ILIAS  trunk Revision v12.0_alpha-1227-g7ff6d300864
class.ilLDAPServer.php
Go to the documentation of this file.
1<?php
2
19declare(strict_types=1);
20
21class ilLDAPServer
22{
23 private static array $instances = [];
24
25 public const LDAP_BIND_ANONYMOUS = 0;
26 public const LDAP_BIND_USER = 1;
27
28 public const LDAP_SCOPE_SUB = 0;
29 public const LDAP_SCOPE_ONE = 1;
30 public const LDAP_SCOPE_BASE = 2;
31
32 private const DEBUG = false;
33 private const DEFAULT_VERSION = 3;
34 public const DEFAULT_NETWORK_TIMEOUT = 5;
35
36 private string $role_bind_dn = '';
37 private string $role_bind_pass = '';
38 private bool $role_sync_active = false;
39
40 private int $server_id;
41 private \ILIAS\LDAP\Server\ServerUrlList $url_list;
42 private bool $enabled_authentication = true;
43 private int $authentication_mapping = 0;
44 private bool $escape_dn = false;
45
46 private bool $active = false;
47
48 private string $name = '';
49 private int $version = self::DEFAULT_VERSION;
50 private string $base_dn = '';
51 private bool $referrals = false;
52 private bool $tls = false;
53 private int $binding_type = self::LDAP_BIND_ANONYMOUS;
54 private string $bind_user = '';
55 private string $bind_password = '';
56 private string $search_base = '';
57 private string $user_attribute = '';
58 private int $user_scope = self::LDAP_SCOPE_ONE;
59 private string $group_filter = '';
60 private string $filter = '';
61 private string $group_dn = '';
62 private string $group_member = '';
63 private int $group_scope = self::LDAP_SCOPE_ONE;
64 private string $group_name = '';
65 private bool $memberisdn = false;
66 private string $group_attribute = '';
67 private bool $group_optional = true;
68 private string $group_user_filter = '';
69 private bool $sync_on_login = false;
70 private bool $sync_per_cron = false;
71 private bool $account_migration = false;
72 private string $username_filter = '';
73 private int $global_role = 0;
74
75 private ilDBInterface $db;
76 private ilLanguage $lng;
77 private ilErrorHandling $ilErr;
78 private ilLogger $logger;
79
80 public function __construct(int $a_server_id = 0)
81 {
82 global $DIC;
83
84 $this->db = $DIC->database();
85 $this->lng = $DIC->language();
86 $this->ilErr = $DIC['ilErr'];
87 $this->logger = $DIC->logger()->auth();
88
89 $this->server_id = $a_server_id;
90 $this->url_list = new \ILIAS\LDAP\Server\ServerUrlList();
91
92 $this->read();
93 }
94
98 public static function getInstanceByServerId(int $a_server_id): ilLDAPServer
99 {
100 return self::$instances[$a_server_id] ?? (self::$instances[$a_server_id] = new ilLDAPServer($a_server_id));
101 }
102
106 public function rotateFallbacks(): bool
107 {
108 if ($this->url_list->count() < 2) {
109 return false;
110 }
111
112 $this->url_list = $this->url_list->rotate();
113
114 $query = 'UPDATE ldap_server_settings SET ' .
115 'url = ' . $this->db->quote($this->url_list->toString(), 'text') . ' ' .
116 'WHERE server_id = ' . $this->db->quote($this->getServerId(), 'integer');
117 $this->db->manipulate($query);
118
119 return true;
120 }
121
122
126 public static function checkLDAPLib(): bool
127 {
128 return function_exists('ldap_bind');
129 }
130
136 public static function _getActiveServerList(): array
137 {
138 global $DIC;
139
140 $ilDB = $DIC['ilDB'];
141
142 $query = "SELECT server_id FROM ldap_server_settings " .
143 "WHERE active = 1 AND authentication = 1 " .
144 "ORDER BY name ";
145 $res = $ilDB->query($query);
146
147 $server_ids = [];
148
149 while ($row = $ilDB->fetchObject($res)) {
150 $server_ids[] = (int) $row->server_id;
151 }
152 return $server_ids;
153 }
154
160 public static function _getCronServerIds(): array
161 {
162 global $DIC;
163
164 $ilDB = $DIC['ilDB'];
165
166 $query = "SELECT server_id FROM ldap_server_settings " .
167 "WHERE active = 1 " .
168 "AND sync_per_cron = 1 " .
169 "ORDER BY name";
170
171 $res = $ilDB->query($query);
172
173 $server_ids = [];
174
175 while ($row = $ilDB->fetchObject($res)) {
176 $server_ids[] = (int) $row->server_id;
177 }
178 return $server_ids;
179 }
180
185 public static function _getRoleSyncServerIds(): array
186 {
187 global $DIC;
188
189 $ilDB = $DIC['ilDB'];
190
191 $query = "SELECT server_id FROM ldap_server_settings " .
192 "WHERE active = 1 " .
