ILIAS  trunk Revision v11.0_alpha-1769-g99a433fe2dc
All Data Structures Namespaces Files Functions Variables Enumerations Enumerator Modules Pages
class.ilLDAPServer.php
Go to the documentation of this file.
1 <?php
2 
19 declare(strict_types=1);
20 
24 class ilLDAPServer
25 {
26  private static array $instances = [];
27 
28  public const LDAP_BIND_ANONYMOUS = 0;
29  public const LDAP_BIND_USER = 1;
30 
31  public const LDAP_SCOPE_SUB = 0;
32  public const LDAP_SCOPE_ONE = 1;
33  public const LDAP_SCOPE_BASE = 2;
34 
35  private const DEBUG = false;
36  private const DEFAULT_VERSION = 3;
37  public const DEFAULT_NETWORK_TIMEOUT = 5;
38 
39  private string $role_bind_dn = '';
40  private string $role_bind_pass = '';
41  private bool $role_sync_active = false;
42 
43  private int $server_id;
44  private array $fallback_urls = array();
45  private string $url = '';
46  private string $url_string = '';
47 
48  private bool $enabled_authentication = true;
49  private int $authentication_mapping = 0;
50  private bool $escape_dn = false;
51 
52  private bool $active = false;
53 
54  private string $name = '';
55  private int $version = self::DEFAULT_VERSION;
56  private string $base_dn = '';
57  private bool $referrals = false;
58  private bool $tls = false;
59  private int $binding_type = self::LDAP_BIND_ANONYMOUS;
60  private string $bind_user = '';
61  private string $bind_password = '';
62  private string $search_base = '';
63  private string $user_attribute = '';
64  private int $user_scope = self::LDAP_SCOPE_ONE;
65  private string $group_filter = '';
66  private string $filter = '';
67  private string $group_dn = '';
68  private string $group_member = '';
69  private int $group_scope = self::LDAP_SCOPE_ONE;
70  private string $group_name = '';
71  private bool $memberisdn = false;
72  private string $group_attribute = '';
73  private bool $group_optional = true;
74  private string $group_user_filter = '';
75  private bool $sync_on_login = false;
76  private bool $sync_per_cron = false;
77  private bool $account_migration = false;
78  private string $username_filter = '';
79  private int $global_role = 0;
80 
81  private ilDBInterface $db;
82  private ilLanguage $lng;
83  private ilErrorHandling $ilErr;
84 
85  public function __construct(int $a_server_id = 0)
86  {
87  global $DIC;
88 
89  $this->db = $DIC->database();
90  $this->lng = $DIC->language();
91  $this->ilErr = $DIC['ilErr'];
92 
93  $this->server_id = $a_server_id;
94 
95  $this->read();
96  }
97 
101  public static function getInstanceByServerId(int $a_server_id): ilLDAPServer
102  {
103  return self::$instances[$a_server_id] ?? (self::$instances[$a_server_id] = new ilLDAPServer($a_server_id));
104  }
105 
109  public function rotateFallbacks(): bool
110  {
111  if (!$this->fallback_urls) {
112  return false;
113  }
114 
115  $all_urls = array_merge($this->fallback_urls);
116  $all_urls[] = $this->getUrl();
117 
118  $query = 'UPDATE ldap_server_settings SET ' .
119  'url = ' . $this->db->quote(implode(',', $all_urls), 'text') . ' ' .
120  'WHERE server_id = ' . $this->db->quote($this->getServerId(), 'integer');
121  $this->db->manipulate($query);
122  return true;
123  }
124 
125 
129  public static function checkLDAPLib(): bool
130  {
131  return function_exists('ldap_bind');
132  }
133 
139  public static function _getActiveServerList(): array
140  {
141  global $DIC;
142 
143  $ilDB = $DIC['ilDB'];
144 
145  $query = "SELECT server_id FROM ldap_server_settings " .
146  "WHERE active = 1 AND authentication = 1 " .
147  "ORDER BY name ";
148  $res = $ilDB->query($query);
149 
150  $server_ids = [];
151 
152  while ($row = $ilDB->fetchObject($res)) {
153  $server_ids[] = (int) $row->server_id;
154  }
155  return $server_ids;
156  }
157 
163  public static function _getCronServerIds(): array
164  {
165  global $DIC;
166 
167  $ilDB = $DIC['ilDB'];
168 
169  $query = "SELECT server_id FROM ldap_server_settings " .
170  "WHERE active = 1 " .
171  "AND sync_per_cron = 1 " .
172  "ORDER BY name";
173 
174  $res = $ilDB->query($query);
175 
176  $server_ids = [];
177 
178  while ($row = $ilDB->fetchObject($res)) {
179  $server_ids[] = (int) $row->server_id;
180  }
181  return $server_ids;
182  }
183 
188  public static function _getRoleSyncServerIds(): array
189  {
190  global $DIC;
191 
192  $ilDB = $DIC['ilDB'];
193 
194  $query = "SELECT server_id FROM ldap_server_settings " .
195  "WHERE active = 1 " .
