ILIAS  release_8 Revision v8.19
All Data Structures Namespaces Files Functions Variables Modules Pages
Public Member Functions | Protected Member Functions | Private Attributes
ilAuthProviderLDAP Class Reference
+ Inheritance diagram for ilAuthProviderLDAP:
+ Collaboration diagram for ilAuthProviderLDAP:

Public Member Functions

 __construct (ilAuthCredentials $credentials, int $a_server_id=0)
 
 getServer ()
 
 doAuthentication (ilAuthStatus $status)
 
 createNewAccount (ilAuthStatus $status)
 
 migrateAccount (ilAuthStatus $status)
 
 getTriggerAuthMode ()
 
 getUserAuthModeName ()
 
 getExternalAccountName ()
 
 setExternalAccountName (string $a_name)
 
- Public Member Functions inherited from ilAuthProvider
 __construct (ilAuthCredentials $credentials)
 Constructor. More...
 
 getLogger ()
 Get logger. More...
 
 getCredentials ()
 
- Public Member Functions inherited from ilAuthProviderInterface
 doAuthentication (\ilAuthStatus $status)
 Do authentication. More...
 

Protected Member Functions

 updateAccount (ilAuthStatus $status, array $user)
 Update Account. More...
 
 initServer (int $a_server_id)
 
 changeKeyCase (string $a_string)
 Change case similar to array_change_key_case, to avoid further encoding problems. More...
 
- Protected Member Functions inherited from ilAuthProvider
 handleAuthenticationFail (ilAuthStatus $status, string $a_reason)
 Handle failed authentication. More...
 

Private Attributes

ilLDAPServer $server
 
string $migration_account = ''
 
bool $force_new_account = false
 

Detailed Description

Author
Stefan Meyer smeye.nosp@m.r.il.nosp@m.ias@g.nosp@m.mx.d.nosp@m.e

Definition at line 26 of file class.ilAuthProviderLDAP.php.

Constructor & Destructor Documentation

◆ __construct()

ilAuthProviderLDAP::__construct ( ilAuthCredentials  $credentials,
int  $a_server_id = 0 
)

Definition at line 32 of file class.ilAuthProviderLDAP.php.

References ILIAS\GlobalScreen\Provider\__construct(), and initServer().

33  {
34  parent::__construct($credentials);
35  $this->initServer($a_server_id);
36  }
ILIAS\GlobalScreen\Provider\__construct
__construct(Container $dic, ilPlugin $plugin)
Definition: PluginProviderHelper.php:37
+ Here is the call graph for this function:

Member Function Documentation

◆ changeKeyCase()

ilAuthProviderLDAP::changeKeyCase ( string  $a_string)
protected

Change case similar to array_change_key_case, to avoid further encoding problems.

Returns
string|int

Definition at line 245 of file class.ilAuthProviderLDAP.php.

Referenced by createNewAccount(), doAuthentication(), and migrateAccount().

246  {
247  return array_key_first(array_change_key_case([$a_string => $a_string]));
248  }
+ Here is the caller graph for this function:

◆ createNewAccount()

ilAuthProviderLDAP::createNewAccount ( ilAuthStatus  $status)

Implements ilAuthProviderAccountMigrationInterface.

Definition at line 157 of file class.ilAuthProviderLDAP.php.

References Vendor\Package\$e, $query, changeKeyCase(), ilAuthProvider\getCredentials(), ilAuthProvider\getLogger(), getServer(), ilAuthProvider\handleAuthenticationFail(), and updateAccount().

157  : void
158  {
159  $this->force_new_account = true;
160 
161  try {
162  $query = new ilLDAPQuery($this->getServer());
163  $query->bind();
164  } catch (ilLDAPQueryException $e) {
165  $this->getLogger()->error('Cannot bind to LDAP server... ' . $e->getMessage());
166  $this->handleAuthenticationFail($status, 'auth_err_ldap_exception');
167  return;
168  }
169  try {
170  // fetch user
171  $users = $query->fetchUser(
172  $this->getCredentials()->getUsername()
173  );
174  if (!$users) {
175  $this->handleAuthenticationFail($status, 'err_wrong_login');
176  return;
177  }
178  if (!array_key_exists($this->changeKeyCase($this->getCredentials()->getUsername()), $users)) {
179  $this->handleAuthenticationFail($status, 'err_wrong_login');
180  return;
181  }
182  } catch (ilLDAPQueryException $e) {
183  $this->getLogger()->error('Cannot fetch LDAP user data... ' . $e->getMessage());
184  $this->handleAuthenticationFail($status, 'auth_err_ldap_exception');
185  return;
186  }
187 
188  // authentication success update profile
189  $this->updateAccount($status, $users[$this->changeKeyCase($this->getCredentials()->getUsername())]);
190  }
ilAuthProviderLDAP\updateAccount
updateAccount(ilAuthStatus $status, array $user)
Update Account.
Definition: class.ilAuthProviderLDAP.php:109
ilAuthProviderLDAP\changeKeyCase
changeKeyCase(string $a_string)
Change case similar to array_change_key_case, to avoid further encoding problems. ...
Definition: class.ilAuthProviderLDAP.php:245
ilAuthProvider\handleAuthenticationFail
handleAuthenticationFail(ilAuthStatus $status, string $a_reason)
Handle failed authentication.
Definition: class.ilAuthProvider.php:71
$query
$query
Definition: proxy_ylocal.php:13
ilAuthProvider\getLogger
getLogger()
Get logger.
Definition: class.ilAuthProvider.php:55
+ Here is the call graph for this function:

◆ doAuthentication()

ilAuthProviderLDAP::doAuthentication ( ilAuthStatus  $status)

Definition at line 46 of file class.ilAuthProviderLDAP.php.

References Vendor\Package\$e, $query, changeKeyCase(), ilAuthProvider\getCredentials(), ilAuthProvider\getLogger(), getServer(), ilAuthProvider\handleAuthenticationFail(), ilLDAPQuery\LDAP_BIND_AUTH, and updateAccount().

46  : bool
47  {
48  try {
49  // bind
50  $query = new ilLDAPQuery($this->getServer());
51  $query->bind();
52  } catch (ilLDAPQueryException $e) {
53  $this->getLogger()->error('Cannot bind to LDAP server... ' . $e->getMessage());
54  $this->handleAuthenticationFail($status, 'auth_err_ldap_exception');
55  return false;
56  }
57  try {
58  // Read user data, which does ensure a sucessful authentication.
59  $users = $query->fetchUser(
60  $this->getCredentials()->getUsername()
61  );
62 
63  if (!$users) {
64  $this->handleAuthenticationFail($status, 'err_wrong_login');
65  return false;
66  }
67  if (!trim($this->getCredentials()->getPassword())) {
68  $this->handleAuthenticationFail($status, 'err_wrong_login');
69  return false;
70  }
71  if (!array_key_exists($this->changeKeyCase($this->getCredentials()->getUsername()), $users)) {
72  $this->getLogger()->warning('Cannot find user: ' . $this->changeKeyCase($this->getCredentials()->getUsername()));
73  $this->handleAuthenticationFail($status, 'auth_err_ldap_exception');
74  return false;
75  }
76 
77  // check group membership
78  if (!$query->checkGroupMembership(
79  $this->getCredentials()->getUsername(),
80  $users[$this->changeKeyCase($this->getCredentials()->getUsername())]
81  )) {
82  $this->handleAuthenticationFail($status, 'err_wrong_login');
83  return false;
84  }
85  } catch (ilLDAPQueryException $e) {
86  $this->getLogger()->error('Cannot fetch LDAP user data... ' . $e->getMessage());
87  $this->handleAuthenticationFail($status, 'auth_err_ldap_exception');
88  return false;
89  }
90  try {
91  // now bind with login credentials
92  $query->bind(
93  ilLDAPQuery::LDAP_BIND_AUTH,
94  $users[$this->changeKeyCase($this->getCredentials()->getUsername())]['dn'],
95  $this->getCredentials()->getPassword()
96  );
97  } catch (ilLDAPQueryException $e) {
98  $this->handleAuthenticationFail($status, 'err_wrong_login');
99  return false;
100  }
101 
102  // authentication success update profile
103  return $this->updateAccount($status, $users[$this->changeKeyCase($this->getCredentials()->getUsername())]);
104  }
ilAuthProviderLDAP\updateAccount
updateAccount(ilAuthStatus $status, array $user)
Update Account.
Definition: class.ilAuthProviderLDAP.php:109
ilAuthProviderLDAP\changeKeyCase
changeKeyCase(string $a_string)
Change case similar to array_change_key_case, to avoid further encoding problems. ...
Definition: class.ilAuthProviderLDAP.php:245
ilAuthProvider\handleAuthenticationFail
handleAuthenticationFail(ilAuthStatus $status, string $a_reason)
Handle failed authentication.
Definition: class.ilAuthProvider.php:71
$query
$query
Definition: proxy_ylocal.php:13
ilAuthProvider\getLogger
getLogger()
Get logger.
Definition: class.ilAuthProvider.php:55
+ Here is the call graph for this function:

◆ getExternalAccountName()

ilAuthProviderLDAP::getExternalAccountName ( )

Implements ilAuthProviderAccountMigrationInterface.

Definition at line 231 of file class.ilAuthProviderLDAP.php.

References $migration_account.

231  : string
232  {
233  return $this->migration_account;
234  }

◆ getServer()

ilAuthProviderLDAP::getServer ( )

Definition at line 38 of file class.ilAuthProviderLDAP.php.

References $server.

Referenced by createNewAccount(), doAuthentication(), getTriggerAuthMode(), getUserAuthModeName(), migrateAccount(), and updateAccount().

38  : ilLDAPServer
39  {
40  return $this->server;
41  }
+ Here is the caller graph for this function:

◆ getTriggerAuthMode()

ilAuthProviderLDAP::getTriggerAuthMode ( )

Implements ilAuthProviderAccountMigrationInterface.

Definition at line 215 of file class.ilAuthProviderLDAP.php.

References ilAuthUtils\AUTH_LDAP, and getServer().

215  : string
216  {
217  return ilAuthUtils::AUTH_LDAP . '_' . $this->getServer()->getServerId();
218  }
+ Here is the call graph for this function:

◆ getUserAuthModeName()

ilAuthProviderLDAP::getUserAuthModeName ( )

Implements ilAuthProviderAccountMigrationInterface.

Definition at line 223 of file class.ilAuthProviderLDAP.php.

References getServer().

223  : string
224  {
225  return 'ldap_' . $this->getServer()->getServerId();
226  }
+ Here is the call graph for this function:

◆ initServer()

ilAuthProviderLDAP::initServer ( int  $a_server_id)
protected

Definition at line 149 of file class.ilAuthProviderLDAP.php.

Referenced by __construct().

149  : void
150  {
151  $this->server = new ilLDAPServer($a_server_id);
152  }
+ Here is the caller graph for this function:

◆ migrateAccount()

ilAuthProviderLDAP::migrateAccount ( ilAuthStatus  $status)

Implements ilAuthProviderAccountMigrationInterface.

Definition at line 195 of file class.ilAuthProviderLDAP.php.

References Vendor\Package\$e, $query, changeKeyCase(), ilAuthProvider\getCredentials(), ilAuthProvider\getLogger(), getServer(), ilAuthProvider\handleAuthenticationFail(), and updateAccount().

195  : void
196  {
197  $this->force_new_account = true;
198 
199  try {
200  $query = new ilLDAPQuery($this->getServer());
201  $query->bind();
202  } catch (ilLDAPQueryException $e) {
203  $this->getLogger()->error('Cannot bind to LDAP server... ' . $e->getMessage());
204  $this->handleAuthenticationFail($status, 'auth_err_ldap_exception');
205  return;
206  }
207 
208  $users = $query->fetchUser($this->getCredentials()->getUsername());
209  $this->updateAccount($status, $users[$this->changeKeyCase($this->getCredentials()->getUsername())]);
210  }
ilAuthProviderLDAP\updateAccount
updateAccount(ilAuthStatus $status, array $user)
Update Account.
Definition: class.ilAuthProviderLDAP.php:109
ilAuthProviderLDAP\changeKeyCase
changeKeyCase(string $a_string)
Change case similar to array_change_key_case, to avoid further encoding problems. ...
Definition: class.ilAuthProviderLDAP.php:245
ilAuthProvider\handleAuthenticationFail
handleAuthenticationFail(ilAuthStatus $status, string $a_reason)
Handle failed authentication.
Definition: class.ilAuthProvider.php:71
$query
$query
Definition: proxy_ylocal.php:13
ilAuthProvider\getLogger
getLogger()
Get logger.
Definition: class.ilAuthProvider.php:55
+ Here is the call graph for this function:

◆ setExternalAccountName()

ilAuthProviderLDAP::setExternalAccountName ( string  $a_name)

Definition at line 236 of file class.ilAuthProviderLDAP.php.

Referenced by updateAccount().

236  : void
237  {
238  $this->migration_account = $a_name;
239  }
+ Here is the caller graph for this function:

◆ updateAccount()

ilAuthProviderLDAP::updateAccount ( ilAuthStatus  $status,
array  $user 
)
protected

Update Account.

Definition at line 109 of file class.ilAuthProviderLDAP.php.

References Vendor\Package\$e, ilObjUser\_lookupId(), ilLogLevel\DEBUG, ilAuthProvider\getCredentials(), ilAuthProvider\getLogger(), getServer(), ilAuthProvider\handleAuthenticationFail(), ilAuthStatus\setAuthenticatedUserId(), setExternalAccountName(), ilAuthStatus\setStatus(), ilAuthStatus\STATUS_ACCOUNT_MIGRATION_REQUIRED, and ilAuthStatus\STATUS_AUTHENTICATED.

Referenced by createNewAccount(), doAuthentication(), and migrateAccount().

109  : bool
110  {
111  $user = array_change_key_case($user, CASE_LOWER);
112  $this->getLogger()->dump($user, ilLogLevel::DEBUG);
113 
114  $sync = new ilLDAPUserSynchronisation(
115  'ldap_' . $this->getServer()->getServerId(),
116  $this->getServer()->getServerId()
117  );
118  $sync->setExternalAccount($this->getCredentials()->getUsername());
119  $sync->setUserData($user);
120  $sync->forceCreation($this->force_new_account);
121 
122  try {
123  $internal_account = $sync->sync();
124  $this->getLogger()->debug('Internal account: ' . $internal_account);
125  } catch (UnexpectedValueException $e) {
126  $this->getLogger()->info('Login failed with message: ' . $e->getMessage());
127  $this->handleAuthenticationFail($status, 'err_wrong_login');
128  return false;
129  } catch (ilLDAPSynchronisationFailedException $e) {
130  $this->handleAuthenticationFail($status, 'err_auth_ldap_failed');
131  return false;
132  } catch (ilLDAPSynchronisationForbiddenException $e) {
133  // No syncronisation allowed => create Error
134  $this->getLogger()->info('Login failed with message: ' . $e->getMessage());
135  $this->handleAuthenticationFail($status, 'err_auth_ldap_no_ilias_user');
136  return false;
137  } catch (ilLDAPAccountMigrationRequiredException $e) {
138  // Account migration required
139  $this->setExternalAccountName($this->getCredentials()->getUsername());
140  $this->getLogger()->info('Authentication failed: account migration required for external account: ' . $this->getCredentials()->getUsername());
141  $status->setStatus(ilAuthStatus::STATUS_ACCOUNT_MIGRATION_REQUIRED);
142  return false;
143  }
144  $status->setStatus(ilAuthStatus::STATUS_AUTHENTICATED);
145  $status->setAuthenticatedUserId(ilObjUser::_lookupId($internal_account));
146  return true;
147  }
ilLDAPSynchronisationForbiddenException
This file is part of ILIAS, a powerful learning management system published by ILIAS open source e-Le...
Definition: class.ilLDAPSynchronisationForbiddenException.php:24
ilLDAPSynchronisationFailedException
This file is part of ILIAS, a powerful learning management system published by ILIAS open source e-Le...
Definition: class.ilLDAPSynchronisationFailedException.php:26
ilLDAPUserSynchronisation
Synchronization of user accounts used in auth container ldap, cas,...
Definition: class.ilLDAPUserSynchronisation.php:26
ilObjUser\_lookupId
static _lookupId($a_user_str)
Definition: class.ilObjUser.php:674
ilLDAPAccountMigrationRequiredException
This file is part of ILIAS, a powerful learning management system published by ILIAS open source e-Le...
Definition: class.ilLDAPAccountMigrationRequiredException.php:24
ilAuthProvider\handleAuthenticationFail
handleAuthenticationFail(ilAuthStatus $status, string $a_reason)
Handle failed authentication.
Definition: class.ilAuthProvider.php:71
ilAuthStatus\setStatus
setStatus(int $a_status)
Set auth status.
Definition: class.ilAuthStatus.php:69
ilAuthProvider\getLogger
getLogger()
Get logger.
Definition: class.ilAuthProvider.php:55
ilAuthStatus\setAuthenticatedUserId
setAuthenticatedUserId(int $a_id)
Definition: class.ilAuthStatus.php:120
ilAuthProviderLDAP\setExternalAccountName
setExternalAccountName(string $a_name)
Definition: class.ilAuthProviderLDAP.php:236
ilAuthStatus\STATUS_ACCOUNT_MIGRATION_REQUIRED
const STATUS_ACCOUNT_MIGRATION_REQUIRED
Definition: class.ilAuthStatus.php:36
+ Here is the call graph for this function:
+ Here is the caller graph for this function:

Field Documentation

◆ $force_new_account

bool ilAuthProviderLDAP::$force_new_account = false
private

Definition at line 30 of file class.ilAuthProviderLDAP.php.

◆ $migration_account

string ilAuthProviderLDAP::$migration_account = ''
private

Definition at line 29 of file class.ilAuthProviderLDAP.php.

Referenced by getExternalAccountName().

◆ $server

ilLDAPServer ilAuthProviderLDAP::$server
private

Definition at line 28 of file class.ilAuthProviderLDAP.php.

Referenced by getServer().

The documentation for this class was generated from the following file: