ILIAS  trunk Revision v11.0_alpha-3011-gc6b235a2e85
class.ilLDAPServer.php
Go to the documentation of this file.
1<?php
2
19declare(strict_types=1);
20
24class ilLDAPServer
25{
26 private static array $instances = [];
27
28 public const LDAP_BIND_ANONYMOUS = 0;
29 public const LDAP_BIND_USER = 1;
30
31 public const LDAP_SCOPE_SUB = 0;
32 public const LDAP_SCOPE_ONE = 1;
33 public const LDAP_SCOPE_BASE = 2;
34
35 private const DEBUG = false;
36 private const DEFAULT_VERSION = 3;
37 public const DEFAULT_NETWORK_TIMEOUT = 5;
38
39 private string $role_bind_dn = '';
40 private string $role_bind_pass = '';
41 private bool $role_sync_active = false;
42
43 private int $server_id;
44 private array $fallback_urls = array();
45 private string $url = '';
46 private string $url_string = '';
47
48 private bool $enabled_authentication = true;
49 private int $authentication_mapping = 0;
50 private bool $escape_dn = false;
51
52 private bool $active = false;
53
54 private string $name = '';
55 private int $version = self::DEFAULT_VERSION;
56 private string $base_dn = '';
57 private bool $referrals = false;
58 private bool $tls = false;
59 private int $binding_type = self::LDAP_BIND_ANONYMOUS;
60 private string $bind_user = '';
61 private string $bind_password = '';
62 private string $search_base = '';
63 private string $user_attribute = '';
64 private int $user_scope = self::LDAP_SCOPE_ONE;
65 private string $group_filter = '';
66 private string $filter = '';
67 private string $group_dn = '';
68 private string $group_member = '';
69 private int $group_scope = self::LDAP_SCOPE_ONE;
70 private string $group_name = '';
71 private bool $memberisdn = false;
72 private string $group_attribute = '';
73 private bool $group_optional = true;
74 private string $group_user_filter = '';
75 private bool $sync_on_login = false;
76 private bool $sync_per_cron = false;
77 private bool $account_migration = false;
78 private string $username_filter = '';
79 private int $global_role = 0;
80
81 private ilDBInterface $db;
82 private ilLanguage $lng;
83 private ilErrorHandling $ilErr;
84
85 public function __construct(int $a_server_id = 0)
86 {
87 global $DIC;
88
89 $this->db = $DIC->database();
90 $this->lng = $DIC->language();
91 $this->ilErr = $DIC['ilErr'];
92
93 $this->server_id = $a_server_id;
94
95 $this->read();
96 }
97
101 public static function getInstanceByServerId(int $a_server_id): ilLDAPServer
102 {
103 return self::$instances[$a_server_id] ?? (self::$instances[$a_server_id] = new ilLDAPServer($a_server_id));
104 }
105
109 public function rotateFallbacks(): bool
110 {
111 if (!$this->fallback_urls) {
112 return false;
113 }
114
115 $all_urls = array_merge($this->fallback_urls);
116 $all_urls[] = $this->getUrl();
117
118 $query = 'UPDATE ldap_server_settings SET ' .
119 'url = ' . $this->db->quote(implode(',', $all_urls), 'text') . ' ' .
120 'WHERE server_id = ' . $this->db->quote($this->getServerId(), 'integer');
121 $this->db->manipulate($query);
122 return true;
123 }
124
125
129 public static function checkLDAPLib(): bool
130 {
131 return function_exists('ldap_bind');
132 }
133
139 public static function _getActiveServerList(): array
140 {
141 global $DIC;
142
143 $ilDB = $DIC['ilDB'];
144
145 $query = "SELECT server_id FROM ldap_server_settings " .
146 "WHERE active = 1 AND authentication = 1 " .
147 "ORDER BY name ";
148 $res = $ilDB->query($query);
149
150 $server_ids = [];
151
152 while ($row = $ilDB->fetchObject($res)) {
153 $server_ids[] = (int) $row->server_id;
154 }
155 return $server_ids;
156 }
157
163 public static function _getCronServerIds(): array
164 {
165 global $DIC;
166
167 $ilDB = $DIC['ilDB'];
168
169 $query = "SELECT server_id FROM ldap_server_settings " .
170 "WHERE active = 1 " .
171 "AND sync_per_cron = 1 " .
172 "ORDER BY name";
173
174 $res = $ilDB->query($query);
175
176 $server_ids = [];
177
178 while ($row = $ilDB->fetchObject($res)) {
179 $server_ids[] = (int) $row->server_id;
180 }
181 return $server_ids;
182 }
183
188 public static function _getRoleSyncServerIds(): array
189 {
190 global $DIC;
191
192 $ilDB = $DIC['ilDB'];
193
194 $query = "SELECT server_id FROM ldap_server_settings " .
195 "WHERE active = 1 " .