193 "AND role_sync_active = 1 ";
194
195 $res = $ilDB->query($query);
196
197 $server_ids = [];
198
199 while ($row = $ilDB->fetchObject($res)) {
200 $server_ids[] = (int) $row->server_id;
201 }
202 return $server_ids;
203 }
204
210 public static function _getFirstActiveServer(): int
211 {
212 $servers = self::_getActiveServerList();
213 if (count($servers)) {
214 return $servers[0];
215 }
216 return 0;
217 }
218
224 public static function _getServerList(): array
225 {
226 global $DIC;
227
228 $ilDB = $DIC['ilDB'];
229
230 $query = "SELECT server_id FROM ldap_server_settings ORDER BY name";
231 $res = $ilDB->query($query);
232
233 $server_ids = [];
234
235 while ($row = $ilDB->fetchObject($res)) {
236 $server_ids[] = $row->server_id;
237 }
238 return $server_ids;
239 }
240
245 public static function getServerIds(): array
246 {
247 global $DIC;
248
249 $ilDB = $DIC['ilDB'];
250
251 $query = "SELECT server_id FROM ldap_server_settings ORDER BY name";
252
253 $res = $ilDB->query($query);
254
255 $server = [];
256 while ($row = $res->fetchRow(ilDBConstants::FETCHMODE_OBJECT)) {
257 $server[] = (int) $row->server_id;
258 }
259 return $server;
260 }
261
266 public static function _getAllServer(): array
267 {
268 global $DIC;
269
270 $ilDB = $DIC['ilDB'];
271
272 $query = 'SELECT * FROM ldap_server_settings ORDER BY name';
273
274 $server = [];
275
276 $res = $ilDB->query($query);
277 while ($row = $ilDB->fetchAssoc($res)) {
278 $server[] = $row;
279 }
280 return $server;
281 }
282
283 public static function getAvailableDataSources(int $a_auth_mode): array
284 {
285 global $DIC;
286
287 $ilDB = $DIC['ilDB'];
288
289 $query = "SELECT server_id FROM ldap_server_settings " .
290 "WHERE active = " . $ilDB->quote(1, 'integer') . " " .
291 "AND authentication = " . $ilDB->quote(0, 'integer') . " " .
292 "AND ( authentication_type = " . $ilDB->quote($a_auth_mode, 'integer') . " " .
293 "OR authentication_type = " . $ilDB->quote(0, 'integer') . ")";
294 $res = $ilDB->query($query);
295
296 $server_ids = array();
297 while ($row = $res->fetchRow(ilDBConstants::FETCHMODE_OBJECT)) {
298 $server_ids[] = $row->server_id;
299 }
300 return $server_ids;
301 }
302
306 public static function isDataSourceActive(int $a_auth_mode): bool
307 {
308 global $DIC;
309
310 $ilDB = $DIC['ilDB'];
311
312 $query = "SELECT server_id FROM ldap_server_settings " .
313 "WHERE authentication_type = " . $ilDB->quote($a_auth_mode, 'integer') . " " .
314 "AND authentication = " . $ilDB->quote(0, 'integer');
315 $res = $ilDB->query($query);
316 if ($res->fetchRow(ilDBConstants::FETCHMODE_OBJECT)) {
317 return true;
318 }
319 return false;
320 }
321
322 public static function getDataSource(int $a_auth_mode): int
323 {
324 global $DIC;
325
326 $ilDB = $DIC['ilDB'];
327
328 $query = "SELECT server_id FROM ldap_server_settings " .
329 "WHERE authentication_type = " . $ilDB->quote($a_auth_mode, 'integer') . " ";
330 $res = $ilDB->query($query);
331 if ($row = $res->fetchRow(ilDBConstants::FETCHMODE_OBJECT)) {
332 return $row->server_id;
333 }
334 return 0;
335 }
336
340 public static function disableDataSourceForAuthMode(int $a_authmode): bool
341 {
342 global $DIC;
343
344 $ilDB = $DIC['ilDB'];
345
346 $query = 'UPDATE ldap_server_settings ' .
347 'SET authentication_type = ' . $ilDB->quote(0, 'integer') . ' ' .
348 'WHERE authentication_type = ' . $ilDB->quote($a_authmode, 'integer');
349 $ilDB->manipulate($query);
350 return true;
351 }
352
353
354
359 public static function toggleDataSource(int $a_ldap_server_id, int $a_auth_mode, int $a_status): bool
360 {
361 global $DIC;
362
363 $ilDB = $DIC['ilDB'];
364
365 self::disableDataSourceForAuthMode($a_auth_mode);
366
367 if ($a_status) {
368 $query = "UPDATE ldap_server_settings " .
369 'SET authentication_type = ' . $ilDB->quote($a_auth_mode, 'integer') . " " .
370 'WHERE server_id = ' . $ilDB->quote($a_ldap_server_id, 'integer');
371 $ilDB->manipulate($query);
372 }
373 return true;
374 }
375
379 public static function isAuthModeLDAP(string $a_auth_mode): bool
380 {
381 global $DIC;
382
383 $logger = $DIC->logger()->auth();
384
385 if ($a_auth_mode === '') {
386 $logger->error(__METHOD__ . ': No auth mode given..............');
387 return false;
388 }
389
390 $auth_arr = explode('_', $a_auth_mode);
391
392 return ((int) $auth_arr[0] === ilAuthUtils::AUTH_LDAP) && (isset($auth_arr[1]) && $auth_arr[1]);
393 }
394
398 public static function getServerIdByAuthMode(string $a_auth_mode): ?int
399 {
400 if (self::isAuthModeLDAP($a_auth_mode)) {
401 $auth_arr = explode('_', $a_auth_mode);
402 return (int) $auth_arr[1];
403 }
404
405 return null;
406 }
407
411 public static function getAuthModeByKey(string $a_auth_key): string
412 {
413 $auth_arr = explode('_', $a_auth_key);
414 if (count($auth_arr) > 1) {
415 return 'ldap_' . $auth_arr[1];
416 }
417 return 'ldap';
418 }
419
424 public static function getKeyByAuthMode(string $a_auth_mode)
425 {
426 $auth_arr = explode('_', $a_auth_mode);
427 if (count($auth_arr) > 1) {
428 return ilAuthUtils::AUTH_LDAP . '_' . $auth_arr[1];
429 }
430 return ilAuthUtils::AUTH_LDAP;
431 }
432
433 // Set/Get
434 public function getServerId(): int
435 {
436 return $this->server_id;
437 }
438
442 public function enableAuthentication(bool $a_status): void
443 {
444 $this->enabled_authentication = $a_status;
445 }
446
450 public function isAuthenticationEnabled(): bool
451 {
452 return $this->enabled_authentication;
453 }
454
458 public function setAuthenticationMapping(int $a_map): void
459 {
460 $this->authentication_mapping = $a_map;
461 }
462
466 public function getAuthenticationMapping(): int
467 {
468 return $this->authentication_mapping;
469 }
470
475 public function getAuthenticationMappingKey(): string
476 {
477 if ($this->isAuthenticationEnabled() || !$this->getAuthenticationMapping()) {
478 return 'ldap_' . $this->getServerId();
479 }
480 return ilAuthUtils::_getAuthModeName($this->getAuthenticationMapping());
481 }
482
483 public function toggleActive(bool $a_status): void
484 {
485 $this->active = $a_status;
486 }
487 public function isActive(): bool
488 {
489 return $this->active;
490 }
491 public function getUrl(): string
492 {
493 return $this->url_list->getConnectionStringAtIndex(0);
494 }
495
499 public function setUrl(string $a_url): void
500 {
501 $this->url_list = \ILIAS\LDAP\Server\ServerUrlList::fromString($a_url);
502 }
503
504 public function getUrlString(): string
505 {
506 return $this->url_list->toString();
507 }
508
513 public function doConnectionCheck(bool $prevent_persisted_rotation = false): bool
514 {
515 $connection_failures = [];
516
517 // Iterate over a fixed snapshot so overwriting $this->url_list inside the loop does not affect iteration
518 $valid_urls = $this->url_list->validUrls();
519 foreach ($valid_urls as $index => $uri) {
520 $url_string = (string) $uri;
521
522 try {
523 $this->logger->debug('Attempting LDAP connection to: {url}', ['url' => $url_string]);
524 // Need to do a full bind, since openldap return valid connection links for invalid hosts
525 $query = new ilLDAPQuery($this, $url_string);
526 $query->bind(ilLDAPQuery::LDAP_BIND_TEST);
527
528 $this->url_list = $this->url_list->withPrimaryAt($index);
529
530 if ($connection_failures !== []) {
531 $this->logger->info(
532 'Successfully connected to LDAP server: {url} after {failures} failed attempts',
533 [
534 'url' => $url_string,
535 'failures' => count($connection_failures)
536 ]
537 );
538 }
539
540 return true;
541 } catch (ilLDAPQueryException $exc) {
542 $connection_failures[] = $url_string;
543
544 $this->logger->error('LDAP connection failed for server: {url} - {message}', [
545 'url' => $url_string,
546 'message' => $exc->getMessage(),
547 'exception' => $exc
548 ]);
549
550 if (!$prevent_persisted_rotation) {
551 $this->rotateFallbacks();
552 }
553 }
554 }
555
556 $this->logger->warning('No valid LDAP server found. Tried {count} server(s)', [
557 'count' => count($connection_failures),
558 'urls' => implode(', ', $connection_failures)
559 ]);
560
561 return false;
562 }
563
564
565 public function getName(): string
566 {
567 return $this->name;
568 }
569 public function setName(string $a_name): void
570 {
571 $this->name = $a_name;
572 }
573 public function getVersion(): int
574 {
575 return $this->version;
576 }
577 public function setVersion(int $a_version): void
578 {
579 $this->version = $a_version;
580 }
581 public function getBaseDN(): string
582 {
583 return $this->base_dn;
584 }
585 public function setBaseDN(string $a_base_dn): void
586 {
587 $this->base_dn = $a_base_dn;
588 }
589 public function isActiveReferrer(): bool
590 {
591 return $this->referrals;
592 }
593 public function toggleReferrer(bool $a_status): void
594 {
595 $this->referrals = $a_status;
596 }
597 public function isActiveTLS(): bool
598 {
599 return $this->tls;
600 }
601 public function toggleTLS(bool $a_status): void
602 {
603 $this->tls = $a_status;
604 }
605 public function getBindingType(): int
606 {
607 return $this->binding_type;
608 }
609 public function setBindingType(int $a_type): void
610 {
611 if ($a_type === self::LDAP_BIND_USER) {
612 $this->binding_type = self::LDAP_BIND_USER;
613 } else {
614 $this->binding_type = self::LDAP_BIND_ANONYMOUS;
615 }
616 }
617 public function getBindUser(): string
618 {
619 return $this->bind_user;
620 }
621 public function setBindUser(string $a_user): void
622 {
623 $this->bind_user = $a_user;
624 }
625 public function getBindPassword(): string
626 {
627 return $this->bind_password;
628 }
629 public function setBindPassword(string $a_password): void
630 {
631 $this->bind_password = $a_password;
632 }
633 public function getSearchBase(): string
634 {
635 return $this->search_base;
636 }
637 public function setSearchBase(string $a_search_base): void
638 {
639 $this->search_base = $a_search_base;
640 }
641 public function getUserAttribute(): string
642 {
643 return $this->user_attribute;
644 }
645 public function setUserAttribute(string $a_user_attr): void
646 {
647 $this->user_attribute = $a_user_attr;
648 }
649 public function getFilter(): string
650 {
651 return $this->prepareFilter($this->filter);
652 }
653 public function setFilter(string $a_filter): void
654 {
655 $this->filter = $a_filter;
656 }
657 public function getGroupDN(): string
658 {
659 return $this->group_dn;
660 }
661 public function setGroupDN(string $a_value): void
662 {
663 $this->group_dn = $a_value;
664 }
665 public function getGroupFilter(): string
666 {
667 return $this->prepareFilter($this->group_filter);
668 }
669 public function setGroupFilter(string $a_value): void
670 {
671 $this->group_filter = $a_value;
672 }
673 public function getGroupMember(): string
674 {
675 return $this->group_member;
676 }
677 public function setGroupMember(string $a_value): void
678 {
679 $this->group_member = $a_value;
680 }
681 public function getGroupName(): string
