ILIAS  trunk Revision v11.0_alpha-3011-gc6b235a2e85
ilLDAPQuery Class Reference
+ Collaboration diagram for ilLDAPQuery:

Public Member Functions

 __construct (ilLDAPServer $a_server, string $a_url='')
 
 getServer ()
 Get server. More...
 
 fetchUser (string $a_name)
 Get one user by login name. More...
 
 fetchUsers ()
 Fetch all users. More...
 
 query (string $a_search_base, string $a_filter, int $a_scope, array $a_attributes)
 Perform a query. More...
 
 modAdd (string $a_dn, array $a_attribute)
 Add value to an existing attribute. More...
 
 modDelete (string $a_dn, array $a_attribute)
 Delete value from an existing attribute. More...
 
 checkGroupMembership (string $a_ldap_user_name, array $ldap_user_data)
 check group membership More...
 
 bind (int $a_binding_type=ilLDAPQuery::LDAP_BIND_DEFAULT, string $a_user_dn='', string $a_password='')
 Bind to LDAP server. More...
 
 __destruct ()
 Destructor unbind from ldap server. More...
 
 checkPaginationEnabled ()
 Check if pagination is enabled (rfc: 2696) More...
 

Data Fields

const LDAP_BIND_DEFAULT = 0
 
const LDAP_BIND_ADMIN = 1
 
const LDAP_BIND_TEST = 2
 
const LDAP_BIND_AUTH = 10
 

Private Member Functions

 readAllUsers ()
 Fetch all users This function splits the query to filters like e.g (uid=a*) (uid=b*)... This avoids AD page_size_limit. More...
 
 runReadAllUsersPaged (string $dn)
 read all users with ldap paging More...
 
 runReadAllUsersPartial (string $dn)
 Read all users partial by alphabet. More...
 
 fetchGroupMembers (string $a_name='')
 Fetch group member ids. More...
 
 readUserData (string $a_name, bool $a_check_dn=false, bool $a_try_group_user_filter=false)
 Read user data. More...
 
 queryByScope (int $a_scope, string $a_base_dn, string $a_filter, array $a_attributes, ?array $controls=null)
 Query by scope IL_SCOPE_SUB => ldap_search IL_SCOPE_ONE => ldap_list. More...
 
 connect ()
 Connect to LDAP server. More...
 
 fetchUserProfileFields ()
 fetch required fields of user profile data More...
 

Private Attributes

const IL_LDAP_SUPPORTED_CONTROL = 'supportedControl'
 
const PAGINATION_SIZE = 100
 
string $ldap_server_url
 
ilLDAPServer $settings
 
ilLogger $logger
 
ilLDAPAttributeMapping $mapping
 
array $user_fields = []
 
array $users = []
 
 $lh = false
 

Detailed Description

Author
Stefan Meyer meyer.nosp@m.@lei.nosp@m.fos.c.nosp@m.om

Definition at line 25 of file class.ilLDAPQuery.php.

Constructor & Destructor Documentation

◆ __construct()

ilLDAPQuery::__construct ( ilLDAPServer  $a_server,
string  $a_url = '' 
)
Exceptions
ilLDAPQueryException

Definition at line 53 of file class.ilLDAPQuery.php.

54 {
55 global $DIC;
56 $this->logger = $DIC->logger()->auth();
57
58 $this->settings = $a_server;
59
60 if ($a_url !== '') {
61 $this->ldap_server_url = $a_url;
62 } else {
63 $this->ldap_server_url = $this->settings->getUrl();
64 }
65
66 $this->mapping = ilLDAPAttributeMapping::_getInstanceByServerId($this->settings->getServerId());
67
69 $this->connect();
70 }
static _getInstanceByServerId(int $a_server_id)
fetchUserProfileFields()
fetch required fields of user profile data
connect()
Connect to LDAP server.
global $DIC
Definition: shib_login.php:26

References $DIC, ilLDAPAttributeMapping\_getInstanceByServerId(), connect(), fetchUserProfileFields(), ILIAS\Repository\logger(), and ILIAS\Repository\settings().

+ Here is the call graph for this function:

◆ __destruct()

ilLDAPQuery::__destruct ( )

Destructor unbind from ldap server.

Definition at line 745 of file class.ilLDAPQuery.php.

746 {
747 if ($this->lh) {
748 ldap_unbind($this->lh);
749 }
750 }

Member Function Documentation

◆ bind()

ilLDAPQuery::bind ( int  $a_binding_type = ilLDAPQuery::LDAP_BIND_DEFAULT,
string  $a_user_dn = '',
string  $a_password = '' 
)

Bind to LDAP server.