196 "AND role_sync_active = 1 ";
197
198 $res = $ilDB->query($query);
199
200 $server_ids = [];
201
202 while ($row = $ilDB->fetchObject($res)) {
203 $server_ids[] = (int) $row->server_id;
204 }
205 return $server_ids;
206 }
207
213 public static function _getFirstActiveServer(): int
214 {
215 $servers = self::_getActiveServerList();
216 if (count($servers)) {
217 return $servers[0];
218 }
219 return 0;
220 }
221
227 public static function _getServerList(): array
228 {
229 global $DIC;
230
231 $ilDB = $DIC['ilDB'];
232
233 $query = "SELECT server_id FROM ldap_server_settings ORDER BY name";
234 $res = $ilDB->query($query);
235
236 $server_ids = [];
237
238 while ($row = $ilDB->fetchObject($res)) {
239 $server_ids[] = $row->server_id;
240 }
241 return $server_ids;
242 }
243
248 public static function getServerIds(): array
249 {
250 global $DIC;
251
252 $ilDB = $DIC['ilDB'];
253
254 $query = "SELECT server_id FROM ldap_server_settings ORDER BY name";
255
256 $res = $ilDB->query($query);
257
258 $server = [];
259 while ($row = $res->fetchRow(ilDBConstants::FETCHMODE_OBJECT)) {
260 $server[] = (int) $row->server_id;
261 }
262 return $server;
263 }
264
269 public static function _getAllServer(): array
270 {
271 global $DIC;
272
273 $ilDB = $DIC['ilDB'];
274
275 $query = 'SELECT * FROM ldap_server_settings ORDER BY name';
276
277 $server = [];
278
279 $res = $ilDB->query($query);
280 while ($row = $ilDB->fetchAssoc($res)) {
281 $server[] = $row;
282 }
283 return $server;
284 }
285
286 public static function getAvailableDataSources(int $a_auth_mode): array
287 {
288 global $DIC;
289
290 $ilDB = $DIC['ilDB'];
291
292 $query = "SELECT server_id FROM ldap_server_settings " .
293 "WHERE active = " . $ilDB->quote(1, 'integer') . " " .
294 "AND authentication = " . $ilDB->quote(0, 'integer') . " " .
295 "AND ( authentication_type = " . $ilDB->quote($a_auth_mode, 'integer') . " " .
296 "OR authentication_type = " . $ilDB->quote(0, 'integer') . ")";
297 $res = $ilDB->query($query);
298
299 $server_ids = array();
300 while ($row = $res->fetchRow(ilDBConstants::FETCHMODE_OBJECT)) {
301 $server_ids[] = $row->server_id;
302 }
303 return $server_ids;
304 }
305
309 public static function isDataSourceActive(int $a_auth_mode): bool
310 {
311 global $DIC;
312
313 $ilDB = $DIC['ilDB'];
314
315 $query = "SELECT server_id FROM ldap_server_settings " .
316 "WHERE authentication_type = " . $ilDB->quote($a_auth_mode, 'integer') . " " .
317 "AND authentication = " . $ilDB->quote(0, 'integer');
318 $res = $ilDB->query($query);
319 if ($res->fetchRow(ilDBConstants::FETCHMODE_OBJECT)) {
320 return true;
321 }
322 return false;
323 }
324
325 public static function getDataSource(int $a_auth_mode): int
326 {
327 global $DIC;
328
329 $ilDB = $DIC['ilDB'];
330
331 $query = "SELECT server_id FROM ldap_server_settings " .
332 "WHERE authentication_type = " . $ilDB->quote($a_auth_mode, 'integer') . " ";
333 $res = $ilDB->query($query);
334 if ($row = $res->fetchRow(ilDBConstants::FETCHMODE_OBJECT)) {
335 return $row->server_id;
336 }
337 return 0;
338 }
339
343 public static function disableDataSourceForAuthMode(int $a_authmode): bool
344 {
345 global $DIC;
346
347 $ilDB = $DIC['ilDB'];
348
349 $query = 'UPDATE ldap_server_settings ' .
350 'SET authentication_type = ' . $ilDB->quote(0, 'integer') . ' ' .
351 'WHERE authentication_type = ' . $ilDB->quote($a_authmode, 'integer');
352 $ilDB->manipulate($query);
353 return true;
354 }
355
356
357
362 public static function toggleDataSource(int $a_ldap_server_id, int $a_auth_mode, int $a_status): bool
363 {
364 global $DIC;
365
366 $ilDB = $DIC['ilDB'];
367
368 self::disableDataSourceForAuthMode($a_auth_mode);
369
370 if ($a_status) {
371 $query = "UPDATE ldap_server_settings " .
372 'SET authentication_type = ' . $ilDB->quote($a_auth_mode, 'integer') . " " .
373 'WHERE server_id = ' . $ilDB->quote($a_ldap_server_id, 'integer');
374 $ilDB->manipulate($query);
375 }
376 return true;
377 }
378
382 public static function isAuthModeLDAP(string $a_auth_mode): bool
383 {
384 global $DIC;
385
386 $logger = $DIC->logger()->auth();
387
388 if ($a_auth_mode === '') {
389 $logger->error(__METHOD__ . ': No auth mode given..............');
390 return false;
391 }
392
393 $auth_arr = explode('_', $a_auth_mode);
394
395 return ((int) $auth_arr[0] === ilAuthUtils::AUTH_LDAP) && (isset($auth_arr[1]) && $auth_arr[1]);
396 }
397
401 public static function getServerIdByAuthMode(string $a_auth_mode): ?int
402 {
403 if (self::isAuthModeLDAP($a_auth_mode)) {
404 $auth_arr = explode('_', $a_auth_mode);
405 return (int) $auth_arr[1];
406 }
407
408 return null;
409 }
410
414 public static function getAuthModeByKey(string $a_auth_key): string
415 {
416 $auth_arr = explode('_', $a_auth_key);
417 if (count($auth_arr) > 1) {
418 return 'ldap_' . $auth_arr[1];
419 }
420 return 'ldap';
421 }
422
427 public static function getKeyByAuthMode(string $a_auth_mode)
428 {
429 $auth_arr = explode('_', $a_auth_mode);
430 if (count($auth_arr) > 1) {
431 return ilAuthUtils::AUTH_LDAP . '_' . $auth_arr[1];
432 }
433 return ilAuthUtils::AUTH_LDAP;
434 }
435
436 // Set/Get
437 public function getServerId(): int
438 {
439 return $this->server_id;
440 }
441
445 public function enableAuthentication(bool $a_status): void
446 {
447 $this->enabled_authentication = $a_status;
448 }
449
453 public function isAuthenticationEnabled(): bool
454 {
455 return $this->enabled_authentication;
456 }
457
461 public function setAuthenticationMapping(int $a_map): void
462 {
463 $this->authentication_mapping = $a_map;
464 }
465
469 public function getAuthenticationMapping(): int
470 {
471 return $this->authentication_mapping;
472 }
473
478 public function getAuthenticationMappingKey(): string
479 {
480 if ($this->isAuthenticationEnabled() || !$this->getAuthenticationMapping()) {
481 return 'ldap_' . $this->getServerId();
482 }
483 return ilAuthUtils::_getAuthModeName($this->getAuthenticationMapping());
484 }
485
486 public function toggleActive(bool $a_status): void
487 {
488 $this->active = $a_status;
489 }
490 public function isActive(): bool
491 {
492 return $this->active;
493 }
494 public function getUrl(): string
495 {
496 return $this->url;
497 }
498 public function setUrl(string $a_url): void
499 {
500 $this->url_string = $a_url;
501
502 // Maybe there are more than one url's (comma seperated).
503 $urls = explode(',', $a_url);
504
505 $counter = 0;
506 foreach ($urls as $url) {
507 $url = trim($url);
508 if (!$counter++) {
509 $this->url = $url;
510 } else {
511 $this->fallback_urls[] = $url;
512 }
513 }
514 }
515 public function getUrlString(): string
516 {
517 return $this->url_string;
518 }
519
527 public function doConnectionCheck(): bool
528 {
529 foreach (array_merge(array(0 => $this->url), $this->fallback_urls) as $url) {
530 try {
531 ilLoggerFactory::getLogger('auth')->debug('Using url: ' . $url);
532 // Need to do a full bind, since openldap return valid connection links for invalid hosts
533 $query = new ilLDAPQuery($this, $url);
534 $query->bind(ilLDAPQuery::LDAP_BIND_TEST);
535 $this->url = $url;
536 return true;
537 } catch (ilLDAPQueryException $exc) {
538 $this->rotateFallbacks();
539 ilLoggerFactory::getLogger('auth')->error('Cannot connect to LDAP server: ' . $url . ' ' . $exc->getCode() . ' ' . $exc->getMessage());
540 }
541 }
542 ilLoggerFactory::getLogger('auth')->warning('No valid LDAP server found');
543 return false;
544 }
545
546
547 public function getName(): string
548 {
549 return $this->name;
550 }
551 public function setName(string $a_name): void
552 {
553 $this->name = $a_name;
554 }
555 public function getVersion(): int
556 {
557 return $this->version;
558 }
559 public function setVersion(int $a_version): void
560 {
561 $this->version = $a_version;
562 }
563 public function getBaseDN(): string
564 {
565 return $this->base_dn;
566 }
567 public function setBaseDN(string $a_base_dn): void
568 {
569 $this->base_dn = $a_base_dn;
570 }
571 public function isActiveReferrer(): bool
572 {
573 return $this->referrals;
574 }
575 public function toggleReferrer(bool $a_status): void
576 {
577 $this->referrals = $a_status;
578 }
579 public function isActiveTLS(): bool
580 {
581 return $this->tls;
582 }
583 public function toggleTLS(bool $a_status): void
584 {
585 $this->tls = $a_status;
586 }
587 public function getBindingType(): int
588 {
589 return $this->binding_type;
590 }
591 public function setBindingType(int $a_type): void
592 {
593 if ($a_type === self::LDAP_BIND_USER) {
594 $this->binding_type = self::LDAP_BIND_USER;
595 } else {
596 $this->binding_type = self::LDAP_BIND_ANONYMOUS;
597 }
598 }
599 public function getBindUser(): string
600 {
601 return $this->bind_user;
602 }
603 public function setBindUser(string $a_user): void
604 {
605 $this->bind_user = $a_user;
606 }
607 public function getBindPassword(): string
608 {
609 return $this->bind_password;
610 }
611 public function setBindPassword(string $a_password): void
612 {
613 $this->bind_password = $a_password;
614 }
615 public function getSearchBase(): string
616 {
617 return $this->search_base;
618 }
619 public function setSearchBase(string $a_search_base): void
620 {
621 $this->search_base = $a_search_base;
622 }
623 public function getUserAttribute(): string
624 {
625 return $this->user_attribute;
626 }
627 public function setUserAttribute(string $a_user_attr): void
628 {
629 $this->user_attribute = $a_user_attr;
630 }
631 public function getFilter(): string
632 {
633 return $this->prepareFilter($this->filter);
634 }
635 public function setFilter(string $a_filter): void
636 {
637 $this->filter = $a_filter;
638 }
639 public function getGroupDN(): string
640 {
641 return $this->group_dn;
642 }
643 public function setGroupDN(string $a_value): void
644 {
645 $this->group_dn = $a_value;
646 }
647 public function getGroupFilter(): string
648 {
649 return $this->prepareFilter($this->group_filter);
650 }
651 public function setGroupFilter(string $a_value): void
652 {
653 $this->group_filter = $a_value;
654 }
655 public function getGroupMember(): string
656 {
657 return $this->group_member;
658 }
659 public function setGroupMember(string $a_value): void
660 {
661 $this->group_member = $a_value;
662 }
663 public function getGroupName(): string
664 {
665 return $this->group_name;
666 }
667 public function setGroupName(string $a_value): void
668 {
669 $this->group_name = $a_value;
670 }
671
676 public function getGroupNames(): array
677 {
678 $names = explode(',', $this->getGroupName());
679
680 if (!is_array($names)) {
681 return [];
682 }
683
684 return array_filter(array_map('trim', $names));
685 }
686
687
688 public function getGroupAttribute(): string
689 {
690 return $this->group_attribute;
691 }