196  "AND role_sync_active = 1 ";
197 
198  $res = $ilDB->query($query);
199 
200  $server_ids = [];
201 
202  while ($row = $ilDB->fetchObject($res)) {
203  $server_ids[] = (int) $row->server_id;
204  }
205  return $server_ids;
206  }
207 
213  public static function _getFirstActiveServer(): int
214  {
215  $servers = self::_getActiveServerList();
216  if (count($servers)) {
217  return $servers[0];
218  }
219  return 0;
220  }
221 
227  public static function _getServerList(): array
228  {
229  global $DIC;
230 
231  $ilDB = $DIC['ilDB'];
232 
233  $query = "SELECT server_id FROM ldap_server_settings ORDER BY name";
234  $res = $ilDB->query($query);
235 
236  $server_ids = [];
237 
238  while ($row = $ilDB->fetchObject($res)) {
239  $server_ids[] = $row->server_id;
240  }
241  return $server_ids;
242  }
243 
248  public static function getServerIds(): array
249  {
250  global $DIC;
251 
252  $ilDB = $DIC['ilDB'];
253 
254  $query = "SELECT server_id FROM ldap_server_settings ORDER BY name";
255 
256  $res = $ilDB->query($query);
257 
258  $server = [];
259  while ($row = $res->fetchRow(ilDBConstants::FETCHMODE_OBJECT)) {
260  $server[] = (int) $row->server_id;
261  }
262  return $server;
263  }
264 
269  public static function _getAllServer(): array
270  {
271  global $DIC;
272 
273  $ilDB = $DIC['ilDB'];
274 
275  $query = 'SELECT * FROM ldap_server_settings ORDER BY name';
276 
277  $server = [];
278 
279  $res = $ilDB->query($query);
280  while ($row = $ilDB->fetchAssoc($res)) {
281  $server[] = $row;
282  }
283  return $server;
284  }
285 
286  public static function getAvailableDataSources(int $a_auth_mode): array
287  {
288  global $DIC;
289 
290  $ilDB = $DIC['ilDB'];
291 
292  $query = "SELECT server_id FROM ldap_server_settings " .
293  "WHERE active = " . $ilDB->quote(1, 'integer') . " " .
294  "AND authentication = " . $ilDB->quote(0, 'integer') . " " .
295  "AND ( authentication_type = " . $ilDB->quote($a_auth_mode, 'integer') . " " .
296  "OR authentication_type = " . $ilDB->quote(0, 'integer') . ")";
297  $res = $ilDB->query($query);
298 
299  $server_ids = array();
300  while ($row = $res->fetchRow(ilDBConstants::FETCHMODE_OBJECT)) {
301  $server_ids[] = $row->server_id;
302  }
303  return $server_ids;
304  }
305 
309  public static function isDataSourceActive(int $a_auth_mode): bool
310  {
311  global $DIC;
312 
313  $ilDB = $DIC['ilDB'];
314 
315  $query = "SELECT server_id FROM ldap_server_settings " .
316  "WHERE authentication_type = " . $ilDB->quote($a_auth_mode, 'integer') . " " .
317  "AND authentication = " . $ilDB->quote(0, 'integer');
318  $res = $ilDB->query($query);
319  if ($res->fetchRow(ilDBConstants::FETCHMODE_OBJECT)) {
320  return true;
321  }
322  return false;
323  }
324 
325  public static function getDataSource(int $a_auth_mode): int
326  {
327  global $DIC;
328 
329  $ilDB = $DIC['ilDB'];
330 
331  $query = "SELECT server_id FROM ldap_server_settings " .
332  "WHERE authentication_type = " . $ilDB->quote($a_auth_mode, 'integer') . " ";
333  $res = $ilDB->query($query);
334  if ($row = $res->fetchRow(ilDBConstants::FETCHMODE_OBJECT)) {
335  return $row->server_id;
336  }
337  return 0;
338  }
339 
343  public static function disableDataSourceForAuthMode(int $a_authmode): bool
344  {
345  global $DIC;
346 
347  $ilDB = $DIC['ilDB'];
348 
349  $query = 'UPDATE ldap_server_settings ' .
350  'SET authentication_type = ' . $ilDB->quote(0, 'integer') . ' ' .
351  'WHERE authentication_type = ' . $ilDB->quote($a_authmode, 'integer');
352  $ilDB->manipulate($query);
353  return true;
354  }
355 
356 
357 
362  public static function toggleDataSource(int $a_ldap_server_id, int $a_auth_mode, int $a_status): bool
363  {
364  global $DIC;
365 
366  $ilDB = $DIC['ilDB'];
367 
368  self::disableDataSourceForAuthMode($a_auth_mode);
369 
370  if ($a_status) {
371  $query = "UPDATE ldap_server_settings " .
372  'SET authentication_type = ' . $ilDB->quote($a_auth_mode, 'integer') . " " .
373  'WHERE server_id = ' . $ilDB->quote($a_ldap_server_id, 'integer');
374  $ilDB->manipulate($query);
375  }
376  return true;
377  }
378 
382  public static function isAuthModeLDAP(string $a_auth_mode): bool
383  {
384  global $DIC;
385 
386  $logger = $DIC->logger()->auth();
387 
388  if ($a_auth_mode === '') {
389  $logger->error(__METHOD__ . ': No auth mode given..............');
390  return false;
391  }
392 
393  $auth_arr = explode('_', $a_auth_mode);
394 
395  return ((int) $auth_arr[0] === ilAuthUtils::AUTH_LDAP) && (isset($auth_arr[1]) && $auth_arr[1]);
396  }
397 
401  public static function getServerIdByAuthMode(string $a_auth_mode): ?int
402  {
403  if (self::isAuthModeLDAP($a_auth_mode)) {
404  $auth_arr = explode('_', $a_auth_mode);
405  return (int) $auth_arr[1];
406  }
407 
408  return null;
409  }
410 
414  public static function getAuthModeByKey(string $a_auth_key): string
415  {
416  $auth_arr = explode('_', $a_auth_key);
417  if (count($auth_arr) > 1) {
418  return 'ldap_' . $auth_arr[1];
419  }
420  return 'ldap';
421  }
422 
427  public static function getKeyByAuthMode(string $a_auth_mode)
428  {
429  $auth_arr = explode('_', $a_auth_mode);
430  if (count($auth_arr) > 1) {
431  return ilAuthUtils::AUTH_LDAP . '_' . $auth_arr[1];
432  }
433  return ilAuthUtils::AUTH_LDAP;
434  }
435 
436  // Set/Get
437  public function getServerId(): int
438  {
439  return $this->server_id;
440  }
441 
445  public function enableAuthentication(bool $a_status): void
446  {
447  $this->enabled_authentication = $a_status;
448  }
449 
453  public function isAuthenticationEnabled(): bool
454  {
455  return $this->enabled_authentication;
456  }
457 
461  public function setAuthenticationMapping(int $a_map): void
462  {
463  $this->authentication_mapping = $a_map;
464  }
465 
469  public function getAuthenticationMapping(): int
470  {
471  return $this->authentication_mapping;
472  }
473 
478  public function getAuthenticationMappingKey(): string
479  {
480  if ($this->isAuthenticationEnabled() || !$this->getAuthenticationMapping()) {
481  return 'ldap_' . $this->getServerId();
482  }
483  return ilAuthUtils::_getAuthModeName($this->getAuthenticationMapping());
484  }
485 
486  public function toggleActive(bool $a_status): void
487  {
488  $this->active = $a_status;
489  }
490  public function isActive(): bool
491  {
492  return $this->active;
493  }
494  public function getUrl(): string
495  {
496  return $this->url;
497  }
498  public function setUrl(string $a_url): void
499  {
500  $this->url_string = $a_url;
501 
502  // Maybe there are more than one url's (comma seperated).