@access public

Parameters
intbinding_type ilLDAPQuery::LDAP_BIND_DEFAULT || ilLDAPQuery::LDAP_BIND_ADMIN
Exceptions
ilLDAPQueryExceptionon connection failure.

@noinspection PhpMissingBreakStatementInspection

Definition at line 667 of file class.ilLDAPQuery.php.

667 : void
668 {
669 switch ($a_binding_type) {
672 ldap_set_option($this->lh, LDAP_OPT_NETWORK_TIMEOUT, ilLDAPServer::DEFAULT_NETWORK_TIMEOUT);
673 // fall through
674 // no break
676 // Now bind anonymously or as user
677 if (
678 ilLDAPServer::LDAP_BIND_USER === $this->settings->getBindingType() &&
679 $this->settings->getBindUser() !== ''
680 ) {
681 $user = $this->settings->getBindUser();
682 $pass = $this->settings->getBindPassword();
683
684 $this->logger->debug('Bind as ' . $user);
685 } else {
686 $user = $pass = '';
687 $this->logger->debug('Bind anonymous');
688 }
689 break;
690
692 $user = $this->settings->getRoleBindDN();
693 $pass = $this->settings->getRoleBindPassword();
694
695 if ($user === '' || $pass === '') {
696 $user = $this->settings->getBindUser();
697 $pass = $this->settings->getBindPassword();
698 }
699 break;
700
702 $this->logger->debug('Trying to bind as: ' . $a_user_dn);
703 $user = $a_user_dn;
704 $pass = $a_password;
705 break;
706
707
708 default:
709 throw new ilLDAPQueryException('LDAP: unknown binding type in: ' . __METHOD__);
710 }
711
712 try {
713 set_error_handler(static function (int $severity, string $message, string $file, int $line): void {
714 throw new ErrorException($message, $severity, $severity, $file, $line);
715 });
716
717 if (!ldap_bind($this->lh, $user, $pass)) {
718 throw new ilLDAPQueryException('LDAP: Cannot bind as ' . $user . ' with message: ' . ldap_err2str(ldap_errno($this->lh)) . ' Trying fallback...', ldap_errno($this->lh));
719 }
720 } catch (Throwable $e) {
721 throw new ilLDAPQueryException('LDAP: Cannot bind as ' . $user . ' with message: ' . $e->getMessage());
722 } finally {
723 restore_error_handler();
724 }
725
726 $this->logger->debug('Bind successful.');
727 }
const DEFAULT_NETWORK_TIMEOUT
$message
Definition: xapiexit.php:31

References Vendor\Package\$e, $message, ilLDAPServer\DEFAULT_NETWORK_TIMEOUT, LDAP_BIND_ADMIN, LDAP_BIND_AUTH, LDAP_BIND_DEFAULT, LDAP_BIND_TEST, ilLDAPServer\LDAP_BIND_USER, ILIAS\Repository\logger(), and ILIAS\Repository\settings().

+ Here is the call graph for this function:

◆ checkGroupMembership()

ilLDAPQuery::checkGroupMembership ( string  $a_ldap_user_name,
array  $ldap_user_data 
)

check group membership

Parameters
stringlogin name
arrayuser data
Returns
bool

Definition at line 318 of file class.ilLDAPQuery.php.