692 public function setGroupAttribute(string $a_value): void
693 {
694 $this->group_attribute = $a_value;
695 }
696 public function toggleMembershipOptional(bool $a_status): void
697 {
698 $this->group_optional = $a_status;
699 }
700 public function isMembershipOptional(): bool
701 {
702 return $this->group_optional;
703 }
704 public function setGroupUserFilter(string $a_filter): void
705 {
706 $this->group_user_filter = $a_filter;
707 }
708 public function getGroupUserFilter(): string
709 {
710 return $this->group_user_filter;
711 }
712
713 public function enabledGroupMemberIsDN(): bool
714 {
715 return $this->memberisdn;
716 }
717 public function enableGroupMemberIsDN(bool $a_value): void
718 {
719 $this->memberisdn = $a_value;
720 }
721 public function setGroupScope(int $a_value): void
722 {
723 $this->group_scope = $a_value;
724 }
725 public function getGroupScope(): int
726 {
727 return $this->group_scope;
728 }
729 public function setUserScope(int $a_value): void
730 {
731 $this->user_scope = $a_value;
732 }
733 public function getUserScope(): int
734 {
735 return $this->user_scope;
736 }
737 public function enabledSyncOnLogin(): bool
738 {
739 return $this->sync_on_login;
740 }
741 public function enableSyncOnLogin(bool $a_value): void
742 {
743 $this->sync_on_login = $a_value;
744 }
745 public function enabledSyncPerCron(): bool
746 {
747 return $this->sync_per_cron;
748 }
749 public function enableSyncPerCron(bool $a_value): void
750 {
751 $this->sync_per_cron = $a_value;
752 }
753 public function setGlobalRole(int $a_role): void
754 {
755 $this->global_role = $a_role;
756 }
757 public function getRoleBindDN(): string
758 {
759 return $this->role_bind_dn;
760 }
761 public function setRoleBindDN(string $a_value): void
762 {
763 $this->role_bind_dn = $a_value;
764 }
765 public function getRoleBindPassword(): string
766 {
767 return $this->role_bind_pass;
768 }
769 public function setRoleBindPassword(string $a_value): void
770 {
771 $this->role_bind_pass = $a_value;
772 }
773 public function enabledRoleSynchronization(): bool
774 {
775 return $this->role_sync_active;
776 }
777 public function enableRoleSynchronization(bool $a_value): void
778 {
779 $this->role_sync_active = $a_value;
780 }
781
782 public function getUsernameFilter(): string
783 {
784 return $this->username_filter;
785 }
786 public function setUsernameFilter(string $a_value): void
787 {
788 $this->username_filter = $a_value;
789 }
790
791 public function enableEscapeDN(bool $a_value): void
792 {
793 $this->escape_dn = $a_value;
794 }
795
796 public function enabledEscapeDN(): bool
797 {
798 return $this->escape_dn;
799 }
800
804 public function enableAccountMigration(bool $a_status): void
805 {
806 $this->account_migration = $a_status;
807 }
808
812 public function isAccountMigrationEnabled(): bool
813 {
814 return $this->account_migration;
815 }
816
817
821 public function validate(): bool
822 {
823 $this->ilErr->setMessage('');
824 if ($this->getName() === '' ||
825 $this->getUrl() === '' ||
826 $this->getBaseDN() === '' ||
827 $this->getUserAttribute() === '') {
828 $this->ilErr->setMessage($this->lng->txt('fill_out_all_required_fields'));
829 }
830
831 if ($this->getBindingType() === self::LDAP_BIND_USER
832 && ($this->getBindUser() === '' || $this->getBindPassword() === '')) {
833 $this->ilErr->appendMessage($this->lng->txt('ldap_missing_bind_user'));
834 }
835
836 if (!$this->global_role && ($this->enabledSyncPerCron() || $this->enabledSyncOnLogin())) {
837 $this->ilErr->appendMessage($this->lng->txt('ldap_missing_role_assignment'));
838 }
839 if ($this->getVersion() === 2 && $this->isActiveTLS()) {
840 $this->ilErr->appendMessage($this->lng->txt('ldap_tls_conflict'));
841 }
842
843 return $this->ilErr->getMessage() === '';
844 }
845
846 public function create(): int
847 {
848 $next_id = $this->db->nextId('ldap_server_settings');
849
850 $query = 'INSERT INTO ldap_server_settings (server_id,active,name,url,version,base_dn,referrals,tls,bind_type,bind_user,bind_pass,' .
851 'search_base,user_scope,user_attribute,filter,group_dn,group_scope,group_filter,group_member,group_memberisdn,group_name,' .
852 'group_attribute,group_optional,group_user_filter,sync_on_login,sync_per_cron,role_sync_active,role_bind_dn,role_bind_pass,migration, ' .
853 'authentication,authentication_type,username_filter, escape_dn) ' .
