Inheritance diagram for ilAuthProviderLDAP:

Collaboration diagram for ilAuthProviderLDAP:

Public Member Functions
	__construct (ilAuthCredentials $credentials, int $a_server_id=0)

	getServer ()

	doAuthentication (ilAuthStatus $status)
	@inheritDoc More...

	createNewAccount (ilAuthStatus $status)
	@inheritDoc More...

	migrateAccount (ilAuthStatus $status)
	@inheritDoc More...

	getTriggerAuthMode ()
	@inheritDoc More...

	getUserAuthModeName ()
	@inheritDoc More...

	getExternalAccountName ()
	@inheritDoc More...

	setExternalAccountName (string $a_name)

Public Member Functions inherited from ilAuthProvider
	__construct (ilAuthCredentials $credentials)
	Constructor. More...

	getLogger ()
	Get logger. More...

	getCredentials ()

Public Member Functions inherited from ilAuthProviderInterface
	doAuthentication (\ilAuthStatus $status)
	Do authentication. More...

	getTriggerAuthMode ()
	Get auth mode which triggered the account migration 2_1 for ldap account migration with server id 1 11 for apache auth. More...

	getUserAuthModeName ()
	Get user auth mode name ldap_1 for ldap account migration with server id 1 apache for apache auth. More...

	getExternalAccountName ()
	Get external account name. More...

	migrateAccount (ilAuthStatus $status)
	Create new account. More...

	createNewAccount (ilAuthStatus $status)
	Create new ILIAS account for external_account. More...

Protected Member Functions
	updateAccount (ilAuthStatus $status, array $user)
	Update Account. More...

	initServer (int $a_server_id)

	changeKeyCase (string $a_string)
	Change case similar to array_change_key_case, to avoid further encoding problems. More...

Protected Member Functions inherited from ilAuthProvider
	handleAuthenticationFail (ilAuthStatus $status, string $a_reason)
	Handle failed authentication. More...

Private Attributes
ilLDAPServer	$server

string	$migration_account = ''

bool	$force_new_account = false

Detailed Description

Author: Stefan Meyer smeye.nosp@m.r.il.nosp@m.ias@g.nosp@m.mx.d.nosp@m.e

Definition at line 26 of file class.ilAuthProviderLDAP.php.

Constructor & Destructor Documentation

◆ __construct()

ilAuthProviderLDAP::__construct	(	ilAuthCredentials	$credentials,
		int	$a_server_id = `0`
	)

Definition at line 32 of file class.ilAuthProviderLDAP.php.

    {
        parent::__construct($credentials);
        $this->initServer($a_server_id);
    }

References ilAuthProvider\$credentials, ILIAS\GlobalScreen\Provider\__construct(), and initServer().

Here is the call graph for this function:

Member Function Documentation

◆ changeKeyCase()

ilAuthProviderLDAP::changeKeyCase ( string $a_string )

protected

Change case similar to array_change_key_case, to avoid further encoding problems.

Returns: string|int

Definition at line 245 of file class.ilAuthProviderLDAP.php.

    {
        return array_key_first(array_change_key_case([$a_string => $a_string]));
    }

Referenced by createNewAccount(), doAuthentication(), and migrateAccount().

Here is the caller graph for this function:

◆ createNewAccount()

ilAuthProviderLDAP::createNewAccount ( ilAuthStatus $status )

@inheritDoc

Implements ilAuthProviderAccountMigrationInterface.

Definition at line 157 of file class.ilAuthProviderLDAP.php.

                                                          : void
    {
        $this->force_new_account = true;
 
        try {
            $query = new ilLDAPQuery($this->getServer());
            $query->bind();
        } catch (ilLDAPQueryException $e) {
            $this->getLogger()->error('Cannot bind to LDAP server... ' . $e->getMessage());
            $this->handleAuthenticationFail($status, 'auth_err_ldap_exception');
            return;
        }
        try {
            // fetch user
            $users = $query->fetchUser(
                $this->getCredentials()->getUsername()
            );
            if (!$users) {
                $this->handleAuthenticationFail($status, 'err_wrong_login');
                return;
            }
            if (!array_key_exists($this->changeKeyCase($this->getCredentials()->getUsername()), $users)) {
                $this->handleAuthenticationFail($status, 'err_wrong_login');
                return;
            }
        } catch (ilLDAPQueryException $e) {
            $this->getLogger()->error('Cannot fetch LDAP user data... ' . $e->getMessage());
            $this->handleAuthenticationFail($status, 'auth_err_ldap_exception');
            return;
        }
 
        // authentication success update profile
        $this->updateAccount($status, $users[$this->changeKeyCase($this->getCredentials()->getUsername())]);
    }

References Vendor\Package\$e, $query, changeKeyCase(), ilAuthProvider\getCredentials(), ilAuthProvider\getLogger(), getServer(), ilAuthProvider\handleAuthenticationFail(), and updateAccount().