318 : bool
319 {
320 $group_names = $this->getServer()->getGroupNames();
321
322 if (!count($group_names)) {
323 $this->logger->debug('No LDAP group restrictions found');
324 return true;
325 }
326
327 $group_dn = $this->getServer()->getGroupDN();
328 if (
329 $group_dn &&
330 (substr($group_dn, -1) !== ',')
331 ) {
332 $group_dn .= ',';
333 }
334 $group_dn .= $this->getServer()->getBaseDN();
335
336 foreach ($group_names as $group) {
337 $user = $a_ldap_user_name;
338 if ($this->getServer()->enabledGroupMemberIsDN()) {
339 if ($this->getServer()->enabledEscapeDN()) {
340 $user = ldap_escape($ldap_user_data['dn'], "", LDAP_ESCAPE_FILTER);
341 } else {
342 $user = $ldap_user_data['dn'];
343 }
344 }
345
346 $filter = sprintf(
347 '(&(%s=%s)(%s=%s)%s)',
348 $this->getServer()->getGroupAttribute(),
349 $group,
350 $this->getServer()->getGroupMember(),
351 $user,
352 $this->getServer()->getGroupFilter()
353 );
354 $this->logger->debug('Current group search base: ' . $group_dn);
355 $this->logger->debug('Current group filter: ' . $filter);
356
357 $res = $this->queryByScope(
358 $this->getServer()->getGroupScope(),
359 $group_dn,
360 $filter,
361 [$this->getServer()->getGroupMember()]
362 );
363
364 $this->logger->dump($res);
365
366 $tmp_result = new ilLDAPResult($this->lh, $res);
367 $tmp_result->run();
368 $group_result = $tmp_result->getRows();
369
370 $this->logger->debug('Group query returned: ');
371 $this->logger->dump($group_result, ilLogLevel::DEBUG);
372
373 if (count($group_result)) {
374 return true;
375 }
376 }
377
378 // group restrictions failed check optional membership
379 if ($this->getServer()->isMembershipOptional()) {
380 $this->logger->debug('Group restrictions failed, checking user filter.');
381 if ($this->readUserData($a_ldap_user_name, true, true)) {
382 $this->logger->debug('User filter matches.');
383 return true;
384 }
385 }
386 $this->logger->debug('Group restrictions failed.');
387 return false;
388 }
queryByScope(int $a_scope, string $a_base_dn, string $a_filter, array $a_attributes, ?array $controls=null)
Query by scope IL_SCOPE_SUB => ldap_search IL_SCOPE_ONE => ldap_list.
getServer()
Get server.
readUserData(string $a_name, bool $a_check_dn=false, bool $a_try_group_user_filter=false)
Read user data.
Class ilLDAPPagedResult.
$res
Definition: ltiservices.php:69

References $res, ilLogLevel\DEBUG, getServer(), ILIAS\Repository\logger(), queryByScope(), and readUserData().

+ Here is the call graph for this function:

◆ checkPaginationEnabled()

ilLDAPQuery::checkPaginationEnabled ( )

Check if pagination is enabled (rfc: 2696)

Definition at line 755 of file class.ilLDAPQuery.php.

755 : bool
756 {
757 if ($this->getServer()->getVersion() !== 3) {
758 $this->logger->info('Pagination control unavailable for ldap v' . $this->getServer()->getVersion());
759 return false;
760 }
761
762 $result = ldap_read($this->lh, '', '(objectClass=*)', [self::IL_LDAP_SUPPORTED_CONTROL]);
763 if ($result === false) {
764 $this->logger->warning('Failed to query for pagination control');
765 return false;
766 }
767 $entries = (array) (ldap_get_entries($this->lh, $result)[0] ?? []);
768 if (
769 array_key_exists(strtolower(self::IL_LDAP_SUPPORTED_CONTROL), $entries) &&
770 is_array($entries[strtolower(self::IL_LDAP_SUPPORTED_CONTROL)]) &&
771 in_array(LDAP_CONTROL_PAGEDRESULTS, $entries[strtolower(self::IL_LDAP_SUPPORTED_CONTROL)], true)
772 ) {
773 $this->logger->info('Using paged control');
774 return true;
775 }
776 $this->logger->info('Paged control disabled');
777 return false;
778 }

References getServer(), and ILIAS\Repository\logger().

Referenced by readAllUsers().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ connect()

ilLDAPQuery::connect ( )
private

Connect to LDAP server.

Exceptions
ilLDAPQueryException

Definition at line 632 of file class.ilLDAPQuery.php.

632 : void
633 {
634 $this->lh = ldap_connect($this->ldap_server_url);
635
636 // LDAP Connect
637 if (!$this->lh) {
638 throw new ilLDAPQueryException("LDAP: Cannot connect to LDAP Server: " . $this->settings->getUrl());
639 }
640 // LDAP Version
641 if (!ldap_set_option($this->lh, LDAP_OPT_PROTOCOL_VERSION, $this->settings->getVersion())) {
642 throw new ilLDAPQueryException("LDAP: Cannot set version to: " . $this->settings->getVersion());
643 }
644 // Switch on referrals
645 if ($this->settings->isActiveReferrer()) {
646 if (!ldap_set_option($this->lh, LDAP_OPT_REFERRALS, true)) {
647 throw new ilLDAPQueryException("LDAP: Cannot switch on LDAP referrals");
648 }
649 } else {
650 ldap_set_option($this->lh, LDAP_OPT_REFERRALS, false);
651 $this->logger->debug('Switching referrals to false.');
652 }
653 // Start TLS
654 if ($this->settings->isActiveTLS() && !ldap_start_tls($this->lh)) {
655 throw new ilLDAPQueryException("LDAP: Cannot start LDAP TLS");
656 }
657 }

References ILIAS\Repository\logger(), and ILIAS\Repository\settings().

