value)
Definition: class.ilLDAPServer.php:762
ilLDAPServer\toggleReferrer
toggleReferrer($a_status)
Definition: class.ilLDAPServer.php:587
ilLDAPServer\setUserScope
setUserScope($a_value)
Definition: class.ilLDAPServer.php:742
ilLDAPServer\setGroupUserFilter
setGroupUserFilter($a_filter)
Definition: class.ilLDAPServer.php:717
ilLDAPServer\enableRoleSynchronization
enableRoleSynchronization($a_value)
Definition: class.ilLDAPServer.php:790
ilLDAPServer\DEFAULT_NETWORK_TIMEOUT
const DEFAULT_NETWORK_TIMEOUT
Definition: class.ilLDAPServer.php:30
ilLDAPServer\isAuthModeLDAP
static isAuthModeLDAP($a_auth_mode)
Check if user auth mode is LDAP.
Definition: class.ilLDAPServer.php:385
ilLDAPServer\isDataSourceActive
static isDataSourceActive($a_auth_mode)
Check if a data source is active for a specific auth mode @global ilDB $ilDB.
Definition: class.ilLDAPServer.php:308
ilLDAPServer\getAuthenticationMappingKey
getAuthenticationMappingKey()
Get authentication mapping key Default is ldap.
Definition: class.ilLDAPServer.php:485
ilLDAPServer\setFilter
setFilter($a_filter)
Definition: class.ilLDAPServer.php:647
ilLDAPServer\getGroupNames
getGroupNames()
Get group names as array.
Definition: class.ilLDAPServer.php:688
ilLDAPServer\toggleMembershipOptional
toggleMembershipOptional($a_status)
Definition: class.ilLDAPServer.php:709
ilLDAPServer\__construct
__construct($a_server_id=0)
Definition: class.ilLDAPServer.php:43
ilLDAPServer\setRoleBindPassword
setRoleBindPassword($a_value)
Definition: class.ilLDAPServer.php:782
ilLDAPServer\getPearAtributeArray
getPearAtributeArray()
Get attribute array for pear auth data.
Definition: class.ilLDAPServer.php:1097
ilLDAPServer\isAccountMigrationEnabled
isAccountMigrationEnabled()
enabled account migration
Definition: class.ilLDAPServer.php:832
ilLDAPServer\rotateFallbacks
rotateFallbacks()
Rotate fallback urls in case of connect timeouts.
Definition: class.ilLDAPServer.php:74
ilLDAPServer\setBindPassword
setBindPassword($a_password)
Definition: class.ilLDAPServer.php:623
ilLDAPServer\toggleDataSource
static toggleDataSource($a_ldap_server_id, $a_auth_mode, $a_status)
Toggle Data Source.
Definition: class.ilLDAPServer.php:363
ilLDAPServer\toggleActive
toggleActive($a_status)
Definition: class.ilLDAPServer.php:496
ilLDAPServer\setGroupMember
setGroupMember($a_value)
Definition: class.ilLDAPServer.php:671
ilLDAPServer\setVersion
setVersion($a_version)
Definition: class.ilLDAPServer.php:571
ilLDAPServer\_getFirstServer
static _getFirstServer()
Definition: class.ilLDAPServer.php:271
ilLDAPServer\setGroupFilter
setGroupFilter($a_value)
Definition: class.ilLDAPServer.php:663
ilLDAPServer\setBaseDN
setBaseDN($a_base_dn)
Definition: class.ilLDAPServer.php:579
ilLDAPServer\setUserAttribute
setUserAttribute($a_user_attr)
Definition: class.ilLDAPServer.php:639
ilLDAPServer\_getRoleSyncServerIds
static _getRoleSyncServerIds()
Check whether there if there is an active server with option role_sync_active.
Definition: class.ilLDAPServer.php:156
ilLDAPServer\enableAccountMigration
enableAccountMigration($a_status)
Enable account migration.
Definition: class.ilLDAPServer.php:821
ilLDAPServer\enableAuthentication
enableAuthentication($a_status)
Enable authentication for this ldap server.
Definition: class.ilLDAPServer.php:448
ilLDAPServer\getAvailableDataSources
static getAvailableDataSources($a_auth_mode)
Definition: class.ilLDAPServer.php:282
ilLDAPServer\_getFirstActiveServer
static _getFirstActiveServer()
Get first active server.
Definition: class.ilLDAPServer.php:192
ilLDAPServer\getKeyByAuthMode
static getKeyByAuthMode($a_auth_mode)
Get auth id by auth mode.
Definition: class.ilLDAPServer.php:427
ilLDAPServer\getServerIds
static getServerIds()
Get all server ids @global ilDB $ilDB.
Definition: class.ilLDAPServer.php:226
ilLDAPServer\prepareFilter
prepareFilter($a_filter)
Create brackets for filters if they do not exist.
Definition: class.ilLDAPServer.php:1073
ilLoggerFactory\getLogger
static getLogger($a_component_id)
Get component logger.
Definition: class.ilLoggerFactory.php:74
$server
$server
Definition: dummy_client.php:12
filter
filter()
Definition: filter.php:2
$DIC
global $DIC
Definition: goto.php:24
$name
if($format !==null) $name
Definition: metadata.php:230
$query
$query
Definition: proxy_ylocal.php:13
$url
$url
Definition: proxy_ylocal.php:28
$ilErr
$ilErr
Definition: raiseError.php:18
$lng
$lng
Definition: save_question_post_data.php:23
$res
foreach($_POST as $key=> $value) $res
Definition: save_question_post_data.php:15
$ilDB
global $ilDB
Definition: storeScorm2004.php:19