Here is the call graph for this function:

◆ doAuthentication()

ilAuthProviderLDAP::doAuthentication ( ilAuthStatus $status )

@inheritDoc

Definition at line 46 of file class.ilAuthProviderLDAP.php.

                                                          : bool
    {
        try {
            // bind
            $query = new ilLDAPQuery($this->getServer());
            $query->bind();
        } catch (ilLDAPQueryException $e) {
            $this->getLogger()->error('Cannot bind to LDAP server... ' . $e->getMessage());
            $this->handleAuthenticationFail($status, 'auth_err_ldap_exception');
            return false;
        }
        try {
            // Read user data, which does ensure a sucessful authentication.
            $users = $query->fetchUser(
                $this->getCredentials()->getUsername()
            );
 
            if (!$users) {
                $this->handleAuthenticationFail($status, 'err_wrong_login');
                return false;
            }
            if (!trim($this->getCredentials()->getPassword())) {
                $this->handleAuthenticationFail($status, 'err_wrong_login');
                return false;
            }
            if (!array_key_exists($this->changeKeyCase($this->getCredentials()->getUsername()), $users)) {
                $this->getLogger()->warning('Cannot find user: ' . $this->changeKeyCase($this->getCredentials()->getUsername()));
                $this->handleAuthenticationFail($status, 'auth_err_ldap_exception');
                return false;
            }
 
            // check group membership
            if (!$query->checkGroupMembership(
                $this->getCredentials()->getUsername(),
                $users[$this->changeKeyCase($this->getCredentials()->getUsername())]
            )) {
                $this->handleAuthenticationFail($status, 'err_wrong_login');
                return false;
            }
        } catch (ilLDAPQueryException $e) {
            $this->getLogger()->error('Cannot fetch LDAP user data... ' . $e->getMessage());
            $this->handleAuthenticationFail($status, 'auth_err_ldap_exception');
            return false;
        }
        try {
            // now bind with login credentials
            $query->bind(
                ilLDAPQuery::LDAP_BIND_AUTH,
                $users[$this->changeKeyCase($this->getCredentials()->getUsername())]['dn'],
                $this->getCredentials()->getPassword()
            );
        } catch (ilLDAPQueryException $e) {
            $this->handleAuthenticationFail($status, 'err_wrong_login');
            return false;
        }
 
        // authentication success update profile
        return $this->updateAccount($status, $users[$this->changeKeyCase($this->getCredentials()->getUsername())]);
    }

References Vendor\Package\$e, $query, changeKeyCase(), ilAuthProvider\getCredentials(), ilAuthProvider\getLogger(), getServer(), ilAuthProvider\handleAuthenticationFail(), ilLDAPQuery\LDAP_BIND_AUTH, and updateAccount().

Here is the call graph for this function:

◆ getExternalAccountName()

ilAuthProviderLDAP::getExternalAccountName ( )

@inheritDoc

Implements ilAuthProviderAccountMigrationInterface.

Definition at line 231 of file class.ilAuthProviderLDAP.php.

                                            : string
    {
        return $this->migration_account;
    }

References $migration_account.

◆ getServer()

ilAuthProviderLDAP::getServer ( )

Definition at line 38 of file class.ilAuthProviderLDAP.php.

                               : ilLDAPServer
    {
        return $this->server;
    }

References $server.

Referenced by createNewAccount(), doAuthentication(), getTriggerAuthMode(), getUserAuthModeName(), migrateAccount(), and updateAccount().

Here is the caller graph for this function:

◆ getTriggerAuthMode()

ilAuthProviderLDAP::getTriggerAuthMode ( )

@inheritDoc

Implements ilAuthProviderAccountMigrationInterface.

Definition at line 215 of file class.ilAuthProviderLDAP.php.