Referenced by __construct().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ fetchGroupMembers()

ilLDAPQuery::fetchGroupMembers ( string  $a_name = '')
private

Fetch group member ids.

Parameters
list<string>$members

Definition at line 394 of file class.ilLDAPQuery.php.

394 : void
395 {
396 $group_name = $a_name !== '' ? $a_name : $this->settings->getGroupName();
397
398 // Build filter
399 $filter = sprintf(
400 '(&(%s=%s)%s)',
401 $this->settings->getGroupAttribute(),
402 $group_name,
403 $this->settings->getGroupFilter()
404 );
405
406
407 // Build search base
408 if (($gdn = $this->settings->getGroupDN()) && substr($gdn, -1) !== ',') {
409 $gdn .= ',';
410 }
411 $gdn .= $this->settings->getBaseDN();
412
413 $this->logger->debug('Using filter ' . $filter);
414 $this->logger->debug('Using DN ' . $gdn);
415 $res = $this->queryByScope(
416 $this->settings->getGroupScope(),
417 $gdn,
418 $filter,
419 array($this->settings->getGroupMember())
420 );
421
422 $tmp_result = new ilLDAPResult($this->lh, $res);
423 $tmp_result->run();
424 $group_data = $tmp_result->getRows();
425
426
427 if (!$tmp_result->numRows()) {
428 $this->logger->info('No group found.');
429 return;
430 }
431
435 $readUserData = function (array $members): void {
436 if ($members === []) {
437 $this->logger->warning(sprintf(
438 'No valid member values found for group member attribute: %s',
439 $this->settings->getGroupMember()
440 ));
441 return;
442 }
443
444 foreach ($members as $member) {
445 $this->readUserData($member, true, true);
446 }
447 };
448
449 // All groups
450 $attribute_name = strtolower($this->settings->getGroupMember());
451 foreach ($group_data as $data) {
452 $members = [];
453 if (isset($data[$attribute_name])) {
454 if (is_array($data[$attribute_name])) {
455 $members = array_map('strval', array_filter($data[$attribute_name]));
456 $this->logger->debug('Found ' . count($members) . ' group members for group ' . $data['dn']);
457 } elseif (is_scalar($data[$attribute_name]) && (string) $data[$attribute_name] !== '') {
458 $members = [
459 (string) $data[$attribute_name]
460 ];
461 }
462 }
463
464 $readUserData($members);
465 }
466 unset($tmp_result);
467 }

References $data, $res, ILIAS\Repository\logger(), queryByScope(), readUserData(), and ILIAS\Repository\settings().

Referenced by fetchUsers().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ fetchUser()

ilLDAPQuery::fetchUser ( string  $a_name)

Get one user by login name.

Parameters
string$a_namelogin name
Returns
array of user data

Definition at line 86 of file class.ilLDAPQuery.php.

86 : array
87 {
88 if (!$this->readUserData($a_name)) {
89 return [];
90 }
91
92 return $this->users;
93 }

References $users, and readUserData().

+ Here is the call graph for this function:

◆ fetchUserProfileFields()

ilLDAPQuery::fetchUserProfileFields ( )
private

fetch required fields of user profile data

Definition at line 732 of file class.ilLDAPQuery.php.

732 : void
733 {
734 $this->user_fields = array_merge(
735 array($this->settings->getUserAttribute()),
736 array('dn'),
737 $this->mapping->getFields(),
738 ilLDAPRoleAssignmentRules::getAttributeNames($this->getServer()->getServerId())
739 );
740 }
static getAttributeNames($a_server_id)
get all possible attribute names

References ilLDAPRoleAssignmentRules\getAttributeNames(), and ILIAS\Repository\settings().

Referenced by __construct().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ fetchUsers()

ilLDAPQuery::fetchUsers ( )

Fetch all users.

Returns
array array of user data

Definition at line 101 of file class.ilLDAPQuery.php.