503  $urls = explode(',', $a_url);
504 
505  $counter = 0;
506  foreach ($urls as $url) {
507  $url = trim($url);
508  if (!$counter++) {
509  $this->url = $url;
510  } else {
511  $this->fallback_urls[] = $url;
512  }
513  }
514  }
515  public function getUrlString(): string
516  {
517  return $this->url_string;
518  }
519 
527  public function doConnectionCheck(): bool
528  {
529  foreach (array_merge(array(0 => $this->url), $this->fallback_urls) as $url) {
530  try {
531  ilLoggerFactory::getLogger('auth')->debug('Using url: ' . $url);
532  // Need to do a full bind, since openldap return valid connection links for invalid hosts
533  $query = new ilLDAPQuery($this, $url);
534  $query->bind(ilLDAPQuery::LDAP_BIND_TEST);
535  $this->url = $url;
536  return true;
537  } catch (ilLDAPQueryException $exc) {
538  $this->rotateFallbacks();
539  ilLoggerFactory::getLogger('auth')->error('Cannot connect to LDAP server: ' . $url . ' ' . $exc->getCode() . ' ' . $exc->getMessage());
540  }
541  }
542  ilLoggerFactory::getLogger('auth')->warning('No valid LDAP server found');
543  return false;
544  }
545 
546 
547  public function getName(): string
548  {
549  return $this->name;
550  }
551  public function setName(string $a_name): void
552  {
553  $this->name = $a_name;
554  }
555  public function getVersion(): int
556  {
557  return $this->version;
558  }
559  public function setVersion(int $a_version): void
560  {
561  $this->version = $a_version;
562  }
563  public function getBaseDN(): string
564  {
565  return $this->base_dn;
566  }
567  public function setBaseDN(string $a_base_dn): void
568  {
569  $this->base_dn = $a_base_dn;
570  }
571  public function isActiveReferrer(): bool
572  {
573  return $this->referrals;
574  }
575  public function toggleReferrer(bool $a_status): void
576  {
577  $this->referrals = $a_status;
578  }
579  public function isActiveTLS(): bool
580  {
581  return $this->tls;
582  }
583  public function toggleTLS(bool $a_status): void
584  {
585  $this->tls = $a_status;
586  }
587  public function getBindingType(): int
588  {
589  return $this->binding_type;
590  }
591  public function setBindingType(int $a_type): void
592  {
593  if ($a_type === self::LDAP_BIND_USER) {
594  $this->binding_type = self::LDAP_BIND_USER;
595  } else {
596  $this->binding_type = self::LDAP_BIND_ANONYMOUS;
597  }
598  }
599  public function getBindUser(): string
600  {
601  return $this->bind_user;
602  }
603  public function setBindUser(string $a_user): void
604  {
605  $this->bind_user = $a_user;
606  }
607  public function getBindPassword(): string
608  {
609  return $this->bind_password;
610  }
611  public function setBindPassword(string $a_password): void
612  {
613  $this->bind_password = $a_password;
614  }
615  public function getSearchBase(): string
616  {
617  return $this->search_base;
618  }
619  public function setSearchBase(string $a_search_base): void
620  {
621  $this->search_base = $a_search_base;
622  }
623  public function getUserAttribute(): string
624  {
625  return $this->user_attribute;
626  }
627  public function setUserAttribute(string $a_user_attr): void
628  {
629  $this->user_attribute = $a_user_attr;
630  }
631  public function getFilter(): string
632  {
633  return $this->prepareFilter($this->filter);
634  }
635  public function setFilter(string $a_filter): void
636  {
637  $this->filter = $a_filter;
638  }
639  public function getGroupDN(): string
640  {
641  return $this->group_dn;
642  }
643  public function setGroupDN(string $a_value): void
644  {
645  $this->group_dn = $a_value;
646  }
647  public function getGroupFilter(): string
648  {
649  return $this->prepareFilter($this->group_filter);
650  }
651  public function setGroupFilter(string $a_value): void
652  {
653  $this->group_filter = $a_value;
654  }
655  public function getGroupMember(): string
656  {
657  return $this->group_member;
658  }
659  public function setGroupMember(string $a_value): void
660  {
661  $this->group_member = $a_value;
662  }
663  public function getGroupName(): string
664  {
665  return $this->group_name;
666  }
667  public function setGroupName(string $a_value): void
668  {
669  $this->group_name = $a_value;
670  }
671 
676  public function getGroupNames(): array
677  {
678  $names = explode(',', $this->getGroupName());
679 
680  if (!is_array($names)) {
681  return [];
682  }
683 
684  return array_filter(array_map('trim', $names));
685  }
686 
687 
688  public function getGroupAttribute(): string
689  {
690  return $this->group_attribute;