854 'VALUES (%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s)';
855 $this->db->queryF(
856 $query,
857 array(
858 'integer','integer','text','text','integer','text','integer','integer','integer','text','text','text','integer',
859 'text','text','text','integer','text','text','integer','text','text','integer','text','integer','integer','integer',
860 'text','text', 'integer','integer','integer',"text", 'integer'),
861 array(
862 $next_id,
863 $this->isActive(),
864 $this->getName(),
865 $this->getUrlString(),
866 $this->getVersion(),
867 $this->getBaseDN(),
868 $this->isActiveReferrer(),
869 $this->isActiveTLS(),
870 $this->getBindingType(),
871 $this->getBindUser(),
872 $this->getBindPassword(),
873 $this->getSearchBase(),
874 $this->getUserScope(),
875 $this->getUserAttribute(),
876 $this->getFilter(),
877 $this->getGroupDN(),
878 $this->getGroupScope(),
879 $this->getGroupFilter(),
880 $this->getGroupMember(),
881 $this->enabledGroupMemberIsDN(),
882 $this->getGroupName(),
883 $this->getGroupAttribute(),
884 $this->isMembershipOptional(),
885 $this->getGroupUserFilter(),
886 $this->enabledSyncOnLogin(),
887 $this->enabledSyncPerCron(),
888 $this->enabledRoleSynchronization(),
889 $this->getRoleBindDN(),
890 $this->getRoleBindPassword(),
891 $this->isAccountMigrationEnabled(),
892 $this->isAuthenticationEnabled(),
893 $this->getAuthenticationMapping(),
894 $this->getUsernameFilter(),
895 (int) $this->enabledEscapeDN()
896 )
897 );
898 // end Patch Name Filter
899 $this->server_id = $next_id;
900 return $next_id;
901 }
902
903 public function update(): bool
904 {
905 $query = "UPDATE ldap_server_settings SET " .
906 "active = " . $this->db->quote($this->isActive(), 'integer') . ", " .
907 "name = " . $this->db->quote($this->getName(), 'text') . ", " .
908 "url = " . $this->db->quote($this->getUrlString(), 'text') . ", " .
909 "version = " . $this->db->quote($this->getVersion(), 'integer') . ", " .
910 "base_dn = " . $this->db->quote($this->getBaseDN(), 'text') . ", " .
911 "referrals = " . $this->db->quote($this->isActiveReferrer(), 'integer') . ", " .
912 "tls = " . $this->db->quote($this->isActiveTLS(), 'integer') . ", " .
913 "bind_type = " . $this->db->quote($this->getBindingType(), 'integer') . ", " .
914 "bind_user = " . $this->db->quote($this->getBindUser(), 'text') . ", " .
915 "bind_pass = " . $this->db->quote($this->getBindPassword(), 'text') . ", " .
916 "search_base = " . $this->db->quote($this->getSearchBase(), 'text') . ", " .
917 "user_scope = " . $this->db->quote($this->getUserScope(), 'integer') . ", " .
918 "user_attribute = " . $this->db->quote($this->getUserAttribute(), 'text') . ", " .
919 "filter = " . $this->db->quote($this->getFilter(), 'text') . ", " .
920 "group_dn = " . $this->db->quote($this->getGroupDN(), 'text') . ", " .
921 "group_scope = " . $this->db->quote($this->getGroupScope(), 'integer') . ", " .
922 "group_filter = " . $this->db->quote($this->getGroupFilter(), 'text') . ", " .
923 "group_member = " . $this->db->quote($this->getGroupMember(), 'text') . ", " .
924 "group_memberisdn =" . $this->db->quote((int) $this->enabledGroupMemberIsDN(), 'integer') . ", " .
925 "group_name = " . $this->db->quote($this->getGroupName(), 'text') . ", " .
926 "group_attribute = " . $this->db->quote($this->getGroupAttribute(), 'text') . ", " .
927 "group_optional = " . $this->db->quote((int) $this->isMembershipOptional(), 'integer') . ", " .
928 "group_user_filter = " . $this->db->quote($this->getGroupUserFilter(), 'text') . ", " .
929 "sync_on_login = " . $this->db->quote(($this->enabledSyncOnLogin() ? 1 : 0), 'integer') . ", " .
930 "sync_per_cron = " . $this->db->quote(($this->enabledSyncPerCron() ? 1 : 0), 'integer') . ", " .
931 "role_sync_active = " . $this->db->quote($this->enabledRoleSynchronization(), 'integer') . ", " .
932 "role_bind_dn = " . $this->db->quote($this->getRoleBindDN(), 'text') . ", " .
933 "role_bind_pass = " . $this->db->quote($this->getRoleBindPassword(), 'text') . ", " .
934 "migration = " . $this->db->quote((int) $this->isAccountMigrationEnabled(), 'integer') . ", " .
935 'authentication = ' . $this->db->quote((int) $this->isAuthenticationEnabled(), 'integer') . ', ' .
936 'authentication_type = ' . $this->db->quote($this->getAuthenticationMapping(), 'integer') . ' ' .
937 ", username_filter = " . $this->db->quote($this->getUsernameFilter(), "text") . " " .
938 ", escape_dn = " . $this->db->quote($this->enabledEscapeDN() ? 1 : 0, 'integer') . " " .
939 "WHERE server_id = " . $this->db->quote($this->getServerId(), 'integer');
940
941 $this->db->manipulate($query);
942 return true;
943 }
944
948 public function delete(): void
949 {
950 if (!$this->getServerId()) {
951 //TODO check if we need return false
952 return;
953 }
954
955 ilLDAPAttributeMapping::_delete($this->getServerId());
956
957 $rules = ilLDAPRoleAssignmentRule::_getRules($this->getServerId());
958
959 foreach ($rules as $ruleAssigment) {
960 $ruleAssigment->delete();
961 }
962
963 ilLDAPRoleGroupMappingSettings::_deleteByServerId($this->getServerId());
964
965 $query = "DELETE FROM ldap_server_settings " .
966 "WHERE server_id = " . $this->db->quote($this->getServerId(), 'integer');
967 $this->db->manipulate($query);
968 }
969
970 //TODO check if this is still needed
976 public function toPearAuthArray(): array
977 {
978 $options = array(
979 'url' => $this->getUrl(),
980 'version' => $this->getVersion(),
981 'referrals' => $this->isActiveReferrer());
982
983 if ($this->getBindingType() === self::LDAP_BIND_USER) {
984 $options['binddn'] = $this->getBindUser();
985 $options['bindpw'] = $this->getBindPassword();
986 }
987 $options['basedn'] = $this->getBaseDN();
988 $options['start_tls'] = $this->isActiveTLS();
989 $options['userdn'] = $this->getSearchBase();
990 if ($this->getUserScope() === self::LDAP_SCOPE_ONE) {
991 $options['userscope'] = 'one';
992 } else {
993 $options['userscope'] = 'sub';
994 }
995
996 $options['userattr'] = $this->getUserAttribute();
997 $options['userfilter'] = $this->getFilter();
998 $options['attributes'] = $this->getPearAtributeArray();
999 $options['debug'] = self::DEBUG;
1000
1001
1002 $options['enableLogging'] = true;
1003
1004 switch ($this->getGroupScope()) {
1005 case self::LDAP_SCOPE_BASE:
1006 $options['groupscope'] = 'base';
1007 break;
1008 case self::LDAP_SCOPE_ONE:
1009 $options['groupscope'] = 'one';
1010 break;
1011 default:
1012 $options['groupscope'] = 'sub';
1013 break;
1014 }
1015 $options['escape_dn'] = $this->enabledEscapeDN();
1016 $options['groupdn'] = $this->getGroupDN();
1017 $options['groupattr'] = $this->getGroupAttribute();
1018 $options['groupfilter'] = $this->getGroupFilter();
1019 $options['memberattr'] = $this->getGroupMember();
1020 $options['memberisdn'] = $this->enabledGroupMemberIsDN();
1021 $options['group'] = $this->getGroupName();
1022
1023
1024 return $options;
1025 }
1026
1030 private function prepareFilter(string $a_filter): string
1031 {
1032 $filter = trim($a_filter);
1033
1034 if ($filter === '') {
1035 return $filter;
1036 }
1037
1038 if (strpos($filter, '(') !== 0) {
1039 $filter = ('(' . $filter);
1040 }
1041 if (substr($filter, -1) !== ')') {
1042 $filter .= ')';
1043 }
1044 return $filter;
1045 }
1046
1050 private function getPearAtributeArray(): array
1051 {
1052 if ($this->enabledSyncOnLogin()) {
1053 $mapping = ilLDAPAttributeMapping::_getInstanceByServerId($this->getServerId());
1054 return array_merge(
1055 array($this->getUserAttribute()),
1056 $mapping->getFields(),
1057 array('dn'),
1058 ilLDAPRoleAssignmentRules::getAttributeNames($this->getServerId())
1059 );
1060 }
1061
1062 return array($this->getUserAttribute());
1063 }
1064
1069 private function read(): void
1070 {
1071 if (!$this->server_id) {
1072 return;
1073 }
1074 $query = "SELECT * FROM ldap_server_settings WHERE server_id = " . $this->db->quote($this->server_id, ilDBConstants::T_INTEGER);
1075
1076 $res = $this->db->query($query);
1077 while ($row = $res->fetchRow(ilDBConstants::FETCHMODE_OBJECT)) {
1078 $this->toggleActive((bool) $row->active);
1079 $this->setName($row->name ?? '');
1080 $this->setUrl($row->url ?? '');
1081 $this->setVersion((int) $row->version);
1082 $this->setBaseDN($row->base_dn ?? '');
1083 $this->toggleReferrer((bool) $row->referrals);
1084 $this->toggleTLS((bool) $row->tls);
1085 $this->setBindingType((int) $row->bind_type);
1086 $this->setBindUser($row->bind_user ?? '');
1087 $this->setBindPassword($row->bind_pass ?? '');
1088 $this->setSearchBase($row->search_base ?? '');
1089 $this->setUserScope((int) $row->user_scope);
1090 $this->setUserAttribute($row->user_attribute ?? '');
1091 $this->setFilter($row->filter ?? '');
1092 $this->setGroupDN($row->group_dn ?? '');
1093 $this->setGroupScope((int) $row->group_scope);
1094 $this->setGroupFilter($row->group_filter ?? '');
1095 $this->setGroupMember($row->group_member ?? '');
1096 $this->setGroupAttribute($row->group_attribute ?? '');
1097 $this->toggleMembershipOptional((bool) $row->group_optional);
1098 $this->setGroupUserFilter($row->group_user_filter ?? '');
1099 $this->enableGroupMemberIsDN((bool) $row->group_memberisdn);
1100 $this->setGroupName($row->group_name ?? '');
1101 $this->enableSyncOnLogin((bool) $row->sync_on_login);
1102 $this->enableSyncPerCron((bool) $row->sync_per_cron);
1103 $this->enableRoleSynchronization((bool) $row->role_sync_active);
1104 $this->setRoleBindDN($row->role_bind_dn ?? '');
1105 $this->setRoleBindPassword($row->role_bind_pass ?? '');
1106 $this->enableAccountMigration((bool) $row->migration);
1107 $this->enableAuthentication((bool) $row->authentication);
1108 $this->setAuthenticationMapping((int) $row->authentication_type);
1109 $this->setUsernameFilter($row->username_filter ?? '');
1110 $this->enableEscapeDN((bool) $row->escape_dn);
1111 }
1112 }
1113}
ilAuthUtils\AUTH_LDAP
const int AUTH_LDAP
Definition: class.ilAuthUtils.php:30
ilAuthUtils\_getAuthModeName
static _getAuthModeName($a_auth_key)
Definition: class.ilAuthUtils.php:182
ilErrorHandling
Error Handling & global info handling.
Definition: class.ilErrorHandling.php:38
ilLDAPAttributeMapping\_delete
static _delete(int $a_server_id)
Definition: class.ilLDAPAttributeMapping.php:54
ilLDAPAttributeMapping\_getInstanceByServerId
static _getInstanceByServerId(int $a_server_id)
Definition: class.ilLDAPAttributeMapping.php:45
ilLDAPRoleAssignmentRule\_getRules
static _getRules($a_server_id)
Get all rules.
Definition: class.ilLDAPRoleAssignmentRule.php:202
ilLDAPRoleAssignmentRules\getAttributeNames
static getAttributeNames($a_server_id)
get all possible attribute names
Definition: class.ilLDAPRoleAssignmentRules.php:69
ilLDAPServer\setGlobalRole
setGlobalRole(int $a_role)
Definition: class.ilLDAPServer.php:753
ilLDAPServer\enableRoleSynchronization
enableRoleSynchronization(bool $a_value)
Definition: class.ilLDAPServer.php:777
ilLDAPServer\setGroupFilter
setGroupFilter(string $a_value)
Definition: class.ilLDAPServer.php:651
ilLDAPServer\_getServerList
static _getServerList()
Get list of all configured servers.
Definition: class.ilLDAPServer.php:227
ilLDAPServer\setFilter
setFilter(string $a_filter)
Definition: class.ilLDAPServer.php:635
ilLDAPServer\isAuthenticationEnabled
isAuthenticationEnabled()
Check if authentication is enabled.
Definition: class.ilLDAPServer.php:453
ilLDAPServer\enableEscapeDN
enableEscapeDN(bool $a_value)
Definition: class.ilLDAPServer.php:791
ilLDAPServer\toggleTLS
toggleTLS(bool $a_status)
Definition: class.ilLDAPServer.php:583
ilLDAPServer\enableGroupMemberIsDN
enableGroupMemberIsDN(bool $a_value)
Definition: class.ilLDAPServer.php:717
ilLDAPServer\read
read()
Read server settings.
Definition: class.ilLDAPServer.php:1069
ilLDAPServer\enableSyncOnLogin
enableSyncOnLogin(bool $a_value)
Definition: class.ilLDAPServer.php:741
ilLDAPServer\getAuthModeByKey
static getAuthModeByKey(string $a_auth_key)
get auth mode by key
Definition: class.ilLDAPServer.php:414
ilLDAPServer\__construct
__construct(int $a_server_id=0)
Definition: class.ilLDAPServer.php:85
ilLDAPServer\_getCronServerIds
static _getCronServerIds()
Get list of acticve servers with option 'SyncCron'.
Definition: class.ilLDAPServer.php:163
ilLDAPServer\checkLDAPLib
static checkLDAPLib()
Check if ldap module is installed.
Definition: class.ilLDAPServer.php:129
ilLDAPServer\disableDataSourceForAuthMode
static disableDataSourceForAuthMode(int $a_authmode)
Disable data source.
Definition: class.ilLDAPServer.php:343
ilLDAPServer\getAuthenticationMapping
getAuthenticationMapping()
Get authentication mode that is mapped.
Definition: class.ilLDAPServer.php:469
ilLDAPServer\prepareFilter
prepareFilter(string $a_filter)
Create brackets for filters if they do not exist.
Definition: class.ilLDAPServer.php:1030
ilLDAPServer\doConnectionCheck
doConnectionCheck()
Check ldap connection and do a fallback to the next server if no connection is possible.
Definition: class.ilLDAPServer.php:527
ilLDAPServer\setGroupDN
setGroupDN(string $a_value)
Definition: class.ilLDAPServer.php:643
ilLDAPServer\setGroupScope
setGroupScope(int $a_value)
Definition: class.ilLDAPServer.php:721
ilLDAPServer\_getActiveServerList
static _getActiveServerList()
Get active server list.
Definition: class.ilLDAPServer.php:139
ilLDAPServer\setRoleBindDN
setRoleBindDN(string $a_value)
Definition: class.ilLDAPServer.php:761
ilLDAPServer\setGroupUserFilter
setGroupUserFilter(string $a_filter)
Definition: class.ilLDAPServer.php:704
ilLDAPServer\isDataSourceActive
static isDataSourceActive(int $a_auth_mode)
Check if a data source is active for a specific auth mode.
Definition: class.ilLDAPServer.php:309
ilLDAPServer\enableAuthentication
enableAuthentication(bool $a_status)
Enable authentication for this ldap server.
Definition: class.ilLDAPServer.php:445
ilLDAPServer\setUrl
setUrl(string $a_url)
Definition: class.ilLDAPServer.php:498
ilLDAPServer\setGroupAttribute
setGroupAttribute(string $a_value)
Definition: class.ilLDAPServer.php:692
ilLDAPServer\toPearAuthArray
toPearAuthArray()
Creates an array of options compatible to PEAR Auth.
Definition: class.ilLDAPServer.php:976
ilLDAPServer\validate
validate()
Validate user input.
Definition: class.ilLDAPServer.php:821
ilLDAPServer\_getAllServer
static _getAllServer()
Get list of all configured servers.
Definition: class.ilLDAPServer.php:269
ilLDAPServer\setUsernameFilter
setUsernameFilter(string $a_value)
Definition: class.ilLDAPServer.php:786
ilLDAPServer\setBindPassword
setBindPassword(string $a_password)
Definition: class.ilLDAPServer.php:611
ilLDAPServer\DEFAULT_NETWORK_TIMEOUT
const DEFAULT_NETWORK_TIMEOUT
Definition: class.ilLDAPServer.php:37
ilLDAPServer\setUserAttribute
setUserAttribute(string $a_user_attr)
Definition: class.ilLDAPServer.php:627
ilLDAPServer\setGroupName
setGroupName(string $a_value)
Definition: class.ilLDAPServer.php:667
ilLDAPServer\getAuthenticationMappingKey
getAuthenticationMappingKey()
Get authentication mapping key Default is ldap.
Definition: class.ilLDAPServer.php:478
ilLDAPServer\getGroupNames
getGroupNames()
Get group names as array.
Definition: class.ilLDAPServer.php:676
ilLDAPServer\setBaseDN
setBaseDN(string $a_base_dn)
Definition: class.ilLDAPServer.php:567
ilLDAPServer\enableSyncPerCron
enableSyncPerCron(bool $a_value)
Definition: class.ilLDAPServer.php:749
ilLDAPServer\getPearAtributeArray
getPearAtributeArray()
Get attribute array for pear auth data.
Definition: class.ilLDAPServer.php:1050
ilLDAPServer\isAccountMigrationEnabled
isAccountMigrationEnabled()
enabled account migration
Definition: class.ilLDAPServer.php:812
ilLDAPServer\rotateFallbacks
rotateFallbacks()
Rotate fallback urls in case of connect timeouts.
Definition: class.ilLDAPServer.php:109
ilLDAPServer\$ilErr
ilErrorHandling $ilErr
Definition: class.ilLDAPServer.php:83
ilLDAPServer\toggleDataSource
static toggleDataSource(int $a_ldap_server_id, int $a_auth_mode, int $a_status)
Toggle Data Source.
Definition: class.ilLDAPServer.php:362
ilLDAPServer\$db
ilDBInterface $db
Definition: class.ilLDAPServer.php:81
ilLDAPServer\enableAccountMigration
enableAccountMigration(bool $a_status)
Enable account migration.
Definition: class.ilLDAPServer.php:804
ilLDAPServer\getInstanceByServerId
static getInstanceByServerId(int $a_server_id)
Get instance by server id.
Definition: class.ilLDAPServer.php:101
ilLDAPServer\$instances
static array $instances
Definition: class.ilLDAPServer.php:26
ilLDAPServer\getDataSource
static getDataSource(int $a_auth_mode)
Definition: class.ilLDAPServer.php:325
ilLDAPServer\setGroupMember
setGroupMember(string $a_value)
Definition: class.ilLDAPServer.php:659
ilLDAPServer\setBindUser
setBindUser(string $a_user)
Definition: class.ilLDAPServer.php:603
ilLDAPServer\getServerIdByAuthMode
static getServerIdByAuthMode(string $a_auth_mode)
Get auth id by auth mode.
Definition: class.ilLDAPServer.php:401
ilLDAPServer\isAuthModeLDAP
static isAuthModeLDAP(string $a_auth_mode)
Check if user auth mode is LDAP.
Definition: class.ilLDAPServer.php:382
ilLDAPServer\getKeyByAuthMode
static getKeyByAuthMode(string $a_auth_mode)
Get auth id by auth mode.
Definition: class.ilLDAPServer.php:427
ilLDAPServer\setUserScope
setUserScope(int $a_value)
Definition: class.ilLDAPServer.php:729
ilLDAPServer\setBindingType
setBindingType(int $a_type)
Definition: class.ilLDAPServer.php:591
ilLDAPServer\_getRoleSyncServerIds
static _getRoleSyncServerIds()
Check whether there if there is an active server with option role_sync_active.
Definition: class.ilLDAPServer.php:188
ilLDAPServer\toggleMembershipOptional
toggleMembershipOptional(bool $a_status)
Definition: class.ilLDAPServer.php:696
ilLDAPServer\toggleReferrer
toggleReferrer(bool $a_status)
Definition: class.ilLDAPServer.php:575
ilLDAPServer\setAuthenticationMapping
setAuthenticationMapping(int $a_map)
Set mapped authentication mapping.
Definition: class.ilLDAPServer.php:461
ilLDAPServer\toggleActive
toggleActive(bool $a_status)
Definition: class.ilLDAPServer.php:486
ilLDAPServer\_getFirstActiveServer
static _getFirstActiveServer()
Get first active server.
Definition: class.ilLDAPServer.php:213
ilLDAPServer\setSearchBase
setSearchBase(string $a_search_base)
Definition: class.ilLDAPServer.php:619
ilLDAPServer\getAvailableDataSources
static getAvailableDataSources(int $a_auth_mode)
Definition: class.ilLDAPServer.php:286
ilLDAPServer\getServerIds
static getServerIds()
Get all server ids.
Definition: class.ilLDAPServer.php:248
ilLDAPServer\setVersion
setVersion(int $a_version)
Definition: class.ilLDAPServer.php:559
ilLDAPServer\setName
setName(string $a_name)
Definition: class.ilLDAPServer.php:551
ilLDAPServer\setRoleBindPassword
setRoleBindPassword(string $a_value)
Definition: class.ilLDAPServer.php:769
ilLanguage
language handling
Definition: class.ilLanguage.php:43
ilLoggerFactory\getLogger
static getLogger(string $a_component_id)
Get component logger.
Definition: class.ilLoggerFactory.php:89
ilDBInterface
Interface ilDBInterface.
Definition: interface.ilDBInterface.php:30
$res
$res
Definition: ltiservices.php:69
ILIAS\Repository\filter
filter(string $filter_id, $class_path, string $cmd, bool $activated=true, bool $expanded=true)
Definition: trait.GlobalDICGUIServices.php:178
$DIC
global $DIC
Definition: shib_login.php:26
$server
$server
Definition: shib_login.php:28
$counter
$counter
Definition: shib_logout.php:170