101 : array
102 {
103 // First of all check if a group restriction is enabled
104 // YES: => fetch all group members
105 // No: => fetch all users
106 if ($this->settings->getGroupName() !== '') {
107 $this->logger->debug('Searching for group members.');
108
109 $groups = $this->settings->getGroupNames();
110 if (count($groups) <= 1) {
111 $this->fetchGroupMembers();
112 } else {
113 foreach ($groups as $group) {
114 $this->fetchGroupMembers($group);
115 }
116 }
117 }
118 if ($this->settings->getGroupName() === '' || $this->settings->isMembershipOptional()) {
119 $this->logger->info('Start reading all users...');
120 $this->readAllUsers();
121 #throw new ilLDAPQueryException('LDAP: Called import of users without specifying group restrictions. NOT IMPLEMENTED YET!');
122 }
123 return $this->users;
124 }
fetchGroupMembers(string $a_name='')
Fetch group member ids.
readAllUsers()
Fetch all users This function splits the query to filters like e.g (uid=a*) (uid=b*)....

References $users, fetchGroupMembers(), ILIAS\Repository\logger(), readAllUsers(), and ILIAS\Repository\settings().

+ Here is the call graph for this function:

◆ getServer()

ilLDAPQuery::getServer ( )

Get server.

Definition at line 75 of file class.ilLDAPQuery.php.

76 {
77 return $this->settings;
78 }
ilLDAPServer $settings

References $settings.

Referenced by checkGroupMembership(), and checkPaginationEnabled().

+ Here is the caller graph for this function:

◆ modAdd()

ilLDAPQuery::modAdd ( string  $a_dn,
array  $a_attribute 
)

Add value to an existing attribute.

Exceptions
ilLDAPQueryException

Definition at line 151 of file class.ilLDAPQuery.php.

151 : bool
152 {
153 if (ldap_mod_add($this->lh, $a_dn, $a_attribute)) {
154 return true;
155 }
156
157 throw new ilLDAPQueryException(__METHOD__ . ' ' . ldap_error($this->lh));
158 }

◆ modDelete()

ilLDAPQuery::modDelete ( string  $a_dn,
array  $a_attribute 
)

Delete value from an existing attribute.

Exceptions
ilLDAPQueryException

Definition at line 165 of file class.ilLDAPQuery.php.

165 : bool
166 {
167 if (ldap_mod_del($this->lh, $a_dn, $a_attribute)) {
168 return true;
169 }
170 throw new ilLDAPQueryException(__METHOD__ . ' ' . ldap_error($this->lh));
171 }

◆ query()

ilLDAPQuery::query ( string  $a_search_base,
string  $a_filter,
int  $a_scope,
array  $a_attributes 
)

Perform a query.

Exceptions
ilLDAPQueryException

Definition at line 130 of file class.ilLDAPQuery.php.

131 {
132 $res = $this->queryByScope($a_scope, $a_search_base, $a_filter, $a_attributes);
133 if ($res === false) {
134 throw new ilLDAPQueryException(__METHOD__ . ' ' . ldap_error($this->lh) . ' ' .
135 sprintf(
136 'DN: %s, Filter: %s, Scope: %s',
137 $a_search_base,
138 $a_filter,
139 $a_scope
140 ));
141 }
142
143 return (new ilLDAPResult($this->lh, $res))->run();
144 }

References $res, and queryByScope().

+ Here is the call graph for this function:

◆ queryByScope()

ilLDAPQuery::queryByScope ( int  $a_scope,
string  $a_base_dn,
string  $a_filter,
array  $a_attributes,
?array  $controls = null 
)
private

Query by scope IL_SCOPE_SUB => ldap_search IL_SCOPE_ONE => ldap_list.

Parameters
array | null$controlsLDAP Control to be passed on the the ldap functions
Returns
null|false|resource|list<\LDAP\Result>|\LDAP\Result

Definition at line 545 of file class.ilLDAPQuery.php.

551 {
552 $a_filter = $a_filter ?: "(objectclass=*)";
553
554 set_error_handler(static function (int $severity, string $message, string $file, int $line): void {
555 throw new ErrorException($message, $severity, $severity, $file, $line);
556 });
557
558 $result = null; // We should ensure the similar behaviour of using the @ operator in PHP < 8.x
559
560 try {
561 switch ($a_scope) {
563 $result = ldap_search(
564 $this->lh,
565 $a_base_dn,
566 $a_filter,
567 $a_attributes,
568 0,
569 0,
570 0,
571 LDAP_DEREF_NEVER,
572 $controls
573 );
574 break;
575
577 $result = ldap_list(
578 $this->lh,
579 $a_base_dn,
580 $a_filter,
581 $a_attributes,
582 0,
583 0,
584 0,
585 LDAP_DEREF_NEVER,
586 $controls
587 );
588 break;
589
591 $result = ldap_read(
592 $this->lh,
593 $a_base_dn,
594 $a_filter,
595 $a_attributes,
596 0,
597 0,
598 0,
599 LDAP_DEREF_NEVER,
600 $controls
601 );
602 break;
603
604 default:
606 "Undefined LDAP Search Scope: " . $a_scope
607 );
608 }
609 } catch (ErrorException $e) {
610 $this->logger->warning($e->getMessage());
611 $this->logger->warning($e->getTraceAsString());
612 } finally {
613 restore_error_handler();
614 }
615
616 $error = ldap_errno($this->lh);
617 if ($error) {
618 $this->logger->warning("LDAP Error Code: " . $error . "(" . ldap_err2str($error) . ")");
619 $this->logger->warning('Base DN:' . $a_base_dn);
620 $this->logger->warning('Filter: ' . $a_filter);
621 }
622
623 return $result;
624 }