682 {
683 return $this->group_name;
684 }
685 public function setGroupName(string $a_value): void
686 {
687 $this->group_name = $a_value;
688 }
689
694 public function getGroupNames(): array
695 {
696 $names = explode(',', $this->getGroupName());
697
698 if (!is_array($names)) {
699 return [];
700 }
701
702 return array_filter(array_map('trim', $names));
703 }
704
705
706 public function getGroupAttribute(): string
707 {
708 return $this->group_attribute;
709 }
710 public function setGroupAttribute(string $a_value): void
711 {
712 $this->group_attribute = $a_value;
713 }
714 public function toggleMembershipOptional(bool $a_status): void
715 {
716 $this->group_optional = $a_status;
717 }
718 public function isMembershipOptional(): bool
719 {
720 return $this->group_optional;
721 }
722 public function setGroupUserFilter(string $a_filter): void
723 {
724 $this->group_user_filter = $a_filter;
725 }
726 public function getGroupUserFilter(): string
727 {
728 return $this->group_user_filter;
729 }
730
731 public function enabledGroupMemberIsDN(): bool
732 {
733 return $this->memberisdn;
734 }
735 public function enableGroupMemberIsDN(bool $a_value): void
736 {
737 $this->memberisdn = $a_value;
738 }
739 public function setGroupScope(int $a_value): void
740 {
741 $this->group_scope = $a_value;
742 }
743 public function getGroupScope(): int
744 {
745 return $this->group_scope;
746 }
747 public function setUserScope(int $a_value): void
748 {
749 $this->user_scope = $a_value;
750 }
751 public function getUserScope(): int
752 {
753 return $this->user_scope;
754 }
755 public function enabledSyncOnLogin(): bool
756 {
757 return $this->sync_on_login;
758 }
759 public function enableSyncOnLogin(bool $a_value): void
760 {
761 $this->sync_on_login = $a_value;
762 }
763 public function enabledSyncPerCron(): bool
764 {
765 return $this->sync_per_cron;
766 }
767 public function enableSyncPerCron(bool $a_value): void
768 {
769 $this->sync_per_cron = $a_value;
770 }
771 public function setGlobalRole(int $a_role): void
772 {
773 $this->global_role = $a_role;
774 }
775 public function getRoleBindDN(): string
776 {
777 return $this->role_bind_dn;
778 }
779 public function setRoleBindDN(string $a_value): void
780 {
781 $this->role_bind_dn = $a_value;
782 }
783 public function getRoleBindPassword(): string
784 {
785 return $this->role_bind_pass;
786 }
787 public function setRoleBindPassword(string $a_value): void
788 {
789 $this->role_bind_pass = $a_value;
790 }
791 public function enabledRoleSynchronization(): bool
792 {
793 return $this->role_sync_active;
794 }
795 public function enableRoleSynchronization(bool $a_value): void
796 {
797 $this->role_sync_active = $a_value;
798 }
799
800 public function getUsernameFilter(): string
801 {
802 return $this->username_filter;
803 }
804 public function setUsernameFilter(string $a_value): void
805 {
806 $this->username_filter = $a_value;
807 }
808
809 public function enableEscapeDN(bool $a_value): void
810 {
811 $this->escape_dn = $a_value;
812 }
813
814 public function enabledEscapeDN(): bool
815 {
816 return $this->escape_dn;
817 }
818
822 public function enableAccountMigration(bool $a_status): void
823 {
824 $this->account_migration = $a_status;
825 }
826
830 public function isAccountMigrationEnabled(): bool
831 {
832 return $this->account_migration;
833 }
834
835
839 public function validate(): bool
840 {
841 $this->ilErr->setMessage('');
842 if ($this->getName() === '' ||
843 $this->getBaseDN() === '' ||
844 $this->getUserAttribute() === '' ||
845 $this->url_list->count() === 0) {
846 $this->ilErr->setMessage($this->lng->txt('fill_out_all_required_fields'));
847 return false;
848 }
849
850 if (!empty($this->url_list->getInvalidParts())) {
851 $this->ilErr->setMessage($this->lng->txt('form_input_not_valid'));
852 return false;
853 }
854
855 if ($this->getBindingType() === self::LDAP_BIND_USER
856 && ($this->getBindUser() === '' || $this->getBindPassword() === '')) {
857 $this->ilErr->appendMessage($this->lng->txt('ldap_missing_bind_user'));
858 return false;
859 }
860
861 if (!$this->global_role && ($this->enabledSyncPerCron() || $this->enabledSyncOnLogin())) {
862 $this->ilErr->appendMessage($this->lng->txt('ldap_missing_role_assignment'));
863 return false;
864 }
865
866 if ($this->getVersion() === 2 && $this->isActiveTLS()) {
867 $this->ilErr->appendMessage($this->lng->txt('ldap_tls_conflict'));
868 return false;
869 }
870
871 return true;
872 }
873
878 public function getUrlValidationError(): ?string
879 {
880 if ($this->url_list->count() === 0) {
881 return $this->lng->txt('ldap_server_url_required');
882 }
883
884 $invalid_parts = $this->url_list->getInvalidParts();
885 if (!empty($invalid_parts)) {
886 return $this->lng->txt('ldap_server_url_invalid_uris') . ' ' . implode(', ', $invalid_parts);
887 }
888
889 return null;
890 }
891
892 public function create(): int
893 {
894 $next_id = $this->db->nextId('ldap_server_settings');
895
896 $query = 'INSERT INTO ldap_server_settings (server_id,active,name,url,version,base_dn,referrals,tls,bind_type,bind_user,bind_pass,' .
897 'search_base,user_scope,user_attribute,filter,group_dn,group_scope,group_filter,group_member,group_memberisdn,group_name,' .
898 'group_attribute,group_optional,group_user_filter,sync_on_login,sync_per_cron,role_sync_active,role_bind_dn,role_bind_pass,migration, ' .
899 'authentication,authentication_type,username_filter, escape_dn) ' .