691  }
692  public function setGroupAttribute(string $a_value): void
693  {
694  $this->group_attribute = $a_value;
695  }
696  public function toggleMembershipOptional(bool $a_status): void
697  {
698  $this->group_optional = $a_status;
699  }
700  public function isMembershipOptional(): bool
701  {
702  return $this->group_optional;
703  }
704  public function setGroupUserFilter(string $a_filter): void
705  {
706  $this->group_user_filter = $a_filter;
707  }
708  public function getGroupUserFilter(): string
709  {
710  return $this->group_user_filter;
711  }
712 
713  public function enabledGroupMemberIsDN(): bool
714  {
715  return $this->memberisdn;
716  }
717  public function enableGroupMemberIsDN(bool $a_value): void
718  {
719  $this->memberisdn = $a_value;
720  }
721  public function setGroupScope(int $a_value): void
722  {
723  $this->group_scope = $a_value;
724  }
725  public function getGroupScope(): int
726  {
727  return $this->group_scope;
728  }
729  public function setUserScope(int $a_value): void
730  {
731  $this->user_scope = $a_value;
732  }
733  public function getUserScope(): int
734  {
735  return $this->user_scope;
736  }
737  public function enabledSyncOnLogin(): bool
738  {
739  return $this->sync_on_login;
740  }
741  public function enableSyncOnLogin(bool $a_value): void
742  {
743  $this->sync_on_login = $a_value;
744  }
745  public function enabledSyncPerCron(): bool
746  {
747  return $this->sync_per_cron;
748  }
749  public function enableSyncPerCron(bool $a_value): void
750  {
751  $this->sync_per_cron = $a_value;
752  }
753  public function setGlobalRole(int $a_role): void
754  {
755  $this->global_role = $a_role;
756  }
757  public function getRoleBindDN(): string
758  {
759  return $this->role_bind_dn;
760  }
761  public function setRoleBindDN(string $a_value): void
762  {
763  $this->role_bind_dn = $a_value;
764  }
765  public function getRoleBindPassword(): string
766  {
767  return $this->role_bind_pass;
768  }
769  public function setRoleBindPassword(string $a_value): void
770  {
771  $this->role_bind_pass = $a_value;
772  }
773  public function enabledRoleSynchronization(): bool
774  {
775  return $this->role_sync_active;
776  }
777  public function enableRoleSynchronization(bool $a_value): void
778  {
779  $this->role_sync_active = $a_value;
780  }
781 
782  public function getUsernameFilter(): string
783  {
784  return $this->username_filter;
785  }
786  public function setUsernameFilter(string $a_value): void
787  {
788  $this->username_filter = $a_value;
789  }
790 
791  public function enableEscapeDN(bool $a_value): void
792  {
793  $this->escape_dn = $a_value;
794  }
795 
796  public function enabledEscapeDN(): bool
797  {
798  return $this->escape_dn;
799  }
800 
804  public function enableAccountMigration(bool $a_status): void
805  {
806  $this->account_migration = $a_status;
807  }
808 
812  public function isAccountMigrationEnabled(): bool
813  {
814  return $this->account_migration;
815  }
816 
817 
821  public function validate(): bool
822  {
823  $this->ilErr->setMessage('');
824  if ($this->getName() === '' ||
825  $this->getUrl() === '' ||
826  $this->getBaseDN() === '' ||
827  $this->getUserAttribute() === '') {
828  $this->ilErr->setMessage($this->lng->txt('fill_out_all_required_fields'));
829  }
830 
831  if ($this->getBindingType() === self::LDAP_BIND_USER
832  && ($this->getBindUser() === '' || $this->getBindPassword() === '')) {
833  $this->ilErr->appendMessage($this->lng->txt('ldap_missing_bind_user'));
834  }
835 
836  if (!$this->global_role && ($this->enabledSyncPerCron() || $this->enabledSyncOnLogin())) {
837  $this->ilErr->appendMessage($this->lng->txt('ldap_missing_role_assignment'));
838  }
839  if ($this->getVersion() === 2 && $this->isActiveTLS()) {
840  $this->ilErr->appendMessage($this->lng->txt('ldap_tls_conflict'));
841  }
842 
843  return $this->ilErr->getMessage() === '';
844  }
845 
846  public function create(): int
847  {
848  $next_id = $this->db->nextId('ldap_server_settings');
849 
850  $query = 'INSERT INTO ldap_server_settings (server_id,active,name,url,version,base_dn,referrals,tls,bind_type,bind_user,bind_pass,' .
851  'search_base,user_scope,user_attribute,filter,group_dn,group_scope,group_filter,group_member,group_memberisdn,group_name,' .
852  'group_attribute,group_optional,group_user_filter,sync_on_login,sync_per_cron,role_sync_active,role_bind_dn,role_bind_pass,migration, ' .
853  'authentication,authentication_type,username_filter, escape_dn) ' .
854  'VALUES (%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s)';
855  $this->db->queryF(
856  $query,
857  array(
858  'integer','integer','text','text','integer','text','integer','integer','integer','text','text','text','integer',
859  'text','text','text','integer','text','text','integer','text','text','integer','text','integer','integer','integer',
860  'text','text', 'integer','integer','integer',"text", 'integer'),
861  array(
862  $next_id,
863  $this->isActive(),
864  $this->getName(),
865  $this->getUrlString(),
866  $this->getVersion(),
867  $this->getBaseDN(),
868  $this->isActiveReferrer(),
869  $this->isActiveTLS(),
870  $this->getBindingType(),
871  $this->getBindUser(),
872  $this->getBindPassword(),
873  $this->getSearchBase(),
874  $this->getUserScope(),
875  $this->getUserAttribute(),
876  $this->getFilter(),
877  $this->getGroupDN(),
878  $this->getGroupScope(),
879  $this->getGroupFilter(),
880  $this->getGroupMember(),
881  $this->enabledGroupMemberIsDN(),
882  $this->getGroupName(),
883  $this->getGroupAttribute(),
884  $this->isMembershipOptional(),
885  $this->getGroupUserFilter(),
886  $this->enabledSyncOnLogin(),
887  $this->enabledSyncPerCron(),
888  $this->enabledRoleSynchronization(),
889  $this->getRoleBindDN(),
890  $this->getRoleBindPassword(),
891  $this->isAccountMigrationEnabled(),
892  $this->isAuthenticationEnabled(),
893  $this->getAuthenticationMapping(),
894  $this->getUsernameFilter(),
895  (int) $this->enabledEscapeDN()
896  )
897  );
898  // end Patch Name Filter
899  $this->server_id = $next_id;
900  return $next_id;
901  }
902 
903  public function update(): bool
904  {
905  $query = "UPDATE ldap_server_settings SET " .
906  "active = " . $this->db->quote($this->isActive(), 'integer') . ", " .
907  "name = " . $this->db->quote($this->getName(), 'text') . ", " .
908  "url = " . $this->db->quote($this->getUrlString(), 'text') . ", " .
909  "version = " . $this->db->quote($this->getVersion(), 'integer') . ", " .
910  "base_dn = " . $this->db->quote($this->getBaseDN(), 'text') . ", " .
911  "referrals = " . $this->db->quote($this->isActiveReferrer(), 'integer') . ", " .
912  "tls = " . $this->db->quote($this->isActiveTLS(), 'integer') . ", " .
913  "bind_type = " . $this->db->quote($this->getBindingType(), 'integer') . ", " .
914  "bind_user = " . $this->db->quote($this->getBindUser(), 'text') . ", " .
915  "bind_pass = " . $this->db->quote($this->getBindPassword(), 'text') . ", " .
916  "search_base = " . $this->db->quote($this->getSearchBase(), 'text') . ", " .
917  "user_scope = " . $this->db->quote($this->getUserScope(), 'integer') . ", " .
918  "user_attribute = " . $this->db->quote($this->getUserAttribute(), 'text') . ", " .
919  "filter = " . $this->db->quote($this->getFilter(), 'text') . ", " .
920  "group_dn = " . $this->db->quote($this->getGroupDN(), 'text') . ", " .
921  "group_scope = " . $this->db->quote($this->getGroupScope(), 'integer') . ", " .
922  "group_filter = " . $this->db->quote($this->getGroupFilter(), 'text') . ", " .
923  "group_member = " . $this->db->quote($this->getGroupMember(), 'text') . ", " .
924  "group_memberisdn =" . $this->db->quote((int) $this->enabledGroupMemberIsDN(), 'integer') . ", " .
925  "group_name = " . $this->db->quote($this->getGroupName(), 'text') . ", " .
926  "group_attribute = " . $this->db->quote($this->getGroupAttribute(), 'text') . ", " .
927  "group_optional = " . $this->db->quote((int) $this->isMembershipOptional(), 'integer') . ", " .
928  "group_user_filter = " . $this->db->quote($this->getGroupUserFilter(), 'text') . ", " .
929  "sync_on_login = " . $this->db->quote(($this->enabledSyncOnLogin() ? 1 : 0), 'integer') . ", " .
930  "sync_per_cron = " . $this->db->quote(($this->enabledSyncPerCron() ? 1 : 0), 'integer') . ", " .
931  "role_sync_active = " . $this->db->quote($this->enabledRoleSynchronization(), 'integer') . ", " .
932  "role_bind_dn = " . $this->db->quote($this->getRoleBindDN(), 'text') . ", " .
933  "role_bind_pass = " . $this->db->quote($this->getRoleBindPassword(), 'text') . ", " .
934  "migration = " . $this->db->quote((int) $this->isAccountMigrationEnabled(), 'integer') . ", " .
935  'authentication = ' . $this->db->quote((int) $this->isAuthenticationEnabled(), 'integer') . ', ' .
936  'authentication_type = ' . $this->db->quote($this->getAuthenticationMapping(), 'integer') . ' ' .
937  ", username_filter = " . $this->db->quote($this->getUsernameFilter(), "text") . " " .
938  ", escape_dn = " . $this->db->quote($this->enabledEscapeDN() ? 1 : 0, 'integer') . " " .
939  "WHERE server_id = " . $this->db->quote($this->getServerId(), 'integer');
940 
941  $this->db->manipulate($query);
942  return true;
943  }
944 
948  public function delete(): void
949  {
950  if (!$this->getServerId()) {
951  //TODO check if we need return false
952  return;
953  }
954 
955  ilLDAPAttributeMapping::_delete($this->getServerId());
956 
957  $rules = ilLDAPRoleAssignmentRule::_getRules($this->getServerId());
958 
959  foreach ($rules as $ruleAssigment) {
960  $ruleAssigment->delete();
961  }
962 
963  ilLDAPRoleGroupMappingSettings::_deleteByServerId($this->getServerId());
964 
965  $query = "DELETE FROM ldap_server_settings " .
966  "WHERE server_id = " . $this->db->quote($this->getServerId(), 'integer');
967  $this->db->manipulate($query);
968  }
969 
970  //TODO check if this is still needed
976  public function toPearAuthArray(): array
977  {
978  $options = array(
979  'url' => $this->getUrl(),
980  'version' => $this->getVersion(),
981  'referrals' => $this->isActiveReferrer());
982 
983  if ($this->getBindingType() === self::LDAP_BIND_USER) {
984  $options['binddn'] = $this->getBindUser();
985  $options['bindpw'] = $this->getBindPassword();
986  }
987  $options['basedn'] = $this->getBaseDN();
988  $options['start_tls'] = $this->isActiveTLS();
989  $options['userdn'] = $this->getSearchBase();
990  if ($this->getUserScope() === self::LDAP_SCOPE_ONE) {
991  $options['userscope'] = 'one';
992  } else {
993  $options['userscope'] = 'sub';
994  }
995 
996  $options['userattr'] = $this->getUserAttribute();
997  $options['userfilter'] = $this->getFilter();
998  $options['attributes'] = $this->getPearAtributeArray();
999  $options['debug'] = self::DEBUG;
1000 
1001 
1002  $options['enableLogging'] = true;
1003 
1004  switch ($this->getGroupScope()) {
1005  case self::LDAP_SCOPE_BASE:
1006  $options['groupscope'] = 'base';
1007  break;
1008  case self::LDAP_SCOPE_ONE:
1009  $options['groupscope'] = 'one';
1010  break;
1011  default:
1012  $options['groupscope'] = 'sub';
1013  break;
1014  }
1015  $options['escape_dn'] = $this->enabledEscapeDN();
1016  $options['groupdn'] = $this->getGroupDN();
1017  $options['groupattr'] = $this->getGroupAttribute();
1018  $options['groupfilter'] = $this->getGroupFilter();
1019  $options['memberattr'] = $this->getGroupMember();
1020  $options['memberisdn'] = $this->enabledGroupMemberIsDN();
1021  $options['group'] = $this->getGroupName();
1022 
1023 
1024  return $options;
1025  }
1026 
1030  private function prepareFilter(string $a_filter): string
1031  {
1032  $filter = trim($a_filter);
1033 
1034  if ($filter === '') {
1035  return $filter;
1036  }
1037 
1038  if (strpos($filter, '(') !== 0) {
1039  $filter = ('(' . $filter);
1040  }
1041  if (substr($filter, -1) !== ')') {
1042  $filter .= ')';
1043  }
1044  return $filter;
1045  }
1046 
1050  private function getPearAtributeArray(): array
1051  {
1052  if ($this->enabledSyncOnLogin()) {
1053  $mapping = ilLDAPAttributeMapping::_getInstanceByServerId($this->getServerId());
1054  return array_merge(
1055  array($this->getUserAttribute()),
1056  $mapping->getFields(),
1057  array('dn'),
1058  ilLDAPRoleAssignmentRules::getAttributeNames($this->getServerId())
1059  );
1060  }
1061 
1062  return array($this->getUserAttribute());
1063  }
1064 
1069  private function read(): void
1070  {
1071  if (!$this->server_id) {
1072  return;
1073  }
1074  $query = "SELECT * FROM ldap_server_settings WHERE server_id = " . $this->db->quote($this->server_id, ilDBConstants::T_INTEGER);
1075 
1076  $res = $this->db->query($query);
1077  while ($row = $res->fetchRow(ilDBConstants::FETCHMODE_OBJECT)) {
1078  $this->toggleActive((bool) $row->active);
1079  $this->setName($row->name ?? '');
1080  $this->setUrl($row->url ?? '');
1081  $this->setVersion((int) $row->version);
1082  $this->setBaseDN($row->base_dn ?? '');
1083  $this->toggleReferrer((bool) $row->referrals);
1084  $this->toggleTLS((bool) $row->tls);
1085  $this->setBindingType((int) $row->bind_type);
1086  $this->setBindUser($row->bind_user ?? '');
1087  $this->setBindPassword($row->bind_pass ?? '');
1088  $this->setSearchBase($row->search_base ?? '');
1089  $this->setUserScope((int) $row->user_scope);
1090  $this->setUserAttribute($row->user_attribute ?? '');
1091  $this->setFilter($row->filter ?? '');
1092  $this->setGroupDN($row->group_dn ?? '');
1093  $this->setGroupScope((int) $row->group_scope);
1094  $this->setGroupFilter($row->group_filter ?? '');
1095  $this->setGroupMember($row->group_member ?? '');
1096  $this->setGroupAttribute($row->group_attribute ?? '');
1097  $this->toggleMembershipOptional((bool) $row->group_optional);
1098  $this->setGroupUserFilter($row->group_user_filter ?? '');
1099  $this->enableGroupMemberIsDN((bool) $row->group_memberisdn);
1100  $this->setGroupName($row->group_name ?? '');
1101  $this->enableSyncOnLogin((bool) $row->sync_on_login);
1102  $this->enableSyncPerCron((bool) $row->sync_per_cron);
1103  $this->enableRoleSynchronization((bool) $row->role_sync_active);
1104  $this->setRoleBindDN($row->role_bind_dn ?? '');
1105  $this->setRoleBindPassword($row->role_bind_pass ?? '');
1106  $this->enableAccountMigration((bool) $row->migration);
1107  $this->enableAuthentication((bool) $row->authentication);
1108  $this->setAuthenticationMapping((int) $row->authentication_type);
1109  $this->setUsernameFilter($row->username_filter ?? '');
1110  $this->enableEscapeDN((bool) $row->escape_dn);
1111  }
1112  }
1113 }
ilLDAPServer\checkLDAPLib
static checkLDAPLib()
Check if ldap module is installed.
Definition: class.ilLDAPServer.php:129
ilLDAPServer\_getFirstActiveServer
static _getFirstActiveServer()
Get first active server.
Definition: class.ilLDAPServer.php:213
ilLDAPServer\disableDataSourceForAuthMode
static disableDataSourceForAuthMode(int $a_authmode)
Disable data source.
Definition: class.ilLDAPServer.php:343
$res
$res
Definition: ltiservices.php:66
ilLDAPServer\toggleMembershipOptional
toggleMembershipOptional(bool $a_status)
Definition: class.ilLDAPServer.php:696
ilLDAPServer\read
read()
Read server settings.
Definition: class.ilLDAPServer.php:1069
ilLDAPServer\setBindingType
setBindingType(int $a_type)
Definition: class.ilLDAPServer.php:591
ilLDAPServer\getDataSource
static getDataSource(int $a_auth_mode)
Definition: class.ilLDAPServer.php:325
ilLDAPServer\getAvailableDataSources
static getAvailableDataSources(int $a_auth_mode)
Definition: class.ilLDAPServer.php:286
ilLDAPServer\setAuthenticationMapping
setAuthenticationMapping(int $a_map)
Set mapped authentication mapping.
Definition: class.ilLDAPServer.php:461
ilLoggerFactory\getLogger
static getLogger(string $a_component_id)
Get component logger.
Definition: class.ilLoggerFactory.php:89
ilLDAPServer\_getServerList
static _getServerList()
Get list of all configured servers.
Definition: class.ilLDAPServer.php:227
ilLDAPServer\enableAuthentication
enableAuthentication(bool $a_status)
Enable authentication for this ldap server.
Definition: class.ilLDAPServer.php:445
ilLDAPServer\getInstanceByServerId
static getInstanceByServerId(int $a_server_id)
Get instance by server id.
Definition: class.ilLDAPServer.php:101
ilLDAPServer\enableSyncPerCron
enableSyncPerCron(bool $a_value)
Definition: class.ilLDAPServer.php:749
array_map
ilLDAPServer\_getAllServer
static _getAllServer()
Get list of all configured servers.
Definition: class.ilLDAPServer.php:269
ilLDAPServer\validate
validate()
Validate user input.
Definition: class.ilLDAPServer.php:821
ilLDAPServer\setFilter
setFilter(string $a_filter)
Definition: class.ilLDAPServer.php:635
ilLDAPServer\_getActiveServerList
static _getActiveServerList()
Get active server list.
Definition: class.ilLDAPServer.php:139
ilLDAPServer\getPearAtributeArray
getPearAtributeArray()
Get attribute array for pear auth data.
Definition: class.ilLDAPServer.php:1050
ilLDAPServer\toggleDataSource
static toggleDataSource(int $a_ldap_server_id, int $a_auth_mode, int $a_status)
Toggle Data Source.
Definition: class.ilLDAPServer.php:362
ilAuthUtils\_getAuthModeName
static _getAuthModeName($a_auth_key)
Definition: class.ilAuthUtils.php:208
ilLDAPRoleAssignmentRules\getAttributeNames
static getAttributeNames($a_server_id)
get all possible attribute names
Definition: class.ilLDAPRoleAssignmentRules.php:69
ilLDAPServer\setGroupMember
setGroupMember(string $a_value)
Definition: class.ilLDAPServer.php:659
ilLDAPRoleAssignmentRule\_getRules
static _getRules($a_server_id)
Get all rules.
Definition: class.ilLDAPRoleAssignmentRule.php:196
ilLDAPServer\setGroupAttribute
setGroupAttribute(string $a_value)
Definition: class.ilLDAPServer.php:692
ilLDAPServer\setGroupName
setGroupName(string $a_value)
Definition: class.ilLDAPServer.php:667
ilLDAPServer\toggleReferrer
toggleReferrer(bool $a_status)
Definition: class.ilLDAPServer.php:575
ilLDAPServer\setUrl
setUrl(string $a_url)
Definition: class.ilLDAPServer.php:498
ilLDAPServer\$db
ilDBInterface $db
Definition: class.ilLDAPServer.php:81
null
while($session_entry=$r->fetchRow(ilDBConstants::FETCHMODE_ASSOC)) return null
Definition: shib_logout.php:142
ilLDAPServer\getServerIdByAuthMode
static getServerIdByAuthMode(string $a_auth_mode)
Get auth id by auth mode.
Definition: class.ilLDAPServer.php:401
ilLDAPServer\isDataSourceActive
static isDataSourceActive(int $a_auth_mode)
Check if a data source is active for a specific auth mode.
Definition: class.ilLDAPServer.php:309
ilLDAPServer\DEFAULT_NETWORK_TIMEOUT
const DEFAULT_NETWORK_TIMEOUT
Definition: class.ilLDAPServer.php:37
ilLDAPServer\getGroupNames
getGroupNames()
Get group names as array.
Definition: class.ilLDAPServer.php:676
ilLDAPServer\$ilErr
ilErrorHandling $ilErr
Definition: class.ilLDAPServer.php:83
ilLDAPServer\getKeyByAuthMode
static getKeyByAuthMode(string $a_auth_mode)
Get auth id by auth mode.
Definition: class.ilLDAPServer.php:427
ilLDAPServer\getServerIds
static getServerIds()
Get all server ids.
Definition: class.ilLDAPServer.php:248
ilLDAPServer\$instances
static array $instances
Definition: class.ilLDAPServer.php:26
ilLDAPServer\getAuthenticationMapping
getAuthenticationMapping()
Get authentication mode that is mapped.
Definition: class.ilLDAPServer.php:469
ilLDAPServer\doConnectionCheck
doConnectionCheck()
Check ldap connection and do a fallback to the next server if no connection is possible.
Definition: class.ilLDAPServer.php:527
ilLDAPServer\toggleActive
toggleActive(bool $a_status)
Definition: class.ilLDAPServer.php:486
ilLDAPServer\enableEscapeDN
enableEscapeDN(bool $a_value)
Definition: class.ilLDAPServer.php:791
$DIC
global $DIC
Definition: shib_login.php:22
ilLDAPServer\_getCronServerIds
static _getCronServerIds()
Get list of acticve servers with option &#39;SyncCron&#39;.
Definition: class.ilLDAPServer.php:163
ilLDAPServer\enableSyncOnLogin
enableSyncOnLogin(bool $a_value)
Definition: class.ilLDAPServer.php:741
ilLDAPServer\setGroupUserFilter
setGroupUserFilter(string $a_filter)
Definition: class.ilLDAPServer.php:704
ilLDAPServer\__construct
__construct(int $a_server_id=0)
Definition: class.ilLDAPServer.php:85
ilLDAPServer\toPearAuthArray
toPearAuthArray()
Creates an array of options compatible to PEAR Auth.
Definition: class.ilLDAPServer.php:976
ilLDAPServer\setUserAttribute
setUserAttribute(string $a_user_attr)
Definition: class.ilLDAPServer.php:627
ilLDAPServer\isAuthenticationEnabled
isAuthenticationEnabled()
Check if authentication is enabled.
Definition: class.ilLDAPServer.php:453
ilLDAPServer\setVersion
setVersion(int $a_version)
Definition: class.ilLDAPServer.php:559
ilLDAPServer\enableGroupMemberIsDN
enableGroupMemberIsDN(bool $a_value)
Definition: class.ilLDAPServer.php:717
ilLDAPServer\enableRoleSynchronization
enableRoleSynchronization(bool $a_value)
Definition: class.ilLDAPServer.php:777
ilLDAPServer\setBindPassword
setBindPassword(string $a_password)
Definition: class.ilLDAPServer.php:611
ilLDAPServer\toggleTLS
toggleTLS(bool $a_status)
Definition: class.ilLDAPServer.php:583
ilLDAPServer\setRoleBindDN
setRoleBindDN(string $a_value)
Definition: class.ilLDAPServer.php:761
ilLDAPServer\setName
setName(string $a_name)
Definition: class.ilLDAPServer.php:551
ilLDAPServer\setGroupFilter
setGroupFilter(string $a_value)
Definition: class.ilLDAPServer.php:651
ilLDAPServer\setGlobalRole
setGlobalRole(int $a_role)
Definition: class.ilLDAPServer.php:753
ilLDAPServer\setBindUser
setBindUser(string $a_user)
Definition: class.ilLDAPServer.php:603
ilLDAPServer\isAuthModeLDAP
static isAuthModeLDAP(string $a_auth_mode)
Check if user auth mode is LDAP.
Definition: class.ilLDAPServer.php:382
ilLDAPServer\setGroupDN
setGroupDN(string $a_value)
Definition: class.ilLDAPServer.php:643
ilLDAPServer\setGroupScope
setGroupScope(int $a_value)
Definition: class.ilLDAPServer.php:721
ilLDAPServer\rotateFallbacks
rotateFallbacks()
Rotate fallback urls in case of connect timeouts.
Definition: class.ilLDAPServer.php:109
ilLDAPServer\setUserScope
setUserScope(int $a_value)
Definition: class.ilLDAPServer.php:729
ilLDAPServer\setSearchBase
setSearchBase(string $a_search_base)
Definition: class.ilLDAPServer.php:619
ilLDAPServer\getAuthenticationMappingKey
getAuthenticationMappingKey()
Get authentication mapping key Default is ldap.
Definition: class.ilLDAPServer.php:478
ilLDAPServer\setUsernameFilter
setUsernameFilter(string $a_value)
Definition: class.ilLDAPServer.php:786
ilLDAPAttributeMapping\_delete
static _delete(int $a_server_id)
Definition: class.ilLDAPAttributeMapping.php:54
$server
$server
Definition: shib_login.php:24
ILIAS\Repository\filter
filter(string $filter_id, $class_path, string $cmd, bool $activated=true, bool $expanded=true)
Definition: trait.GlobalDICGUIServices.php:171
ilLDAPServer\setRoleBindPassword
setRoleBindPassword(string $a_value)
Definition: class.ilLDAPServer.php:769
ilLDAPAttributeMapping\_getInstanceByServerId
static _getInstanceByServerId(int $a_server_id)
Definition: class.ilLDAPAttributeMapping.php:45
ilLDAPServer\setBaseDN
setBaseDN(string $a_base_dn)
Definition: class.ilLDAPServer.php:567
ilLDAPServer\_getRoleSyncServerIds
static _getRoleSyncServerIds()
Check whether there if there is an active server with option role_sync_active.
Definition: class.ilLDAPServer.php:188
ilLDAPServer\getAuthModeByKey
static getAuthModeByKey(string $a_auth_key)
get auth mode by key
Definition: class.ilLDAPServer.php:414
ilLDAPServer\enableAccountMigration
enableAccountMigration(bool $a_status)
Enable account migration.
Definition: class.ilLDAPServer.php:804
ilLDAPServer\prepareFilter
prepareFilter(string $a_filter)
Create brackets for filters if they do not exist.
Definition: class.ilLDAPServer.php:1030
ilLDAPServer\isAccountMigrationEnabled
isAccountMigrationEnabled()
enabled account migration
Definition: class.ilLDAPServer.php:812