References Vendor\Package\$e, $message, ilLDAPServer\LDAP_SCOPE_BASE, ilLDAPServer\LDAP_SCOPE_ONE, ilLDAPServer\LDAP_SCOPE_SUB, and ILIAS\Repository\logger().

Referenced by checkGroupMembership(), fetchGroupMembers(), query(), readUserData(), runReadAllUsersPaged(), and runReadAllUsersPartial().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ readAllUsers()

ilLDAPQuery::readAllUsers ( )
private

Fetch all users This function splits the query to filters like e.g (uid=a*) (uid=b*)... This avoids AD page_size_limit.

Definition at line 178 of file class.ilLDAPQuery.php.

178 : void
179 {
180 // Build search base
181 $this->logger->debug($this->settings->getSearchBase());
182 $this->logger->debug($this->settings->getBaseDN());
183 if (($dn = $this->settings->getSearchBase()) && substr($dn, -1) !== ',') {
184 $dn .= ',';
185 }
186 $dn .= $this->settings->getBaseDN();
187 if ($this->checkPaginationEnabled()) {
188 try {
189 $tmp_result = $this->runReadAllUsersPaged($dn);
190 } catch (ilLDAPPagingException $e) {
191 $this->logger->warning('Using LDAP with paging failed. Trying to use fallback.');
192 $tmp_result = $this->runReadAllUsersPartial($dn);
193 }
194 } else {
195 $tmp_result = $this->runReadAllUsersPartial($dn);
196 }
197
198 if (!$tmp_result->numRows()) {
199 $this->logger->notice('No users found. Aborting.');
200 }
201 $this->logger->info('Found ' . $tmp_result->numRows() . ' users.');
202 $attribute = strtolower($this->settings->getUserAttribute());
203 foreach ($tmp_result->getRows() as $data) {
204 if (isset($data[$attribute]) && is_scalar($data[$attribute]) && (string) $data[$attribute] !== '') {
205 $this->readUserData((string) $data[$attribute]);
206 continue;
207 }
208
209 $this->logger->warning(sprintf(
210 'Unknown error. No or invalid value found for attribute %s: %s',
211 $this->settings->getUserAttribute(),
212 var_export($data[$attribute] ?? null, true)
213 ));
214 }
215 unset($tmp_result);
216 }
runReadAllUsersPartial(string $dn)
Read all users partial by alphabet.
checkPaginationEnabled()
Check if pagination is enabled (rfc: 2696)
runReadAllUsersPaged(string $dn)
read all users with ldap paging

References $data, Vendor\Package\$e, checkPaginationEnabled(), ILIAS\Repository\logger(), readUserData(), runReadAllUsersPaged(), runReadAllUsersPartial(), and ILIAS\Repository\settings().

Referenced by fetchUsers().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ readUserData()

ilLDAPQuery::readUserData ( string  $a_name,
bool  $a_check_dn = false,
bool  $a_try_group_user_filter = false 
)
private

Read user data.

Parameters
bool$a_check_dncheck dn
bool$a_try_group_user_filteruse group filter

Definition at line 474 of file class.ilLDAPQuery.php.