900 'VALUES (%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s)';
901 $this->db->queryF(
902 $query,
903 array(
904 'integer','integer','text','text','integer','text','integer','integer','integer','text','text','text','integer',
905 'text','text','text','integer','text','text','integer','text','text','integer','text','integer','integer','integer',
906 'text','text', 'integer','integer','integer',"text", 'integer'),
907 array(
908 $next_id,
909 $this->isActive(),
910 $this->getName(),
911 $this->getUrlString(),
912 $this->getVersion(),
913 $this->getBaseDN(),
914 $this->isActiveReferrer(),
915 $this->isActiveTLS(),
916 $this->getBindingType(),
917 $this->getBindUser(),
918 $this->getBindPassword(),
919 $this->getSearchBase(),
920 $this->getUserScope(),
921 $this->getUserAttribute(),
922 $this->getFilter(),
923 $this->getGroupDN(),
924 $this->getGroupScope(),
925 $this->getGroupFilter(),
926 $this->getGroupMember(),
927 $this->enabledGroupMemberIsDN(),
928 $this->getGroupName(),
929 $this->getGroupAttribute(),
930 $this->isMembershipOptional(),
931 $this->getGroupUserFilter(),
932 $this->enabledSyncOnLogin(),
933 $this->enabledSyncPerCron(),
934 $this->enabledRoleSynchronization(),
935 $this->getRoleBindDN(),
936 $this->getRoleBindPassword(),
937 $this->isAccountMigrationEnabled(),
938 $this->isAuthenticationEnabled(),
939 $this->getAuthenticationMapping(),
940 $this->getUsernameFilter(),
941 (int) $this->enabledEscapeDN()
942 )
943 );
944 // end Patch Name Filter
945 $this->server_id = $next_id;
946 return $next_id;
947 }
948
949 public function update(): bool
950 {
951 $query = "UPDATE ldap_server_settings SET " .
952 "active = " . $this->db->quote($this->isActive(), 'integer') . ", " .
953 "name = " . $this->db->quote($this->getName(), 'text') . ", " .
954 "url = " . $this->db->quote($this->getUrlString(), 'text') . ", " .
955 "version = " . $this->db->quote($this->getVersion(), 'integer') . ", " .
956 "base_dn = " . $this->db->quote($this->getBaseDN(), 'text') . ", " .
957 "referrals = " . $this->db->quote($this->isActiveReferrer(), 'integer') . ", " .
958 "tls = " . $this->db->quote($this->isActiveTLS(), 'integer') . ", " .
959 "bind_type = " . $this->db->quote($this->getBindingType(), 'integer') . ", " .
960 "bind_user = " . $this->db->quote($this->getBindUser(), 'text') . ", " .
961 "bind_pass = " . $this->db->quote($this->getBindPassword(), 'text') . ", " .
962 "search_base = " . $this->db->quote($this->getSearchBase(), 'text') . ", " .
963 "user_scope = " . $this->db->quote($this->getUserScope(), 'integer') . ", " .
964 "user_attribute = " . $this->db->quote($this->getUserAttribute(), 'text') . ", " .
965 "filter = " . $this->db->quote($this->getFilter(), 'text') . ", " .
966 "group_dn = " . $this->db->quote($this->getGroupDN(), 'text') . ", " .
967 "group_scope = " . $this->db->quote($this->getGroupScope(), 'integer') . ", " .
968 "group_filter = " . $this->db->quote($this->getGroupFilter(), 'text') . ", " .
969 "group_member = " . $this->db->quote($this->getGroupMember(), 'text') . ", " .
970 "group_memberisdn =" . $this->db->quote((int) $this->enabledGroupMemberIsDN(), 'integer') . ", " .
971 "group_name = " . $this->db->quote($this->getGroupName(), 'text') . ", " .
972 "group_attribute = " . $this->db->quote($this->getGroupAttribute(), 'text') . ", " .
973 "group_optional = " . $this->db->quote((int) $this->isMembershipOptional(), 'integer') . ", " .
974 "group_user_filter = " . $this->db->quote($this->getGroupUserFilter(), 'text') . ", " .
975 "sync_on_login = " . $this->db->quote(($this->enabledSyncOnLogin() ? 1 : 0), 'integer') . ", " .
976 "sync_per_cron = " . $this->db->quote(($this->enabledSyncPerCron() ? 1 : 0), 'integer') . ", " .
977 "role_sync_active = " . $this->db->quote($this->enabledRoleSynchronization(), 'integer') . ", " .
978 "role_bind_dn = " . $this->db->quote($this->getRoleBindDN(), 'text') . ", " .
979 "role_bind_pass = " . $this->db->quote($this->getRoleBindPassword(), 'text') . ", " .
980 "migration = " . $this->db->quote((int) $this->isAccountMigrationEnabled(), 'integer') . ", " .
981 'authentication = ' . $this->db->quote((int) $this->isAuthenticationEnabled(), 'integer') . ', ' .
982 'authentication_type = ' . $this->db->quote($this->getAuthenticationMapping(), 'integer') . ' ' .
983 ", username_filter = " . $this->db->quote($this->getUsernameFilter(), "text") . " " .
984 ", escape_dn = " . $this->db->quote($this->enabledEscapeDN() ? 1 : 0, 'integer') . " " .
985 "WHERE server_id = " . $this->db->quote($this->getServerId(), 'integer');
986
987 $this->db->manipulate($query);
988 return true;
989 }
990
994 public function delete(): void
995 {
996 if (!$this->getServerId()) {
997 //TODO check if we need return false
998 return;
999 }
1000
1001 ilLDAPAttributeMapping::_delete($this->getServerId());
1002
1003 $rules = ilLDAPRoleAssignmentRule::_getRules($this->getServerId());
1004
1005 foreach ($rules as $ruleAssigment) {
1006 $ruleAssigment->delete();
1007 }
1008
1009 ilLDAPRoleGroupMappingSettings::_deleteByServerId($this->getServerId());
1010
1011 $query = "DELETE FROM ldap_server_settings " .
1012 "WHERE server_id = " . $this->db->quote($this->getServerId(), 'integer');
1013 $this->db->manipulate($query);
1014 }
1015
1016 //TODO check if this is still needed
1022 public function toPearAuthArray(): array
1023 {
1024 $options = array(
1025 'url' => $this->getUrl(),
1026 'version' => $this->getVersion(),
1027 'referrals' => $this->isActiveReferrer());
1028
1029 if ($this->getBindingType() === self::LDAP_BIND_USER) {
1030 $options['binddn'] = $this->getBindUser();
1031 $options['bindpw'] = $this->getBindPassword();
1032 }
1033 $options['basedn'] = $this->getBaseDN();
1034 $options['start_tls'] = $this->isActiveTLS();
1035 $options['userdn'] = $this->getSearchBase();
1036 if ($this->getUserScope() === self::LDAP_SCOPE_ONE) {
1037 $options['userscope'] = 'one';
1038 } else {
1039 $options['userscope'] = 'sub';
1040 }
1041
1042 $options['userattr'] = $this->getUserAttribute();
1043 $options['userfilter'] = $this->getFilter();
1044 $options['attributes'] = $this->getPearAtributeArray();
1045 $options['debug'] = self::DEBUG;
1046
1047
1048 $options['enableLogging'] = true;
1049
1050 switch ($this->getGroupScope()) {
1051 case self::LDAP_SCOPE_BASE:
1052 $options['groupscope'] = 'base';
1053 break;
1054 case self::LDAP_SCOPE_ONE:
1055 $options['groupscope'] = 'one';
1056 break;
1057 default:
1058 $options['groupscope'] = 'sub';
1059 break;
1060 }
1061 $options['escape_dn'] = $this->enabledEscapeDN();
1062 $options['groupdn'] = $this->getGroupDN();
1063 $options['groupattr'] = $this->getGroupAttribute();
1064 $options['groupfilter'] = $this->getGroupFilter();
1065 $options['memberattr'] = $this->getGroupMember();
1066 $options['memberisdn'] = $this->enabledGroupMemberIsDN();
1067 $options['group'] = $this->getGroupName();
1068
1069
1070 return $options;
1071 }
1072
1076 private function prepareFilter(string $a_filter): string
1077 {
1078 $filter = trim($a_filter);
1079
1080 if ($filter === '') {
1081 return $filter;
1082 }
1083
1084 if (strpos($filter, '(') !== 0) {
1085 $filter = ('(' . $filter);
1086 }
1087 if (substr($filter, -1) !== ')') {
1088 $filter .= ')';
1089 }
1090 return $filter;
1091 }
1092
1096 private function getPearAtributeArray(): array
1097 {
1098 if ($this->enabledSyncOnLogin()) {
1099 $mapping = ilLDAPAttributeMapping::_getInstanceByServerId($this->getServerId());
1100 return array_merge(
1101 array($this->getUserAttribute()),
1102 $mapping->getFields(),
1103 array('dn'),
1104 ilLDAPRoleAssignmentRules::getAttributeNames($this->getServerId())
1105 );
1106 }
1107
1108 return array($this->getUserAttribute());
1109 }
1110
1115 private function read(): void
1116 {
1117 if (!$this->server_id) {
1118 return;
1119 }
1120 $query = "SELECT * FROM ldap_server_settings WHERE server_id = " . $this->db->quote($this->server_id, ilDBConstants::T_INTEGER);
1121
1122 $res = $this->db->query($query);
1123 while ($row = $res->fetchRow(ilDBConstants::FETCHMODE_OBJECT)) {
1124 $this->toggleActive((bool) $row->active);
1125 $this->setName($row->name ?? '');
1126 $this->setUrl($row->url ?? '');
1127 $this->setVersion((int) $row->version);
1128 $this->setBaseDN($row->base_dn ?? '');
1129 $this->toggleReferrer((bool) $row->referrals);
1130 $this->toggleTLS((bool) $row->tls);
1131 $this->setBindingType((int) $row->bind_type);
1132 $this->setBindUser($row->bind_user ?? '');
1133 $this->setBindPassword($row->bind_pass ?? '');
1134 $this->setSearchBase($row->search_base ?? '');
1135 $this->setUserScope((int) $row->user_scope);
1136 $this->setUserAttribute($row->user_attribute ?? '');
1137 $this->setFilter($row->filter ?? '');
1138 $this->setGroupDN($row->group_dn ?? '');
1139 $this->setGroupScope((int) $row->group_scope);
1140 $this->setGroupFilter($row->group_filter ?? '');
1141 $this->setGroupMember($row->group_member ?? '');
1142 $this->setGroupAttribute($row->group_attribute ?? '');
1143 $this->toggleMembershipOptional((bool) $row->group_optional);
1144 $this->setGroupUserFilter($row->group_user_filter ?? '');
1145 $this->enableGroupMemberIsDN((bool) $row->group_memberisdn);
1146 $this->setGroupName($row->group_name ?? '');
1147 $this->enableSyncOnLogin((bool) $row->sync_on_login);
1148 $this->enableSyncPerCron((bool) $row->sync_per_cron);
1149 $this->enableRoleSynchronization((bool) $row->role_sync_active);
1150 $this->setRoleBindDN($row->role_bind_dn ?? '');
1151 $this->setRoleBindPassword($row->role_bind_pass ?? '');
1152 $this->enableAccountMigration((bool) $row->migration);
1153 $this->enableAuthentication((bool) $row->authentication);
1154 $this->setAuthenticationMapping((int) $row->authentication_type);
1155 $this->setUsernameFilter($row->username_filter ?? '');
1156 $this->enableEscapeDN((bool) $row->escape_dn);
1157 }
1158 }
1159}
ILIAS\LDAP\Server\ServerUrlList\fromString
static fromString(string $stored)
Create from string representation (comma-separated, as stored in DB or form).
Definition: ServerUrlList.php:47
ilAuthUtils\AUTH_LDAP
const int AUTH_LDAP
Definition: class.ilAuthUtils.php:30
ilAuthUtils\_getAuthModeName
static _getAuthModeName($a_auth_key)
Definition: class.ilAuthUtils.php:182
ilDBConstants\FETCHMODE_OBJECT
const FETCHMODE_OBJECT
Definition: ilDBConstants.php:31
ilErrorHandling
Error Handling & global info handling.
Definition: class.ilErrorHandling.php:38
ilLDAPAttributeMapping\_delete
static _delete(int $a_server_id)
Definition: class.ilLDAPAttributeMapping.php:54
ilLDAPAttributeMapping\_getInstanceByServerId
static _getInstanceByServerId(int $a_server_id)
Definition: class.ilLDAPAttributeMapping.php:45
ilLDAPRoleAssignmentRule\_getRules
static _getRules($a_server_id)
Get all rules.
Definition: class.ilLDAPRoleAssignmentRule.php:202
ilLDAPRoleAssignmentRules\getAttributeNames
static getAttributeNames($a_server_id)
get all possible attribute names
Definition: class.ilLDAPRoleAssignmentRules.php:69
ilLDAPServer\setGlobalRole
setGlobalRole(int $a_role)
Definition: class.ilLDAPServer.php:771
ilLDAPServer\enableRoleSynchronization
enableRoleSynchronization(bool $a_value)
Definition: class.ilLDAPServer.php:795
ilLDAPServer\setGroupFilter
setGroupFilter(string $a_value)
Definition: class.ilLDAPServer.php:669
ilLDAPServer\_getServerList
static _getServerList()
Get list of all configured servers.
Definition: class.ilLDAPServer.php:224
ilLDAPServer\setFilter
setFilter(string $a_filter)
Definition: class.ilLDAPServer.php:653
ilLDAPServer\isAuthenticationEnabled
isAuthenticationEnabled()
Check if authentication is enabled.
Definition: class.ilLDAPServer.php:450
ilLDAPServer\enableEscapeDN
enableEscapeDN(bool $a_value)
Definition: class.ilLDAPServer.php:809
ilLDAPServer\toggleTLS
toggleTLS(bool $a_status)
Definition: class.ilLDAPServer.php:601
ilLDAPServer\enableGroupMemberIsDN
enableGroupMemberIsDN(bool $a_value)
Definition: class.ilLDAPServer.php:735
ilLDAPServer\read
read()
Read server settings.
Definition: class.ilLDAPServer.php:1115
ilLDAPServer\enableSyncOnLogin
enableSyncOnLogin(bool $a_value)
Definition: class.ilLDAPServer.php:759
ilLDAPServer\getAuthModeByKey
static getAuthModeByKey(string $a_auth_key)
get auth mode by key
Definition: class.ilLDAPServer.php:411
ilLDAPServer\__construct
__construct(int $a_server_id=0)
Definition: class.ilLDAPServer.php:80
ilLDAPServer\_getCronServerIds
static _getCronServerIds()
Get list of acticve servers with option 'SyncCron'.
Definition: class.ilLDAPServer.php:160
ilLDAPServer\checkLDAPLib
static checkLDAPLib()
Check if ldap module is installed.
Definition: class.ilLDAPServer.php:126
ilLDAPServer\disableDataSourceForAuthMode
static disableDataSourceForAuthMode(int $a_authmode)
Disable data source.
Definition: class.ilLDAPServer.php:340
ilLDAPServer\getAuthenticationMapping
getAuthenticationMapping()
Get authentication mode that is mapped.
Definition: class.ilLDAPServer.php:466
ilLDAPServer\prepareFilter
prepareFilter(string $a_filter)
Create brackets for filters if they do not exist.
Definition: class.ilLDAPServer.php:1076
ilLDAPServer\setGroupDN
setGroupDN(string $a_value)
Definition: class.ilLDAPServer.php:661
ilLDAPServer\setGroupScope
setGroupScope(int $a_value)
Definition: class.ilLDAPServer.php:739
ilLDAPServer\_getActiveServerList
static _getActiveServerList()
Get active server list.
Definition: class.ilLDAPServer.php:136
ilLDAPServer\setRoleBindDN
setRoleBindDN(string $a_value)
Definition: class.ilLDAPServer.php:779
ilLDAPServer\setGroupUserFilter
setGroupUserFilter(string $a_filter)
Definition: class.ilLDAPServer.php:722
ilLDAPServer\isDataSourceActive
static isDataSourceActive(int $a_auth_mode)
Check if a data source is active for a specific auth mode.
Definition: class.ilLDAPServer.php:306
ilLDAPServer\enableAuthentication
enableAuthentication(bool $a_status)
Enable authentication for this ldap server.
Definition: class.ilLDAPServer.php:442
ilLDAPServer\setUrl
setUrl(string $a_url)
Set server URL(s).
Definition: class.ilLDAPServer.php:499
ilLDAPServer\setGroupAttribute
setGroupAttribute(string $a_value)
Definition: class.ilLDAPServer.php:710
ilLDAPServer\toPearAuthArray
toPearAuthArray()
Creates an array of options compatible to PEAR Auth.
Definition: class.ilLDAPServer.php:1022
ilLDAPServer\validate
validate()
Validate user input.
Definition: class.ilLDAPServer.php:839
ilLDAPServer\_getAllServer
static _getAllServer()
Get list of all configured servers.
Definition: class.ilLDAPServer.php:266
ilLDAPServer\setUsernameFilter
setUsernameFilter(string $a_value)
Definition: class.ilLDAPServer.php:804
ilLDAPServer\setBindPassword
setBindPassword(string $a_password)
Definition: class.ilLDAPServer.php:629
ilLDAPServer\DEFAULT_NETWORK_TIMEOUT
const DEFAULT_NETWORK_TIMEOUT
Definition: class.ilLDAPServer.php:34
ilLDAPServer\setUserAttribute
setUserAttribute(string $a_user_attr)
Definition: class.ilLDAPServer.php:645
ilLDAPServer\setGroupName
setGroupName(string $a_value)
Definition: class.ilLDAPServer.php:685
ilLDAPServer\getAuthenticationMappingKey
getAuthenticationMappingKey()
Get authentication mapping key Default is ldap.
Definition: class.ilLDAPServer.php:475
ilLDAPServer\getGroupNames
getGroupNames()
Get group names as array.
Definition: class.ilLDAPServer.php:694
ilLDAPServer\setBaseDN
setBaseDN(string $a_base_dn)
Definition: class.ilLDAPServer.php:585
ilLDAPServer\enableSyncPerCron
enableSyncPerCron(bool $a_value)
Definition: class.ilLDAPServer.php:767
ilLDAPServer\getPearAtributeArray
getPearAtributeArray()
Get attribute array for pear auth data.
Definition: class.ilLDAPServer.php:1096
ilLDAPServer\isAccountMigrationEnabled
isAccountMigrationEnabled()
enabled account migration
Definition: class.ilLDAPServer.php:830
ilLDAPServer\rotateFallbacks
rotateFallbacks()
Rotate fallback urls in case of connect timeouts (move first to end and persist).
Definition: class.ilLDAPServer.php:106
ilLDAPServer\$ilErr
ilErrorHandling $ilErr
Definition: class.ilLDAPServer.php:77
ilLDAPServer\toggleDataSource
static toggleDataSource(int $a_ldap_server_id, int $a_auth_mode, int $a_status)
Toggle Data Source.
Definition: class.ilLDAPServer.php:359
ilLDAPServer\$db
ilDBInterface $db
Definition: class.ilLDAPServer.php:75
ilLDAPServer\enableAccountMigration
enableAccountMigration(bool $a_status)
Enable account migration.
Definition: class.ilLDAPServer.php:822
ilLDAPServer\getInstanceByServerId
static getInstanceByServerId(int $a_server_id)
Get instance by server id.
Definition: class.ilLDAPServer.php:98
ilLDAPServer\$instances
static array $instances
Definition: class.ilLDAPServer.php:23
ilLDAPServer\getDataSource
static getDataSource(int $a_auth_mode)
Definition: class.ilLDAPServer.php:322
ilLDAPServer\setGroupMember
setGroupMember(string $a_value)
Definition: class.ilLDAPServer.php:677
ilLDAPServer\setBindUser
setBindUser(string $a_user)
Definition: class.ilLDAPServer.php:621
ilLDAPServer\getServerIdByAuthMode
static getServerIdByAuthMode(string $a_auth_mode)
Get auth id by auth mode.
Definition: class.ilLDAPServer.php:398
ilLDAPServer\isAuthModeLDAP
static isAuthModeLDAP(string $a_auth_mode)
Check if user auth mode is LDAP.
Definition: class.ilLDAPServer.php:379
ilLDAPServer\getKeyByAuthMode
static getKeyByAuthMode(string $a_auth_mode)
Get auth id by auth mode.
Definition: class.ilLDAPServer.php:424
ilLDAPServer\setUserScope
setUserScope(int $a_value)
Definition: class.ilLDAPServer.php:747
ilLDAPServer\setBindingType
setBindingType(int $a_type)
Definition: class.ilLDAPServer.php:609
ilLDAPServer\_getRoleSyncServerIds
static _getRoleSyncServerIds()
Check whether there if there is an active server with option role_sync_active.
Definition: class.ilLDAPServer.php:185
ilLDAPServer\toggleMembershipOptional
toggleMembershipOptional(bool $a_status)
Definition: class.ilLDAPServer.php:714
ilLDAPServer\toggleReferrer
toggleReferrer(bool $a_status)
Definition: class.ilLDAPServer.php:593
ilLDAPServer\setAuthenticationMapping
setAuthenticationMapping(int $a_map)
Set mapped authentication mapping.
Definition: class.ilLDAPServer.php:458
ilLDAPServer\toggleActive
toggleActive(bool $a_status)
Definition: class.ilLDAPServer.php:483
ilLDAPServer\_getFirstActiveServer
static _getFirstActiveServer()
Get first active server.
Definition: class.ilLDAPServer.php:210
ilLDAPServer\setSearchBase
setSearchBase(string $a_search_base)
Definition: class.ilLDAPServer.php:637
ilLDAPServer\getAvailableDataSources
static getAvailableDataSources(int $a_auth_mode)
Definition: class.ilLDAPServer.php:283
ilLDAPServer\doConnectionCheck
doConnectionCheck(bool $prevent_persisted_rotation=false)
Check ldap connection and do a fallback to the next server if no connection is possible.
Definition: class.ilLDAPServer.php:513
ilLDAPServer\getUrlValidationError
getUrlValidationError()
Return URL validation error message if URL list is invalid, null otherwise.
Definition: class.ilLDAPServer.php:878
ilLDAPServer\getServerIds
static getServerIds()
Get all server ids.
Definition: class.ilLDAPServer.php:245
ilLDAPServer\setVersion
setVersion(int $a_version)
Definition: class.ilLDAPServer.php:577
ilLDAPServer\setName
setName(string $a_name)
Definition: class.ilLDAPServer.php:569
ilLDAPServer\setRoleBindPassword
setRoleBindPassword(string $a_value)
Definition: class.ilLDAPServer.php:787
ilLDAPServer\$url_list
ILIAS LDAP Server ServerUrlList $url_list
Definition: class.ilLDAPServer.php:41
ilLanguage
language handling
Definition: class.ilLanguage.php:43
ilLogger
Component logger with individual log levels by component id.
Definition: class.ilLogger.php:29
ilLogger\error
error(string $message, array $context=[])
Definition: class.ilLogger.php:74
ilDBInterface
Interface ilDBInterface.
Definition: ilDBInterface.php:30
$res
$res
Definition: ltiservices.php:69
ILIAS\Repository\filter
filter(string $filter_id, array $class_path, string $cmd, bool $activated=true, bool $expanded=true)
Definition: trait.GlobalDICGUIServices.php:177
$DIC
global $DIC
Definition: shib_login.php:26
$server
$server
Definition: shib_login.php:28