                                        : string
    {
        return ilAuthUtils::AUTH_LDAP . '_' . $this->getServer()->getServerId();
    }

References ilAuthUtils\AUTH_LDAP, and getServer().

Here is the call graph for this function:

◆ getUserAuthModeName()

ilAuthProviderLDAP::getUserAuthModeName ( )

@inheritDoc

Implements ilAuthProviderAccountMigrationInterface.

Definition at line 223 of file class.ilAuthProviderLDAP.php.

                                         : string
    {
        return 'ldap_' . $this->getServer()->getServerId();
    }

References getServer().

Here is the call graph for this function:

◆ initServer()

ilAuthProviderLDAP::initServer ( int $a_server_id )

protected

Definition at line 149 of file class.ilAuthProviderLDAP.php.

                                                   : void
    {
        $this->server = new ilLDAPServer($a_server_id);
    }

Referenced by __construct().

Here is the caller graph for this function:

◆ migrateAccount()

ilAuthProviderLDAP::migrateAccount ( ilAuthStatus $status )

@inheritDoc

Implements ilAuthProviderAccountMigrationInterface.

Definition at line 195 of file class.ilAuthProviderLDAP.php.

                                                        : void
    {
        $this->force_new_account = true;
 
        try {
            $query = new ilLDAPQuery($this->getServer());
            $query->bind();
        } catch (ilLDAPQueryException $e) {
            $this->getLogger()->error('Cannot bind to LDAP server... ' . $e->getMessage());
            $this->handleAuthenticationFail($status, 'auth_err_ldap_exception');
            return;
        }
 
        $users = $query->fetchUser($this->getCredentials()->getUsername());
        $this->updateAccount($status, $users[$this->changeKeyCase($this->getCredentials()->getUsername())]);
    }

References Vendor\Package\$e, $query, changeKeyCase(), ilAuthProvider\getCredentials(), ilAuthProvider\getLogger(), getServer(), ilAuthProvider\handleAuthenticationFail(), and updateAccount().

Here is the call graph for this function:

◆ setExternalAccountName()

ilAuthProviderLDAP::setExternalAccountName ( string $a_name )

Definition at line 236 of file class.ilAuthProviderLDAP.php.

                                                          : void
    {
        $this->migration_account = $a_name;
    }

Referenced by updateAccount().

Here is the caller graph for this function:

◆ updateAccount()

ilAuthProviderLDAP::updateAccount	(	ilAuthStatus	$status,
		array	$user
	)

protected

Update Account.

Definition at line 109 of file class.ilAuthProviderLDAP.php.

                                                                       : bool
    {
        $user = array_change_key_case($user, CASE_LOWER);
        $this->getLogger()->dump($user, ilLogLevel::DEBUG);
 
        $sync = new ilLDAPUserSynchronisation(
            'ldap_' . $this->getServer()->getServerId(),
            $this->getServer()->getServerId()
        );
        $sync->setExternalAccount($this->getCredentials()->getUsername());
        $sync->setUserData($user);
        $sync->forceCreation($this->force_new_account);
 
        try {
            $internal_account = $sync->sync();
            $this->getLogger()->debug('Internal account: ' . $internal_account);
        } catch (UnexpectedValueException $e) {
            $this->getLogger()->info('Login failed with message: ' . $e->getMessage());
            $this->handleAuthenticationFail($status, 'err_wrong_login');
            return false;
        } catch (ilLDAPSynchronisationFailedException $e) {
            $this->handleAuthenticationFail($status, 'err_auth_ldap_failed');
            return false;
        } catch (ilLDAPSynchronisationForbiddenException $e) {
            // No syncronisation allowed => create Error
            $this->getLogger()->info('Login failed with message: ' . $e->getMessage());
            $this->handleAuthenticationFail($status, 'err_auth_ldap_no_ilias_user');
            return false;
        } catch (ilLDAPAccountMigrationRequiredException $e) {
            // Account migration required
            $this->setExternalAccountName($this->getCredentials()->getUsername());
            $this->getLogger()->info('Authentication failed: account migration required for external account: ' . $this->getCredentials()->getUsername());
            $status->setStatus(ilAuthStatus::STATUS_ACCOUNT_MIGRATION_REQUIRED);
            return false;
        }
        $status->setStatus(ilAuthStatus::STATUS_AUTHENTICATED);
        $status->setAuthenticatedUserId(ilObjUser::_lookupId($internal_account));
        return true;
    }