474 : bool
475 {
476 $filter = $this->settings->getFilter();
477 if ($a_try_group_user_filter && $this->settings->isMembershipOptional()) {
478 $filter = $this->settings->getGroupUserFilter();
479 }
480
481 // Build filter
482 if ($a_check_dn && $this->settings->enabledGroupMemberIsDN()) {
483 $dn = $a_name;
484
485 $fields = array_merge($this->user_fields, array('useraccountcontrol'));
486 $res = $this->queryByScope(ilLDAPServer::LDAP_SCOPE_BASE, strtolower($dn), $filter, $fields);
487 } else {
488 $filter = sprintf(
489 '(&(%s=%s)%s)',
490 $this->settings->getUserAttribute(),
491 $a_name,
492 $filter
493 );
494
495 // Build search base
496 if (($dn = $this->settings->getSearchBase()) && substr($dn, -1) !== ',') {
497 $dn .= ',';
498 }
499 $dn .= $this->settings->getBaseDN();
500 $fields = array_merge($this->user_fields, array('useraccountcontrol'));
501 $res = $this->queryByScope($this->settings->getUserScope(), strtolower($dn), $filter, $fields);
502 }
503
504
505 $tmp_result = new ilLDAPResult($this->lh, $res);
506 $tmp_result->run();
507 if (!$tmp_result->numRows()) {
508 $this->logger->info('LDAP: No user data found for: ' . $a_name);
509 unset($tmp_result);
510 return false;
511 }
512
513 if ($user_data = $tmp_result->get()) {
514 if (isset($user_data['useraccountcontrol']) && ($user_data['useraccountcontrol'] & 0x02)) {
515 $this->logger->notice('LDAP: ' . $a_name . ' account disabled.');
516 return false;
517 }
518
519 $account = $user_data[strtolower($this->settings->getUserAttribute())] ?? '';
520 if (is_array($account)) {
521 $account = array_shift($account) ?? '';
522 }
523
524 $user_ext = strtolower((string) $account);
525 if ($user_ext === '') {
526 $this->logger->notice('LDAP: Could not find user attribute ' . $this->settings->getUserAttribute() . '.');
527 return false;
528 }
529
530 // auth mode depends on ldap server settings
531 $auth_mode = $this->settings->getAuthenticationMappingKey();
532 $user_data['ilInternalAccount'] = ilObjUser::_checkExternalAuthAccount($auth_mode, $user_ext);
533 $this->users[$user_ext] = $user_data;
534 }
535 return true;
536 }
static _checkExternalAuthAccount(string $a_auth, string $a_account, bool $tryFallback=true)
check whether external account and authentication method matches with a user

References $res, ilObjUser\_checkExternalAuthAccount(), ilLDAPServer\LDAP_SCOPE_BASE, ILIAS\Repository\logger(), queryByScope(), and ILIAS\Repository\settings().

Referenced by checkGroupMembership(), fetchGroupMembers(), fetchUser(), and readAllUsers().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ runReadAllUsersPaged()

ilLDAPQuery::runReadAllUsersPaged ( string  $dn)
private

read all users with ldap paging

Exceptions
ilLDAPPagingException

Definition at line 223 of file class.ilLDAPQuery.php.

224 {
225 $filter = '(&' . $this->settings->getFilter();
226 $filter .= ('(' . $this->settings->getUserAttribute() . '=*))');
227 $this->logger->info('Searching with ldap search and filter ' . $filter . ' in ' . $dn);
228
229 $tmp_result = new ilLDAPResult($this->lh);
230 $cookie = '';
231 $estimated_results = 0;
232 do {
233 // Setup our paged results control.
234 $controls = [
235 LDAP_CONTROL_PAGEDRESULTS => [
236 'oid' => LDAP_CONTROL_PAGEDRESULTS,
237 'isCritical' => true,
238 'value' => [
239 'size' => self::PAGINATION_SIZE,
240 'cookie' => $cookie,
241 ],
242 ],
243 ];
244 $res = $this->queryByScope(
245 $this->settings->getUserScope(),
246 $dn,
247 $filter,
248 array($this->settings->getUserAttribute()),
249 $controls
250 );
251
252 $tmp_result->setResult($res);
253 $tmp_result->run();
254 try {
255 $errcode = 0;
256 $matcheddn = '';
257 $errmsg = '';
258 $referrals = [];
259 ldap_parse_result($this->lh, $res, $errcode, $matcheddn, $errmsg, $referrals, $controls);
260 $cookie = $controls[LDAP_CONTROL_PAGEDRESULTS]['value']['cookie'] ?? '';
261 $this->logger->debug('Estimated number of results: ' . $estimated_results);
262 } catch (Exception $e) {
263 $this->logger->warning('Result pagination failed with message: ' . $e->getMessage());
264 throw new ilLDAPPagingException($e->getMessage());
265 }
266 } while (!empty($cookie));
267
268 // finally reset cookie
269 return $tmp_result;
270 }

References Vendor\Package\$e, $res, ILIAS\Repository\logger(), PAGINATION_SIZE, queryByScope(), and ILIAS\Repository\settings().

Referenced by readAllUsers().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ runReadAllUsersPartial()

ilLDAPQuery::runReadAllUsersPartial ( string  $dn)
private

Read all users partial by alphabet.

Parameters
string$dn
Returns
ilLDAPResult

Definition at line 277 of file class.ilLDAPQuery.php.

278 {
279 $filter = $this->settings->getFilter();
280 $page_filter = array('a', 'b', 'c', 'd', 'e', 'f', 'g', 'h', 'i', 'j', 'k', 'l', 'm', 'n', 'o', 'p', 'q', 'r', 's', 't', 'u', 'v', 'w', 'x', 'y', 'z', '-');
281 $chars = array('a', 'b', 'c', 'd', 'e', 'f', 'g', 'h', 'i', 'j', 'k', 'l', 'm', 'n', 'o', 'p', 'q', 'r', 's', 't', 'u', 'v', 'w', 'x', 'y', 'z');
282 $tmp_result = new ilLDAPResult($this->lh);
283
284 foreach ($page_filter as $letter) {
285 $new_filter = '(&';
286 $new_filter .= $filter;
287
288 if ($letter === '-') {
289 $new_filter .= ('(!(|');
290 foreach ($chars as $char) {
291 $new_filter .= ('(' . $this->settings->getUserAttribute() . '=' . $char . '*)');
292 }
293 $new_filter .= ')))';
294 } else {
295 $new_filter .= ('(' . $this->settings->getUserAttribute() . '=' . $letter . '*))');
296 }
297
298 $this->logger->info('Searching with ldap search and filter ' . $new_filter . ' in ' . $dn);
299 $res = $this->queryByScope(
300 $this->settings->getUserScope(),
301 $dn,
302 $new_filter,
303 array($this->settings->getUserAttribute())
304 );
305 $tmp_result->setResult($res);
306 $tmp_result->run();
307 }
308
309 return $tmp_result;
310 }

References $res, ILIAS\Repository\logger(), queryByScope(), and ILIAS\Repository\settings().

Referenced by readAllUsers().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

Field Documentation

◆ $ldap_server_url

string ilLDAPQuery::$ldap_server_url
private

Definition at line 35 of file class.ilLDAPQuery.php.

◆ $lh

ilLDAPQuery::$lh = false
private

Definition at line 48 of file class.ilLDAPQuery.php.

◆ $logger

ilLogger ilLDAPQuery::$logger
private

Definition at line 38 of file class.ilLDAPQuery.php.

◆ $mapping

ilLDAPAttributeMapping ilLDAPQuery::$mapping
private

Definition at line 40 of file class.ilLDAPQuery.php.

◆ $settings

ilLDAPServer ilLDAPQuery::$settings
private

Definition at line 36 of file class.ilLDAPQuery.php.

Referenced by getServer().

◆ $user_fields

array ilLDAPQuery::$user_fields = []
private

Definition at line 42 of file class.ilLDAPQuery.php.

◆ $users

array ilLDAPQuery::$users = []
private

Definition at line 43 of file class.ilLDAPQuery.php.

Referenced by fetchUser(), and fetchUsers().

◆ IL_LDAP_SUPPORTED_CONTROL

const ilLDAPQuery::IL_LDAP_SUPPORTED_CONTROL = 'supportedControl'
private

Definition at line 32 of file class.ilLDAPQuery.php.

◆ LDAP_BIND_ADMIN

const ilLDAPQuery::LDAP_BIND_ADMIN = 1

Definition at line 28 of file class.ilLDAPQuery.php.

Referenced by bind(), and ilLDAPRoleGroupMapping\getLDAPQueryInstance().

◆ LDAP_BIND_AUTH

const ilLDAPQuery::LDAP_BIND_AUTH = 10

Definition at line 30 of file class.ilLDAPQuery.php.

Referenced by bind(), and ilAuthProviderLDAP\doAuthentication().

◆ LDAP_BIND_DEFAULT

const ilLDAPQuery::LDAP_BIND_DEFAULT = 0

◆ LDAP_BIND_TEST

const ilLDAPQuery::LDAP_BIND_TEST = 2

Definition at line 29 of file class.ilLDAPQuery.php.

Referenced by bind(), and ilLDAPServer\doConnectionCheck().

◆ PAGINATION_SIZE

const ilLDAPQuery::PAGINATION_SIZE = 100
private

Definition at line 33 of file class.ilLDAPQuery.php.

Referenced by runReadAllUsersPaged().


The documentation for this class was generated from the following file: