ILIAS  release_8 Revision v8.24
class.ilLDAPServer.php
Go to the documentation of this file.
1<?php
2
19declare(strict_types=1);
20
24class ilLDAPServer
25{
26 private static array $instances = [];
27
28 public const LDAP_BIND_ANONYMOUS = 0;
29 public const LDAP_BIND_USER = 1;
30
31 public const LDAP_SCOPE_SUB = 0;
32 public const LDAP_SCOPE_ONE = 1;
33 public const LDAP_SCOPE_BASE = 2;
34
35 private const DEBUG = false;
36 private const DEFAULT_VERSION = 3;
37 public const DEFAULT_NETWORK_TIMEOUT = 5;
38
39 private string $role_bind_dn = '';
40 private string $role_bind_pass = '';
41 private bool $role_sync_active = false;
42
43 private int $server_id;
44 private array $fallback_urls = array();
45 private string $url = '';
46 private string $url_string = '';
47
48 private bool $enabled_authentication = true;
49 private int $authentication_mapping = 0;
50 private bool $escape_dn = false;
51
52 private bool $active = false;
53
54 private string $name = '';
55 private int $version = self::DEFAULT_VERSION;
56 private string $base_dn = '';
57 private bool $referrals = false;
58 private bool $tls = false;
59 private int $binding_type = self::LDAP_BIND_ANONYMOUS;
60 private string $bind_user = '';
61 private string $bind_password = '';
62 private string $search_base = '';
63 private string $user_attribute = '';
64 private int $user_scope = self::LDAP_SCOPE_ONE;
65 private string $group_filter = '';
66 private string $filter = '';
67 private string $group_dn = '';
68 private string $group_member = '';
69 private int $group_scope = self::LDAP_SCOPE_ONE;
70 private string $group_name = '';
71 private bool $memberisdn = false;
72 private string $group_attribute = '';
73 private bool $group_optional = true;
74 private string $group_user_filter = '';
75 private bool $sync_on_login = false;
76 private bool $sync_per_cron = false;
77 private bool $account_migration = false;
78 private string $username_filter = '';
79 private int $global_role = 0;
80
81 private ilDBInterface $db;
82 private ilLanguage $lng;
83 private ilErrorHandling $ilErr;
84
85 public function __construct(int $a_server_id = 0)
86 {
87 global $DIC;
88
89 $this->db = $DIC->database();
90 $this->lng = $DIC->language();
91 $this->ilErr = $DIC['ilErr'];
92
93 $this->server_id = $a_server_id;
94
95 $this->read();
96 }
97
101 public static function getInstanceByServerId(int $a_server_id): ilLDAPServer
102 {
103 return self::$instances[$a_server_id] ?? (self::$instances[$a_server_id] = new ilLDAPServer($a_server_id));
104 }
105
109 public function rotateFallbacks(): bool
110 {
111 if (!$this->fallback_urls) {
112 return false;
113 }
114
115 $all_urls = array_merge($this->fallback_urls);
116 $all_urls[] = $this->getUrl();
117
118 $query = 'UPDATE ldap_server_settings SET ' .
119 'url = ' . $this->db->quote(implode(',', $all_urls), 'text') . ' ' .
120 'WHERE server_id = ' . $this->db->quote($this->getServerId(), 'integer');
121 $this->db->manipulate($query);
122 return true;
123 }
124
125
129 public static function checkLDAPLib(): bool
130 {
131 return function_exists('ldap_bind');
132 }
133
139 public static function _getActiveServerList(): array
140 {
141 global $DIC;
142
143 $ilDB = $DIC['ilDB'];
144
145 $query = "SELECT server_id FROM ldap_server_settings " .
146 "WHERE active = 1 AND authentication = 1 " .
147 "ORDER BY name ";
148 $res = $ilDB->query($query);
149
150 $server_ids = [];
151
152 while ($row = $ilDB->fetchObject($res)) {
153 $server_ids[] = (int) $row->server_id;
154 }
155 return $server_ids;
156 }
157
163 public static function _getCronServerIds(): array
164 {
165 global $DIC;
166
167 $ilDB = $DIC['ilDB'];
168
169 $query = "SELECT server_id FROM ldap_server_settings " .
170 "WHERE active = 1 " .
171 "AND sync_per_cron = 1 " .
172 "ORDER BY name";
173
174 $res = $ilDB->query($query);
175
176 $server_ids = [];
177
178 while ($row = $ilDB->fetchObject($res)) {
179 $server_ids[] = (int) $row->server_id;
180 }
181 return $server_ids;
182 }
183
188 public static function _getRoleSyncServerIds(): array
189 {
190 global $DIC;
191
192 $ilDB = $DIC['ilDB'];
193
194 $query = "SELECT server_id FROM ldap_server_settings " .
195 "WHERE active = 1 " .
196 "AND role_sync_active = 1 ";
197
198 $res = $ilDB->query($query);
199
200 $server_ids = [];
201
202 while ($row = $ilDB->fetchObject($res)) {
203 $server_ids[] = (int) $row->server_id;
204 }
205 return $server_ids;
206 }
207
213 public static function _getFirstActiveServer(): int
214 {
215 $servers = self::_getActiveServerList();
216 if (count($servers)) {
217 return $servers[0];
218 }
219 return 0;
220 }
221
227 public static function _getServerList(): array
228 {
229 global $DIC;
230
231 $ilDB = $DIC['ilDB'];
232
233 $query = "SELECT server_id FROM ldap_server_settings ORDER BY name";
234 $res = $ilDB->query($query);
235
236 $server_ids = [];
237
238 while ($row = $ilDB->fetchObject($res)) {
239 $server_ids[] = $row->server_id;
240 }
241 return $server_ids;
242 }
243
248 public static function getServerIds(): array
249 {
250 global $DIC;
251
252 $ilDB = $DIC['ilDB'];
253
254 $query = "SELECT server_id FROM ldap_server_settings ORDER BY name";
255
256 $res = $ilDB->query($query);
257
258 $server = [];
259 while ($row = $res->fetchRow(ilDBConstants::FETCHMODE_OBJECT)) {
260 $server[] = (int) $row->server_id;
261 }
262 return $server;
263 }
264
270 public static function _getAllServer(): array
271 {
272 global $DIC;
273
274 $ilDB = $DIC['ilDB'];
275
276 $query = "SELECT * FROM ldap_server_settings ORDER BY name";
277
278 $server = [];
279
280 $res = $ilDB->query($query);
281 while ($row = $ilDB->fetchAssoc($res)) {
282 $server[] = $row;
283 }
284 return $server;
285 }
286
287 public static function getAvailableDataSources(int $a_auth_mode): array
288 {
289 global $DIC;
290
291 $ilDB = $DIC['ilDB'];
292
293 $query = "SELECT server_id FROM ldap_server_settings " .
294 "WHERE active = " . $ilDB->quote(1, 'integer') . " " .
295 "AND authentication = " . $ilDB->quote(0, 'integer') . " " .
296 "AND ( authentication_type = " . $ilDB->quote($a_auth_mode, 'integer') . " " .
297 "OR authentication_type = " . $ilDB->quote(0, 'integer') . ")";
298 $res = $ilDB->query($query);
299
300 $server_ids = array();
301 while ($row = $res->fetchRow(ilDBConstants::FETCHMODE_OBJECT)) {
302 $server_ids[] = $row->server_id;
303 }
304 return $server_ids;
305 }
306
310 public static function isDataSourceActive(int $a_auth_mode): bool
311 {
312 global $DIC;
313
314 $ilDB = $DIC['ilDB'];
315
316 $query = "SELECT server_id FROM ldap_server_settings " .
317 "WHERE authentication_type = " . $ilDB->quote($a_auth_mode, 'integer') . " " .
318 "AND authentication = " . $ilDB->quote(0, 'integer');
319 $res = $ilDB->query($query);
320 if ($res->fetchRow(ilDBConstants::FETCHMODE_OBJECT)) {
321 return true;
322 }
323 return false;
324 }
325
326 public static function getDataSource(int $a_auth_mode): int
327 {
328 global $DIC;
329
330 $ilDB = $DIC['ilDB'];
331
332 $query = "SELECT server_id FROM ldap_server_settings " .
333 "WHERE authentication_type = " . $ilDB->quote($a_auth_mode, 'integer') . " ";
334 $res = $ilDB->query($query);
335 if ($row = $res->fetchRow(ilDBConstants::FETCHMODE_OBJECT)) {
336 return $row->server_id;
337 }
338 return 0;
339 }
340
344 public static function disableDataSourceForAuthMode(int $a_authmode): bool
345 {
346 global $DIC;
347
348 $ilDB = $DIC['ilDB'];
349
350 $query = 'UPDATE ldap_server_settings ' .
351 'SET authentication_type = ' . $ilDB->quote(0, 'integer') . ' ' .
352 'WHERE authentication_type = ' . $ilDB->quote($a_authmode, 'integer');
353 $ilDB->manipulate($query);
354 return true;
355 }
356
357
358
363 public static function toggleDataSource(int $a_ldap_server_id, int $a_auth_mode, int $a_status): bool
364 {
365 global $DIC;
366
367 $ilDB = $DIC['ilDB'];
368
369 self::disableDataSourceForAuthMode($a_auth_mode);
370
371 if ($a_status) {
372 $query = "UPDATE ldap_server_settings " .
373 'SET authentication_type = ' . $ilDB->quote($a_auth_mode, 'integer') . " " .
374 'WHERE server_id = ' . $ilDB->quote($a_ldap_server_id, 'integer');
375 $ilDB->manipulate($query);
376 }
377 return true;
378 }
379
383 public static function isAuthModeLDAP(string $a_auth_mode): bool
384 {
385 global $DIC;
386
387 $logger = $DIC->logger()->auth();
388
389 if ($a_auth_mode === '') {
390 $logger->error(__METHOD__ . ': No auth mode given..............');
391 return false;
392 }
393
394 $auth_arr = explode('_', $a_auth_mode);
395
396 return ((int) $auth_arr[0] === ilAuthUtils::AUTH_LDAP) && (isset($auth_arr[1]) && $auth_arr[1]);
397 }
398
402 public static function getServerIdByAuthMode(string $a_auth_mode): ?int
403 {
404 if (self::isAuthModeLDAP($a_auth_mode)) {
405 $auth_arr = explode('_', $a_auth_mode);
406 return (int) $auth_arr[1];
407 }
408
409 return null;
410 }
411
415 public static function getAuthModeByKey(string $a_auth_key): string
416 {
417 $auth_arr = explode('_', $a_auth_key);
418 if (count($auth_arr) > 1) {
419 return 'ldap_' . $auth_arr[1];
420 }
421 return 'ldap';
422 }
423
428 public static function getKeyByAuthMode(string $a_auth_mode)
429 {
430 $auth_arr = explode('_', $a_auth_mode);
431 if (count($auth_arr) > 1) {
432 return ilAuthUtils::AUTH_LDAP . '_' . $auth_arr[1];
433 }
434 return ilAuthUtils::AUTH_LDAP;
435 }
436
437 // Set/Get
438 public function getServerId(): int
439 {
440 return $this->server_id;
441 }
442
446 public function enableAuthentication(bool $a_status): void
447 {
448 $this->enabled_authentication = $a_status;
449 }
450
454 public function isAuthenticationEnabled(): bool
455 {
456 return $this->enabled_authentication;
457 }
458
462 public function setAuthenticationMapping(int $a_map): void
463 {
464 $this->authentication_mapping = $a_map;
465 }
466
470 public function getAuthenticationMapping(): int
471 {
472 return $this->authentication_mapping;
473 }
474
479 public function getAuthenticationMappingKey(): string
480 {
481 if ($this->isAuthenticationEnabled() || !$this->getAuthenticationMapping()) {
482 return 'ldap_' . $this->getServerId();
483 }
484 return ilAuthUtils::_getAuthModeName($this->getAuthenticationMapping());
485 }
486
487 public function toggleActive(bool $a_status): void
488 {
489 $this->active = $a_status;
490 }
491 public function isActive(): bool
492 {
493 return $this->active;
494 }
495 public function getUrl(): string
496 {
497 return $this->url;
498 }
499 public function setUrl(string $a_url): void
500 {
501 $this->url_string = $a_url;
502
503 // Maybe there are more than one url's (comma seperated).
504 $urls = explode(',', $a_url);
505
506 $counter = 0;
507 foreach ($urls as $url) {
508 $url = trim($url);
509 if (!$counter++) {
510 $this->url = $url;
511 } else {
512 $this->fallback_urls[] = $url;
513 }
514 }
515 }
516 public function getUrlString(): string
517 {
518 return $this->url_string;
519 }
520
528 public function doConnectionCheck(): bool
529 {
530 foreach (array_merge(array(0 => $this->url), $this->fallback_urls) as $url) {
531 try {
532 ilLoggerFactory::getLogger('auth')->debug('Using url: ' . $url);
533 // Need to do a full bind, since openldap return valid connection links for invalid hosts
534 $query = new ilLDAPQuery($this, $url);
535 $query->bind(ilLDAPQuery::LDAP_BIND_TEST);
536 $this->url = $url;
537 return true;
538 } catch (ilLDAPQueryException $exc) {
539 $this->rotateFallbacks();
540 ilLoggerFactory::getLogger('auth')->error('Cannot connect to LDAP server: ' . $url . ' ' . $exc->getCode() . ' ' . $exc->getMessage());
541 }
542 }
543 ilLoggerFactory::getLogger('auth')->warning('No valid LDAP server found');
544 return false;
545 }
546
547
548 public function getName(): string
549 {
550 return $this->name;
551 }
552 public function setName(string $a_name): void
553 {
554 $this->name = $a_name;
555 }
556 public function getVersion(): int
557 {
558 return $this->version;
559 }
560 public function setVersion(int $a_version): void
561 {
562 $this->version = $a_version;
563 }
564 public function getBaseDN(): string
565 {
566 return $this->base_dn;
567 }
568 public function setBaseDN(string $a_base_dn): void
569 {
570 $this->base_dn = $a_base_dn;
571 }
572 public function isActiveReferrer(): bool
573 {
574 return $this->referrals;
575 }
576 public function toggleReferrer(bool $a_status): void
577 {
578 $this->referrals = $a_status;
579 }
580 public function isActiveTLS(): bool
581 {
582 return $this->tls;
583 }
584 public function toggleTLS(bool $a_status): void
585 {
586 $this->tls = $a_status;
587 }
588 public function getBindingType(): int
589 {
590 return $this->binding_type;
591 }
592 public function setBindingType(int $a_type): void
593 {
594 if ($a_type === self::LDAP_BIND_USER) {
595 $this->binding_type = self::LDAP_BIND_USER;
596 } else {
597 $this->binding_type = self::LDAP_BIND_ANONYMOUS;
598 }
599 }
600 public function getBindUser(): string
601 {
602 return $this->bind_user;
603 }
604 public function setBindUser(string $a_user): void
605 {
606 $this->bind_user = $a_user;
607 }
608 public function getBindPassword(): string
609 {
610 return $this->bind_password;
611 }
612 public function setBindPassword(string $a_password): void
613 {
614 $this->bind_password = $a_password;
615 }
616 public function getSearchBase(): string
617 {
618 return $this->search_base;
619 }
620 public function setSearchBase(string $a_search_base): void
621 {
622 $this->search_base = $a_search_base;
623 }
624 public function getUserAttribute(): string
625 {
626 return $this->user_attribute;
627 }
628 public function setUserAttribute(string $a_user_attr): void
629 {
630 $this->user_attribute = $a_user_attr;
631 }
632 public function getFilter(): string
633 {
634 return $this->prepareFilter($this->filter);
635 }
636 public function setFilter(string $a_filter): void
637 {
638 $this->filter = $a_filter;
639 }
640 public function getGroupDN(): string
641 {
642 return $this->group_dn;
643 }
644 public function setGroupDN(string $a_value): void
645 {
646 $this->group_dn = $a_value;
647 }
648 public function getGroupFilter(): string
649 {
650 return $this->prepareFilter($this->group_filter);
651 }
652 public function setGroupFilter(string $a_value): void
653 {
654 $this->group_filter = $a_value;
655 }
656 public function getGroupMember(): string
657 {
658 return $this->group_member;
659 }
660 public function setGroupMember(string $a_value): void
661 {
662 $this->group_member = $a_value;
663 }
664 public function getGroupName(): string
665 {
666 return $this->group_name;
667 }
668 public function setGroupName(string $a_value): void
669 {
670 $this->group_name = $a_value;
671 }
672
677 public function getGroupNames(): array
678 {
679 $names = explode(',', $this->getGroupName());
680
681 if (!is_array($names)) {
682 return [];
683 }
684
685 return array_filter(array_map('trim', $names));
686 }
687
688
689 public function getGroupAttribute(): string
690 {
691 return $this->group_attribute;
692 }
693 public function setGroupAttribute(string $a_value): void
694 {
695 $this->group_attribute = $a_value;
696 }
697 public function toggleMembershipOptional(bool $a_status): void
698 {
699 $this->group_optional = $a_status;
700 }
701 public function isMembershipOptional(): bool
702 {
703 return $this->group_optional;
704 }
705 public function setGroupUserFilter(string $a_filter): void
706 {
707 $this->group_user_filter = $a_filter;
708 }
709 public function getGroupUserFilter(): string
710 {
711 return $this->group_user_filter;
712 }
713
714 public function enabledGroupMemberIsDN(): bool
715 {
716 return $this->memberisdn;
717 }
718 public function enableGroupMemberIsDN(bool $a_value): void
719 {
720 $this->memberisdn = $a_value;
721 }
722 public function setGroupScope(int $a_value): void
723 {
724 $this->group_scope = $a_value;
725 }
726 public function getGroupScope(): int
727 {
728 return $this->group_scope;
729 }
730 public function setUserScope(int $a_value): void
731 {
732 $this->user_scope = $a_value;
733 }
734 public function getUserScope(): int
735 {
736 return $this->user_scope;
737 }
738 public function enabledSyncOnLogin(): bool
739 {
740 return $this->sync_on_login;
741 }
742 public function enableSyncOnLogin(bool $a_value): void
743 {
744 $this->sync_on_login = $a_value;
745 }
746 public function enabledSyncPerCron(): bool
747 {
748 return $this->sync_per_cron;
749 }
750 public function enableSyncPerCron(bool $a_value): void
751 {
752 $this->sync_per_cron = $a_value;
753 }
754 public function setGlobalRole(int $a_role): void
755 {
756 $this->global_role = $a_role;
757 }
758 public function getRoleBindDN(): string
759 {
760 return $this->role_bind_dn;
761 }
762 public function setRoleBindDN(string $a_value): void
763 {
764 $this->role_bind_dn = $a_value;
765 }
766 public function getRoleBindPassword(): string
767 {
768 return $this->role_bind_pass;
769 }
770 public function setRoleBindPassword(string $a_value): void
771 {
772 $this->role_bind_pass = $a_value;
773 }
774 public function enabledRoleSynchronization(): bool
775 {
776 return $this->role_sync_active;
777 }
778 public function enableRoleSynchronization(bool $a_value): void
779 {
780 $this->role_sync_active = $a_value;
781 }
782
783 public function getUsernameFilter(): string
784 {
785 return $this->username_filter;
786 }
787 public function setUsernameFilter(string $a_value): void
788 {
789 $this->username_filter = $a_value;
790 }
791
792 public function enableEscapeDN(bool $a_value): void
793 {
794 $this->escape_dn = $a_value;
795 }
796
797 public function enabledEscapeDN(): bool
798 {
799 return $this->escape_dn;
800 }
801
805 public function enableAccountMigration(bool $a_status): void
806 {
807 $this->account_migration = $a_status;
808 }
809
813 public function isAccountMigrationEnabled(): bool
814 {
815 return $this->account_migration;
816 }
817
818
822 public function validate(): bool
823 {
824 $this->ilErr->setMessage('');
825 if ($this->getName() === '' ||
826 $this->getUrl() === '' ||
827 $this->getBaseDN() === '' ||
828 $this->getUserAttribute() === '') {
829 $this->ilErr->setMessage($this->lng->txt('fill_out_all_required_fields'));
830 }
831
832 if ($this->getBindingType() === self::LDAP_BIND_USER
833 && ($this->getBindUser() === '' || $this->getBindPassword() === '')) {
834 $this->ilErr->appendMessage($this->lng->txt('ldap_missing_bind_user'));
835 }
836
837 if (!$this->global_role && ($this->enabledSyncPerCron() || $this->enabledSyncOnLogin())) {
838 $this->ilErr->appendMessage($this->lng->txt('ldap_missing_role_assignment'));
839 }
840 if ($this->getVersion() === 2 && $this->isActiveTLS()) {
841 $this->ilErr->appendMessage($this->lng->txt('ldap_tls_conflict'));
842 }
843
844 return $this->ilErr->getMessage() === '';
845 }
846
847 public function create(): int
848 {
849 $next_id = $this->db->nextId('ldap_server_settings');
850
851 $query = 'INSERT INTO ldap_server_settings (server_id,active,name,url,version,base_dn,referrals,tls,bind_type,bind_user,bind_pass,' .
852 'search_base,user_scope,user_attribute,filter,group_dn,group_scope,group_filter,group_member,group_memberisdn,group_name,' .
853 'group_attribute,group_optional,group_user_filter,sync_on_login,sync_per_cron,role_sync_active,role_bind_dn,role_bind_pass,migration, ' .
854 'authentication,authentication_type,username_filter, escape_dn) ' .
855 'VALUES (%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s)';
856 $this->db->queryF(
857 $query,
858 array(
859 'integer','integer','text','text','integer','text','integer','integer','integer','text','text','text','integer',
860 'text','text','text','integer','text','text','integer','text','text','integer','text','integer','integer','integer',
861 'text','text', 'integer','integer','integer',"text", 'integer'),
862 array(
863 $next_id,
864 $this->isActive(),
865 $this->getName(),
866 $this->getUrlString(),
867 $this->getVersion(),
868 $this->getBaseDN(),
869 $this->isActiveReferrer(),
870 $this->isActiveTLS(),
871 $this->getBindingType(),
872 $this->getBindUser(),
873 $this->getBindPassword(),
874 $this->getSearchBase(),
875 $this->getUserScope(),
876 $this->getUserAttribute(),
877 $this->getFilter(),
878 $this->getGroupDN(),
879 $this->getGroupScope(),
880 $this->getGroupFilter(),
881 $this->getGroupMember(),
882 $this->enabledGroupMemberIsDN(),
883 $this->getGroupName(),
884 $this->getGroupAttribute(),
885 $this->isMembershipOptional(),
886 $this->getGroupUserFilter(),
887 $this->enabledSyncOnLogin(),
888 $this->enabledSyncPerCron(),
889 $this->enabledRoleSynchronization(),
890 $this->getRoleBindDN(),
891 $this->getRoleBindPassword(),
892 $this->isAccountMigrationEnabled(),
893 $this->isAuthenticationEnabled(),
894 $this->getAuthenticationMapping(),
895 $this->getUsernameFilter(),
896 (int) $this->enabledEscapeDN()
897 )
898 );
899 // end Patch Name Filter
900 $this->server_id = $next_id;
901 return $next_id;
902 }
903
904 public function update(): bool
905 {
906 $query = "UPDATE ldap_server_settings SET " .
907 "active = " . $this->db->quote($this->isActive(), 'integer') . ", " .
908 "name = " . $this->db->quote($this->getName(), 'text') . ", " .
909 "url = " . $this->db->quote($this->getUrlString(), 'text') . ", " .
910 "version = " . $this->db->quote($this->getVersion(), 'integer') . ", " .
911 "base_dn = " . $this->db->quote($this->getBaseDN(), 'text') . ", " .
912 "referrals = " . $this->db->quote($this->isActiveReferrer(), 'integer') . ", " .
913 "tls = " . $this->db->quote($this->isActiveTLS(), 'integer') . ", " .
914 "bind_type = " . $this->db->quote($this->getBindingType(), 'integer') . ", " .
915 "bind_user = " . $this->db->quote($this->getBindUser(), 'text') . ", " .
916 "bind_pass = " . $this->db->quote($this->getBindPassword(), 'text') . ", " .
917 "search_base = " . $this->db->quote($this->getSearchBase(), 'text') . ", " .
918 "user_scope = " . $this->db->quote($this->getUserScope(), 'integer') . ", " .
919 "user_attribute = " . $this->db->quote($this->getUserAttribute(), 'text') . ", " .
920 "filter = " . $this->db->quote($this->getFilter(), 'text') . ", " .
921 "group_dn = " . $this->db->quote($this->getGroupDN(), 'text') . ", " .
922 "group_scope = " . $this->db->quote($this->getGroupScope(), 'integer') . ", " .
923 "group_filter = " . $this->db->quote($this->getGroupFilter(), 'text') . ", " .
924 "group_member = " . $this->db->quote($this->getGroupMember(), 'text') . ", " .
925 "group_memberisdn =" . $this->db->quote((int) $this->enabledGroupMemberIsDN(), 'integer') . ", " .
926 "group_name = " . $this->db->quote($this->getGroupName(), 'text') . ", " .
927 "group_attribute = " . $this->db->quote($this->getGroupAttribute(), 'text') . ", " .
928 "group_optional = " . $this->db->quote((int) $this->isMembershipOptional(), 'integer') . ", " .
929 "group_user_filter = " . $this->db->quote($this->getGroupUserFilter(), 'text') . ", " .
930 "sync_on_login = " . $this->db->quote(($this->enabledSyncOnLogin() ? 1 : 0), 'integer') . ", " .
931 "sync_per_cron = " . $this->db->quote(($this->enabledSyncPerCron() ? 1 : 0), 'integer') . ", " .
932 "role_sync_active = " . $this->db->quote($this->enabledRoleSynchronization(), 'integer') . ", " .
933 "role_bind_dn = " . $this->db->quote($this->getRoleBindDN(), 'text') . ", " .
934 "role_bind_pass = " . $this->db->quote($this->getRoleBindPassword(), 'text') . ", " .
935 "migration = " . $this->db->quote((int) $this->isAccountMigrationEnabled(), 'integer') . ", " .
936 'authentication = ' . $this->db->quote((int) $this->isAuthenticationEnabled(), 'integer') . ', ' .
937 'authentication_type = ' . $this->db->quote($this->getAuthenticationMapping(), 'integer') . ' ' .
938 ", username_filter = " . $this->db->quote($this->getUsernameFilter(), "text") . " " .
939 ", escape_dn = " . $this->db->quote($this->enabledEscapeDN() ? 1 : 0, 'integer') . " " .
940 "WHERE server_id = " . $this->db->quote($this->getServerId(), 'integer');
941
942 $this->db->manipulate($query);
943 return true;
944 }
945
949 public function delete(): void
950 {
951 if (!$this->getServerId()) {
952 //TODO check if we need return false
953 return;
954 }
955
956 ilLDAPAttributeMapping::_delete($this->getServerId());
957
958 $rules = ilLDAPRoleAssignmentRule::_getRules($this->getServerId());
959
960 foreach ($rules as $ruleAssigment) {
961 $ruleAssigment->delete();
962 }
963
964 ilLDAPRoleGroupMappingSettings::_deleteByServerId($this->getServerId());
965
966 $query = "DELETE FROM ldap_server_settings " .
967 "WHERE server_id = " . $this->db->quote($this->getServerId(), 'integer');
968 $this->db->manipulate($query);
969 }
970
971 //TODO check if this is still needed
977 public function toPearAuthArray(): array
978 {
979 $options = array(
980 'url' => $this->getUrl(),
981 'version' => $this->getVersion(),
982 'referrals' => $this->isActiveReferrer());
983
984 if ($this->getBindingType() === self::LDAP_BIND_USER) {
985 $options['binddn'] = $this->getBindUser();
986 $options['bindpw'] = $this->getBindPassword();
987 }
988 $options['basedn'] = $this->getBaseDN();
989 $options['start_tls'] = $this->isActiveTLS();
990 $options['userdn'] = $this->getSearchBase();
991 if ($this->getUserScope() === self::LDAP_SCOPE_ONE) {
992 $options['userscope'] = 'one';
993 } else {
994 $options['userscope'] = 'sub';
995 }
996
997 $options['userattr'] = $this->getUserAttribute();
998 $options['userfilter'] = $this->getFilter();
999 $options['attributes'] = $this->getPearAtributeArray();
1000 $options['debug'] = self::DEBUG;
1001
1002
1003 $options['enableLogging'] = true;
1004
1005 switch ($this->getGroupScope()) {
1006 case self::LDAP_SCOPE_BASE:
1007 $options['groupscope'] = 'base';
1008 break;
1009 case self::LDAP_SCOPE_ONE:
1010 $options['groupscope'] = 'one';
1011 break;
1012 default:
1013 $options['groupscope'] = 'sub';
1014 break;
1015 }
1016 $options['escape_dn'] = $this->enabledEscapeDN();
1017 $options['groupdn'] = $this->getGroupDN();
1018 $options['groupattr'] = $this->getGroupAttribute();
1019 $options['groupfilter'] = $this->getGroupFilter();
1020 $options['memberattr'] = $this->getGroupMember();
1021 $options['memberisdn'] = $this->enabledGroupMemberIsDN();
1022 $options['group'] = $this->getGroupName();
1023
1024
1025 return $options;
1026 }
1027
1031 private function prepareFilter(string $a_filter): string
1032 {
1033 $filter = trim($a_filter);
1034
1035 if ($filter === '') {
1036 return $filter;
1037 }
1038
1039 if (strpos($filter, '(') !== 0) {
1040 $filter = ('(' . $filter);
1041 }
1042 if (substr($filter, -1) !== ')') {
1043 $filter .= ')';
1044 }
1045 return $filter;
1046 }
1047
1051 private function getPearAtributeArray(): array
1052 {
1053 if ($this->enabledSyncOnLogin()) {
1054 $mapping = ilLDAPAttributeMapping::_getInstanceByServerId($this->getServerId());
1055 return array_merge(
1056 array($this->getUserAttribute()),
1057 $mapping->getFields(),
1058 array('dn'),
1059 ilLDAPRoleAssignmentRules::getAttributeNames($this->getServerId())
1060 );
1061 }
1062
1063 return array($this->getUserAttribute());
1064 }
1065
1070 private function read(): void
1071 {
1072 if (!$this->server_id) {
1073 return;
1074 }
1075 $query = "SELECT * FROM ldap_server_settings WHERE server_id = " . $this->db->quote($this->server_id, ilDBConstants::T_INTEGER);
1076
1077 $res = $this->db->query($query);
1078 while ($row = $res->fetchRow(ilDBConstants::FETCHMODE_OBJECT)) {
1079 $this->toggleActive((bool) $row->active);
1080 $this->setName($row->name ?? '');
1081 $this->setUrl($row->url ?? '');
1082 $this->setVersion((int) $row->version);
1083 $this->setBaseDN($row->base_dn ?? '');
1084 $this->toggleReferrer((bool) $row->referrals);
1085 $this->toggleTLS((bool) $row->tls);
1086 $this->setBindingType((int) $row->bind_type);
1087 $this->setBindUser($row->bind_user ?? '');
1088 $this->setBindPassword($row->bind_pass ?? '');
1089 $this->setSearchBase($row->search_base ?? '');
1090 $this->setUserScope((int) $row->user_scope);
1091 $this->setUserAttribute($row->user_attribute ?? '');
1092 $this->setFilter($row->filter ?? '');
1093 $this->setGroupDN($row->group_dn ?? '');
1094 $this->setGroupScope((int) $row->group_scope);
1095 $this->setGroupFilter($row->group_filter ?? '');
1096 $this->setGroupMember($row->group_member ?? '');
1097 $this->setGroupAttribute($row->group_attribute ?? '');
1098 $this->toggleMembershipOptional((bool) $row->group_optional);
1099 $this->setGroupUserFilter($row->group_user_filter ?? '');
1100 $this->enableGroupMemberIsDN((bool) $row->group_memberisdn);
1101 $this->setGroupName($row->group_name ?? '');
1102 $this->enableSyncOnLogin((bool) $row->sync_on_login);
1103 $this->enableSyncPerCron((bool) $row->sync_per_cron);
1104 $this->enableRoleSynchronization((bool) $row->role_sync_active);
1105 $this->setRoleBindDN($row->role_bind_dn ?? '');
1106 $this->setRoleBindPassword($row->role_bind_pass ?? '');
1107 $this->enableAccountMigration((bool) $row->migration);
1108 $this->enableAuthentication((bool) $row->authentication);
1109 $this->setAuthenticationMapping((int) $row->authentication_type);
1110 $this->setUsernameFilter($row->username_filter ?? '');
1111 $this->enableEscapeDN((bool) $row->escape_dn);
1112 }
1113 }
1114}
ilAuthUtils\_getAuthModeName
static _getAuthModeName($a_auth_key)
Definition: class.ilAuthUtils.php:205
ilErrorHandling
Error Handling & global info handling uses PEAR error class.
Definition: class.ilErrorHandling.php:39
ilLDAPAttributeMapping\_delete
static _delete(int $a_server_id)
Definition: class.ilLDAPAttributeMapping.php:54
ilLDAPAttributeMapping\_getInstanceByServerId
static _getInstanceByServerId(int $a_server_id)
Definition: class.ilLDAPAttributeMapping.php:45
ilLDAPRoleAssignmentRule\_getRules
static _getRules($a_server_id)
Get all rules.
Definition: class.ilLDAPRoleAssignmentRule.php:180
ilLDAPRoleAssignmentRules\getAttributeNames
static getAttributeNames($a_server_id)
get all possible attribute names
Definition: class.ilLDAPRoleAssignmentRules.php:69
ilLDAPServer\setGlobalRole
setGlobalRole(int $a_role)
Definition: class.ilLDAPServer.php:754
ilLDAPServer\enableRoleSynchronization
enableRoleSynchronization(bool $a_value)
Definition: class.ilLDAPServer.php:778
ilLDAPServer\setGroupFilter
setGroupFilter(string $a_value)
Definition: class.ilLDAPServer.php:652
ilLDAPServer\_getServerList
static _getServerList()
Get list of all configured servers.
Definition: class.ilLDAPServer.php:227
ilLDAPServer\setFilter
setFilter(string $a_filter)
Definition: class.ilLDAPServer.php:636
ilLDAPServer\isAuthenticationEnabled
isAuthenticationEnabled()
Check if authentication is enabled.
Definition: class.ilLDAPServer.php:454
ilLDAPServer\enableEscapeDN
enableEscapeDN(bool $a_value)
Definition: class.ilLDAPServer.php:792
ilLDAPServer\toggleTLS
toggleTLS(bool $a_status)
Definition: class.ilLDAPServer.php:584
ilLDAPServer\enableGroupMemberIsDN
enableGroupMemberIsDN(bool $a_value)
Definition: class.ilLDAPServer.php:718
ilLDAPServer\read
read()
Read server settings.
Definition: class.ilLDAPServer.php:1070
ilLDAPServer\enableSyncOnLogin
enableSyncOnLogin(bool $a_value)
Definition: class.ilLDAPServer.php:742
ilLDAPServer\getAuthModeByKey
static getAuthModeByKey(string $a_auth_key)
get auth mode by key
Definition: class.ilLDAPServer.php:415
ilLDAPServer\__construct
__construct(int $a_server_id=0)
Definition: class.ilLDAPServer.php:85
ilLDAPServer\_getCronServerIds
static _getCronServerIds()
Get list of acticve servers with option 'SyncCron'.
Definition: class.ilLDAPServer.php:163
ilLDAPServer\checkLDAPLib
static checkLDAPLib()
Check if ldap module is installed.
Definition: class.ilLDAPServer.php:129
ilLDAPServer\disableDataSourceForAuthMode
static disableDataSourceForAuthMode(int $a_authmode)
Disable data source.
Definition: class.ilLDAPServer.php:344
ilLDAPServer\getAuthenticationMapping
getAuthenticationMapping()
Get authentication mode that is mapped.
Definition: class.ilLDAPServer.php:470
ilLDAPServer\prepareFilter
prepareFilter(string $a_filter)
Create brackets for filters if they do not exist.
Definition: class.ilLDAPServer.php:1031
ilLDAPServer\doConnectionCheck
doConnectionCheck()
Check ldap connection and do a fallback to the next server if no connection is possible.
Definition: class.ilLDAPServer.php:528
ilLDAPServer\setGroupDN
setGroupDN(string $a_value)
Definition: class.ilLDAPServer.php:644
ilLDAPServer\setGroupScope
setGroupScope(int $a_value)
Definition: class.ilLDAPServer.php:722
ilLDAPServer\_getActiveServerList
static _getActiveServerList()
Get active server list.
Definition: class.ilLDAPServer.php:139
ilLDAPServer\setRoleBindDN
setRoleBindDN(string $a_value)
Definition: class.ilLDAPServer.php:762
ilLDAPServer\setGroupUserFilter
setGroupUserFilter(string $a_filter)
Definition: class.ilLDAPServer.php:705
ilLDAPServer\isDataSourceActive
static isDataSourceActive(int $a_auth_mode)
Check if a data source is active for a specific auth mode.
Definition: class.ilLDAPServer.php:310
ilLDAPServer\enableAuthentication
enableAuthentication(bool $a_status)
Enable authentication for this ldap server.
Definition: class.ilLDAPServer.php:446
ilLDAPServer\setUrl
setUrl(string $a_url)
Definition: class.ilLDAPServer.php:499
ilLDAPServer\setGroupAttribute
setGroupAttribute(string $a_value)
Definition: class.ilLDAPServer.php:693
ilLDAPServer\toPearAuthArray
toPearAuthArray()
Creates an array of options compatible to PEAR Auth.
Definition: class.ilLDAPServer.php:977
ilLDAPServer\validate
validate()
Validate user input.
Definition: class.ilLDAPServer.php:822
ilLDAPServer\_getAllServer
static _getAllServer()
Get list of all configured servers.
Definition: class.ilLDAPServer.php:270
ilLDAPServer\setUsernameFilter
setUsernameFilter(string $a_value)
Definition: class.ilLDAPServer.php:787
ilLDAPServer\setBindPassword
setBindPassword(string $a_password)
Definition: class.ilLDAPServer.php:612
ilLDAPServer\DEFAULT_NETWORK_TIMEOUT
const DEFAULT_NETWORK_TIMEOUT
Definition: class.ilLDAPServer.php:37
ilLDAPServer\setUserAttribute
setUserAttribute(string $a_user_attr)
Definition: class.ilLDAPServer.php:628
ilLDAPServer\setGroupName
setGroupName(string $a_value)
Definition: class.ilLDAPServer.php:668
ilLDAPServer\getAuthenticationMappingKey
getAuthenticationMappingKey()
Get authentication mapping key Default is ldap.
Definition: class.ilLDAPServer.php:479
ilLDAPServer\getGroupNames
getGroupNames()
Get group names as array.
Definition: class.ilLDAPServer.php:677
ilLDAPServer\setBaseDN
setBaseDN(string $a_base_dn)
Definition: class.ilLDAPServer.php:568
ilLDAPServer\enableSyncPerCron
enableSyncPerCron(bool $a_value)
Definition: class.ilLDAPServer.php:750
ilLDAPServer\getPearAtributeArray
getPearAtributeArray()
Get attribute array for pear auth data.
Definition: class.ilLDAPServer.php:1051
ilLDAPServer\isAccountMigrationEnabled
isAccountMigrationEnabled()
enabled account migration
Definition: class.ilLDAPServer.php:813
ilLDAPServer\rotateFallbacks
rotateFallbacks()
Rotate fallback urls in case of connect timeouts.
Definition: class.ilLDAPServer.php:109
ilLDAPServer\$ilErr
ilErrorHandling $ilErr
Definition: class.ilLDAPServer.php:83
ilLDAPServer\toggleDataSource
static toggleDataSource(int $a_ldap_server_id, int $a_auth_mode, int $a_status)
Toggle Data Source.
Definition: class.ilLDAPServer.php:363
ilLDAPServer\$db
ilDBInterface $db
Definition: class.ilLDAPServer.php:81
ilLDAPServer\enableAccountMigration
enableAccountMigration(bool $a_status)
Enable account migration.
Definition: class.ilLDAPServer.php:805
ilLDAPServer\getInstanceByServerId
static getInstanceByServerId(int $a_server_id)
Get instance by server id.
Definition: class.ilLDAPServer.php:101
ilLDAPServer\$instances
static array $instances
Definition: class.ilLDAPServer.php:26
ilLDAPServer\getDataSource
static getDataSource(int $a_auth_mode)
Definition: class.ilLDAPServer.php:326
ilLDAPServer\setGroupMember
setGroupMember(string $a_value)
Definition: class.ilLDAPServer.php:660
ilLDAPServer\setBindUser
setBindUser(string $a_user)
Definition: class.ilLDAPServer.php:604
ilLDAPServer\getServerIdByAuthMode
static getServerIdByAuthMode(string $a_auth_mode)
Get auth id by auth mode.
Definition: class.ilLDAPServer.php:402
ilLDAPServer\isAuthModeLDAP
static isAuthModeLDAP(string $a_auth_mode)
Check if user auth mode is LDAP.
Definition: class.ilLDAPServer.php:383
ilLDAPServer\getKeyByAuthMode
static getKeyByAuthMode(string $a_auth_mode)
Get auth id by auth mode.
Definition: class.ilLDAPServer.php:428
ilLDAPServer\setUserScope
setUserScope(int $a_value)
Definition: class.ilLDAPServer.php:730
ilLDAPServer\setBindingType
setBindingType(int $a_type)
Definition: class.ilLDAPServer.php:592
ilLDAPServer\_getRoleSyncServerIds
static _getRoleSyncServerIds()
Check whether there if there is an active server with option role_sync_active.
Definition: class.ilLDAPServer.php:188
ilLDAPServer\toggleMembershipOptional
toggleMembershipOptional(bool $a_status)
Definition: class.ilLDAPServer.php:697
ilLDAPServer\toggleReferrer
toggleReferrer(bool $a_status)
Definition: class.ilLDAPServer.php:576
ilLDAPServer\setAuthenticationMapping
setAuthenticationMapping(int $a_map)
Set mapped authentication mapping.
Definition: class.ilLDAPServer.php:462
ilLDAPServer\toggleActive
toggleActive(bool $a_status)
Definition: class.ilLDAPServer.php:487
ilLDAPServer\_getFirstActiveServer
static _getFirstActiveServer()
Get first active server.
Definition: class.ilLDAPServer.php:213
ilLDAPServer\setSearchBase
setSearchBase(string $a_search_base)
Definition: class.ilLDAPServer.php:620
ilLDAPServer\getAvailableDataSources
static getAvailableDataSources(int $a_auth_mode)
Definition: class.ilLDAPServer.php:287
ilLDAPServer\getServerIds
static getServerIds()
Get all server ids.
Definition: class.ilLDAPServer.php:248
ilLDAPServer\setVersion
setVersion(int $a_version)
Definition: class.ilLDAPServer.php:560
ilLDAPServer\setName
setName(string $a_name)
Definition: class.ilLDAPServer.php:552
ilLDAPServer\setRoleBindPassword
setRoleBindPassword(string $a_value)
Definition: class.ilLDAPServer.php:770
ilLanguage
language handling
Definition: class.ilLanguage.php:44
ilLoggerFactory\getLogger
static getLogger(string $a_component_id)
Get component logger.
Definition: class.ilLoggerFactory.php:89
$server
$server
Definition: dummy_client.php:22
$DIC
global $DIC
Definition: feed.php:28
ilDBInterface
Interface ilDBInterface.
Definition: interface.ilDBInterface.php:27
$res
$res
Definition: ltiservices.php:69
$query
$query
Definition: proxy_ylocal.php:13