ILIAS  trunk Revision v11.0_alpha-3011-gc6b235a2e85
class.ilLDAPSettingsGUI.php
Go to the documentation of this file.
1<?php
2
19declare(strict_types=1);
20
21use ILIAS\Data\Factory;
22use ILIAS\UI\Component\Table\Table;
23use ILIAS\User\Profile\Profile;
24
25class ilLDAPSettingsGUI implements ilCtrlSecurityInterface
26{
27 private int $ref_id;
28 private ilLDAPServer $server;
29 private ilLDAPAttributeMapping $mapping;
30 private ?ilPropertyFormGUI $form_gui = null;
31 private ?ilPropertyFormGUI $form = null;
32
33 private ilCtrl $ctrl;
34 private ilTabsGUI $tabs_gui;
35 private ilLanguage $lng;
36 private ilGlobalTemplateInterface $tpl;
37 private ilErrorHandling $ilErr;
38 private ilAccessHandler $ilAccess;
39 private ilRbacReview $rbacReview;
40 private ilRbacSystem $rbacSystem;
41 private ilToolbarGUI $toolbar;
42 private ilGlobalTemplateInterface $main_tpl;
43 private ilComponentRepository $component_repository;
47 private ?array $user_defined_fields = null;
48 private ?ilLDAPRoleAssignmentRule $role_mapping_rule = null;
49 private ?ilLDAPRoleAssignmentRule $rule = null;
50 private ?ilLDAPRoleGroupMappingSettings $role_mapping = null;
52 private ?array $rule_ids = null;
53 private ?int $rule_id = null;
54 private ?int $role_id = null;
56 private ?array $mappings = null;
57 private ?string $mapping_template = null;
58 private ?int $ldap_server_id = null;
60 private ?array $server_ids = null;
61 private ?int $mapping_id = null;
62 private ?string $role_bind_user = null;
63 private ?string $role_bind_pass = null;
64 private bool $role_sync_active = false;
65 private array $attribute_mappings = [];
66 private readonly \ILIAS\UI\Factory $ui_factory;
67 private readonly \ILIAS\UI\Renderer $ui_renderer;
68 private readonly \ILIAS\HTTP\GlobalHttpState $http;
69 private readonly \ILIAS\Refinery\Factory $refinery;
70 private readonly ilObjectDataCache $object_data_cache;
71 private readonly Profile $profile;
72
73 public function __construct(int $a_auth_ref_id)
74 {
75 global $DIC;
76
77 $this->ctrl = $DIC->ctrl();
78 $this->tabs_gui = $DIC->tabs();
79 $this->lng = $DIC->language();
80 $this->lng->loadLanguageModule('ldap');
81 $this->lng->loadLanguageModule('ui');
82 $this->ilErr = $DIC['ilErr'];
83 $this->ilAccess = $DIC->access();
84 $this->component_repository = $DIC['component.repository'];
85 $this->rbacReview = $DIC->rbac()->review();
86 $this->rbacSystem = $DIC->rbac()->system();
87 $this->toolbar = $DIC->toolbar();
88 $this->main_tpl = $DIC->ui()->mainTemplate();
89 $this->http = $DIC->http();
90 $this->ui_factory = $DIC->ui()->factory();
91 $this->ui_renderer = $DIC->ui()->renderer();
92 $this->refinery = $DIC->refinery();
93 $this->object_data_cache = $DIC['ilObjDataCache'];
94 $this->profile = $DIC['user']->getProfile();
95
96 $this->tpl = $DIC->ui()->mainTemplate();
97
98 $http_wrapper = $DIC->http()->wrapper();
99 $is_post_request = $DIC->http()->request()->getMethod() === 'POST';
100 $refinery = $DIC->refinery();
101
102 if ($http_wrapper->query()->has('rule_id')) {
103 $this->rule_id = $http_wrapper->query()->retrieve(
104 'rule_id',
105 $refinery->kindlyTo()->int()
106 );
107 }
108 if ($http_wrapper->query()->has('ldap_server_id')) {
109 $this->ldap_server_id = $http_wrapper->query()->retrieve(
110 'ldap_server_id',
111 $refinery->kindlyTo()->int()
112 );
113 } elseif ($http_wrapper->query()->has('ldap_servers_server_id')) {
114 $this->ldap_server_id = $http_wrapper->query()->retrieve(
115 'ldap_servers_server_id',
116 $this->refinery->in()->series([
117 $refinery->kindlyTo()->listOf(
118 $refinery->kindlyTo()->int()
119 ),
120 $this->refinery->custom()->constraint(
121 fn($value): bool => count($value) === 1,
122 $this->lng->txt('select_one')
123 ),
124 $this->refinery->custom()->transformation(
125 fn($value): int => $value[0]
126 )
127 ])
128 );
129 }
130 $this->initServer();
131
132 if ($http_wrapper->query()->has('mapping_id')) {
133 $this->mapping_id = $http_wrapper->query()->retrieve(
134 'mapping_id',
135 $refinery->kindlyTo()->int()
136 );
137 }
138 if ($http_wrapper->query()->has('ldap_role_mapping_mapping_ids')) {
139 $this->mappings = $http_wrapper->query()->retrieve(
140 'ldap_role_mapping_mapping_ids',
141 $refinery->kindlyTo()->listOf($refinery->kindlyTo()->string())
142 );
143 if ($this->mappings === ['ALL_OBJECTS']) {
144 $mapping_instance = ilLDAPRoleGroupMappingSettings::_getInstanceByServerId($this->server->getServerId());
145 $this->mappings = array_map(static function (array $mapping): int {
146 return $mapping['mapping_id'];
147 }, $mapping_instance->getMappings());
148 }
149 $this->mappings = $this->refinery->kindlyTo()->listOf($this->refinery->kindlyTo()->int())->transform($this->mappings);
150 if (count($this->mappings) === 1) {
151 $this->mapping_id = current($this->mappings);
152 }
153 }
154 if ($http_wrapper->query()->has('ldap_role_assignment_rule_ids')) {
155 $this->rule_ids = $http_wrapper->query()->retrieve(
156 'ldap_role_assignment_rule_ids',
157 $refinery->kindlyTo()->listOf($refinery->kindlyTo()->string())
158 );
159 if ($this->rule_ids === ['ALL_OBJECTS']) {
160 $rule_objs = ilLDAPRoleAssignmentRule::_getRules($this->server->getServerId());
161 $this->rule_ids = array_map(static function (ilLDAPRoleAssignmentRule $rule): int {
162 return $rule->getRuleId();
163 }, $rule_objs);
164 }
165 $this->rule_ids = $this->refinery->kindlyTo()->listOf($this->refinery->kindlyTo()->int())->transform($this->rule_ids);
166 if (count($this->rule_ids) === 1) {
167 $this->rule_id = current($this->rule_ids);
168 }
169 }
170 if ($is_post_request) {
171 if ($http_wrapper->post()->has('rule_ids')) {
172 $this->rule_ids = $http_wrapper->post()->retrieve(
173 'rule_ids',
174 $refinery->kindlyTo()->listOf($refinery->kindlyTo()->int())
175 );
176 }
177 if ($http_wrapper->post()->has('role_id')) {
178 $this->role_id = $http_wrapper->post()->retrieve(
179 'role_id',
180 $refinery->kindlyTo()->int()
181 );
182 }
183 if ($http_wrapper->post()->has('rule_id')) {
184 $this->rule_id = $http_wrapper->post()->retrieve(
185 'rule_id',
186 $refinery->kindlyTo()->int()
187 );
188 }
189 if ($http_wrapper->post()->has('mappings')) {
190 $this->mappings = $http_wrapper->post()->retrieve(
191 'mappings',
192 $refinery->kindlyTo()->listOf($refinery->kindlyTo()->int())
193 );
194 }
195 if ($http_wrapper->post()->has('server_ids')) {
196 $this->server_ids = $http_wrapper->post()->retrieve(
197 'server_ids',
198 $refinery->kindlyTo()->listOf($refinery->kindlyTo()->int())
199 );
200 }
201 if ($http_wrapper->post()->has('mapping_template')) {
202 $this->mapping_template = $http_wrapper->post()->retrieve(
203 'mapping_template',
204 $refinery->kindlyTo()->string()
205 );
206 }
207 if ($http_wrapper->post()->has('role_bind_user')) {
208 $this->role_bind_user = ilUtil::stripSlashes($http_wrapper->post()->retrieve(
209 'role_bind_user',
210 $refinery->kindlyTo()->string()
211 ));
212 }
213 if ($http_wrapper->post()->has('role_bind_pass')) {
214 $this->role_bind_pass = ilUtil::stripSlashes($http_wrapper->post()->retrieve(
215 'role_bind_pass',
216 $refinery->kindlyTo()->string()
217 ));
218 }
219 if ($http_wrapper->post()->has('role_sync_active')) {
220 $this->role_sync_active = $http_wrapper->post()->retrieve(
221 'role_sync_active',
222 $refinery->kindlyTo()->bool()
223 );
224 }
225 foreach ($this->getAttributeMappingKeys() as $key) {
226 if ($http_wrapper->post()->has($key . '_value')) {
227 $this->attribute_mappings[$key] = [ilUtil::stripSlashes($http_wrapper->post()->retrieve(
228 $key . '_value',
229 $refinery->kindlyTo()->string()
230 )), $http_wrapper->post()->has($key . '_update')];
231 } else {
232 $this->attribute_mappings[$key] = ['', false];
233 }
234 }
235 }
236
237 $this->ref_id = $a_auth_ref_id;
238
239 if ($this->ctrl->getCmd() !== 'addServerSettings') {
240 $this->ctrl->setParameter($this, 'ldap_server_id', $this->ldap_server_id);
241 }
242 }
243
244 public function executeCommand(): bool
245 {
246 $cmd = $this->ctrl->getCmd();
247
248 if ($cmd === null || $cmd === '' || !method_exists($this, $cmd . 'Cmd')) {
249 $cmd = 'serverList';
250 }
251
252 if ($cmd !== 'serverList' && !$this->rbacSystem->checkAccess('visible,read', $this->ref_id)) {
253 $this->main_tpl->setOnScreenMessage('failure', $this->lng->txt('msg_no_perm_write'), true);
254 $this->ctrl->redirect($this, 'serverList');
255 }
256
257 $verified_command = $cmd . 'Cmd';
258 $this->$verified_command();
259
260 return true;
261 }
262
263 private function checkAccess(string $permission): void
264 {
265 if (!$this->ilAccess->checkAccess($permission, '', $this->ref_id)) {
266 $this->ilErr->raiseError($this->lng->txt('msg_no_perm_read'), $this->ilErr->WARNING);
267 }
268 }
269
273 private function getAttributeMappingKeys(): array
274 {
275 $keys = [];
276 foreach (array_keys($this->getMappingFields()) as $key) {
277 $keys[] = $key;
278 }
279 foreach ($this->user_defined_fields as $field) {
280 $keys[] = 'udf_' . $field->getIdentifier();
281 }
282
283 return $keys;
284 }
285
286
287 private function getServer(): ilLDAPServer
288 {
289 return $this->server;
290 }
291
292 private function roleAssignmentsCmd(): void
293 {
294 $this->setSubTabs();
295 $this->tabs_gui->activateTab('role_assignments');
296
297 $this->tpl->addBlockFile('ADM_CONTENT', 'adm_content', 'tpl.ldap_role_assignments.html', 'components/ILIAS/LDAP');
298
299 $this->initFormRoleAssignments('create');
300 $this->role_mapping_rule = ilLDAPRoleAssignmentRule::_getInstanceByRuleId(0);
301 $this->tpl->setVariable('NEW_ASSIGNMENT_TBL', $this->form->getHTML());
302
303 $rules = ilLDAPRoleAssignmentRule::_getRules($this->server->getServerId());
304 if ($rules !== []) {
305 $this->tpl->setVariable('RULES_TBL', $this->ui_renderer->render($this->getRoleAssignmentTable()));
306 }
307 }
308
309 private function editRoleAssignment(): void
310 {
311 if (!$this->rule_id) {
312 $this->main_tpl->setOnScreenMessage('failure', $this->lng->txt('select_one'));
313 $this->roleAssignmentsCmd();
314 return;
315 }
316
317 $this->setSubTabs();
318 $this->tabs_gui->activateTab('role_assignments');
319
320 $this->ctrl->setParameter($this, 'rule_id', $this->rule_id);
321 $this->initFormRoleAssignments(
322 'edit'
323 );
324 $this->role_mapping_rule = ilLDAPRoleAssignmentRule::_getInstanceByRuleId($this->rule_id);
325 $this->setValuesByArray();
326 $this->tpl->setContent($this->form->getHTML());
327 }
328
329 private function setValuesByArray(): void
330 {
331 $role_id = $this->role_mapping_rule->getRoleId();
332 if ($this->rbacReview->isGlobalRole($role_id)) {
333 $val['role_name'] = 0;
334 $val['role_id'] = $role_id;
335 } else {
336 $val['role_name'] = 1;
337 $val['role_search'] = ilObject::_lookupTitle($role_id);
338 }
339 $val['add_missing'] = (int) $this->role_mapping_rule->isAddOnUpdateEnabled();
340 $val['remove_deprecated'] = (int) $this->role_mapping_rule->isRemoveOnUpdateEnabled();
341 $val['type'] = $this->role_mapping_rule->getType();
342 $val['dn'] = $this->role_mapping_rule->getDN();
343 $val['at'] = $this->role_mapping_rule->getMemberAttribute();
344 $val['isdn'] = $this->role_mapping_rule->isMemberAttributeDN();
345 $val['name'] = $this->role_mapping_rule->getAttributeName();
346 $val['value'] = $this->role_mapping_rule->getAttributeValue();
347 $val['plugin_id'] = $this->role_mapping_rule->getPluginId();
348
349 $this->form->setValuesByArray($val);
350 }
351
352 private function updateRoleAssignmentCmd(): void
353 {
354 if (!$this->ilAccess->checkAccess('write', '', $this->ref_id)) {
355 $this->main_tpl->setOnScreenMessage('failure', $this->lng->txt('permission_denied'), true);
356 $this->roleAssignmentsCmd();
357 return;
358 }
359
360 $this->initFormRoleAssignments('edit');
361
362 $formWithoutErrors = $this->form->checkInput();
363 $roleErrorMessage = $this->checkRoleAssignmentInput($this->rule_id);
364 if (!$formWithoutErrors || $roleErrorMessage !== '') {
365 if ($roleErrorMessage !== '') {
366 $this->main_tpl->setOnScreenMessage('failure', $this->lng->txt($roleErrorMessage));
367 }
368
369 $this->tpl->addBlockFile('ADM_CONTENT', 'adm_content', 'tpl.ldap_role_assignments.html', 'components/ILIAS/LDAP');
370
371 $this->form->setValuesByPost();
372 $this->tpl->setVariable('NEW_ASSIGNMENT_TBL', $this->form->getHTML());
373 $this->tabs_gui->activateSubTab('role_assignments');
374 return;
375 }
376
377 if ($this->roleSelectionRequired()) {
378 $this->ctrl->redirect($this, 'showRoleSelection');
379 } else {
380 $this->rule->update();
381
382 $this->main_tpl->setOnScreenMessage('success', $this->lng->txt('settings_saved'), true);
383 $this->ctrl->redirect($this, 'roleAssignments');
384 }
385 }
386
387 private function confirmDeleteRules(): void
388 {
389 $this->checkAccess('write');
390
391 if (!$this->rule_ids) {
392 $this->main_tpl->setOnScreenMessage('failure', $this->lng->txt('select_one'));
393 $this->roleAssignmentsCmd();
394 return;
395 }
396
397 $this->setSubTabs();
398 $this->tabs_gui->activateTab('role_assignments');
399
400 $c_gui = new ilConfirmationGUI();
401 $c_gui->setFormAction($this->ctrl->getFormAction($this, 'deleteRules'));
402 $c_gui->setHeaderText($this->lng->txt('ldap_confirm_del_role_ass'));
403 $c_gui->setCancel($this->lng->txt('cancel'), 'roleAssignments');
404 $c_gui->setConfirm($this->lng->txt('confirm'), 'deleteRules');
405 foreach ($this->rule_ids as $rule_id) {
406 $rule = ilLDAPRoleAssignmentRule::_getInstanceByRuleId($rule_id);
407 $c_gui->addItem('rule_ids[]', (string) $rule_id, $rule->conditionToString());
408 }
409
410 $this->tpl->setContent($c_gui->getHTML());
411 }
412
413 private function deleteRulesCmd(): void
414 {
415 if (!$this->rule_ids) {
416 $this->main_tpl->setOnScreenMessage('failure', $this->lng->txt('select_once'));
417 $this->roleAssignmentsCmd();
418 return;
419 }
420
421 foreach ($this->rule_ids as $rule_id) {
422 $rule = ilLDAPRoleAssignmentRule::_getInstanceByRuleId($rule_id);
423 $rule->delete();
424 }
425
426 $this->main_tpl->setOnScreenMessage('success', $this->lng->txt('ldap_deleted_rule'), true);
427 $this->ctrl->redirect($this, 'roleAssignments');
428 }
429
430 private function addRoleAssignmentCmd(): void
431 {
432 if (!$this->ilAccess->checkAccess('write', '', $this->ref_id)) {
433 $this->main_tpl->setOnScreenMessage('failure', $this->lng->txt('permission_denied'));
434 $this->roleAssignmentsCmd();
435 return;
436 }
437
438 $this->setSubTabs();
439 $this->initFormRoleAssignments('create');
440
441 $formWithoutErrors = $this->form->checkInput();
442 $roleErrorMessage = $this->checkRoleAssignmentInput();
443 if (!$formWithoutErrors || $roleErrorMessage !== '') {
444 if ($roleErrorMessage !== '') {
445 $this->main_tpl->setOnScreenMessage('failure', $this->lng->txt($roleErrorMessage));
446 }
447
448 $this->tpl->addBlockFile('ADM_CONTENT', 'adm_content', 'tpl.ldap_role_assignments.html', 'components/ILIAS/LDAP');
449
450 $this->form->setValuesByPost();
451 $this->tpl->setVariable('NEW_ASSIGNMENT_TBL', $this->form->getHTML());
452 $this->tpl->setVariable('RULES_TBL', $this->ui_renderer->render($this->getRoleAssignmentTable()));
453 $this->tabs_gui->activateSubTab('role_assignments');
454 return;
455 }
456
457 if ($this->roleSelectionRequired()) {
458 $this->ctrl->redirect($this, 'showRoleSelection');
459 } else {
460 $this->rule->create();
461
462 $this->main_tpl->setOnScreenMessage('success', $this->lng->txt('settings_saved'), true);
463 $this->ctrl->redirect($this, 'roleAssignments');
464 }
465 }
466
467 private function roleSelectionRequired(): bool
468 {
469 if ($this->rule->getRoleId() > 0) {
470 return false;
471 }
472
473 $rule = [];
474 $rule['server_id'] = $this->getServer()->getServerId();
475 $rule['rule_id'] = $this->rule_id ?: 0;
476 $rule['role_search'] = $this->form->getInput('role_search');
477 $rule['add_on_update'] = $this->form->getInput('add_missing');
478 $rule['remove_on_update'] = $this->form->getInput('remove_deprecated');
479 $rule['type'] = $this->form->getInput('type');
480 $rule['dn'] = $this->form->getInput('dn');
481 $rule['at'] = $this->form->getInput('at');
482 $rule['isdn'] = $this->form->getInput('isdn');
483 $rule['name'] = $this->form->getInput('name');
484 $rule['value'] = $this->form->getInput('value');
485 $rule['plugin'] = $this->form->getInput('plugin_id');
486 ilSession::set('ldap_role_ass', serialize($rule));
487 $this->ctrl->saveParameter($this, 'rule_id');
488
489 return true;
490 }
491
492 private function showRoleSelectionCmd(): void
493 {
494 $this->setSubTabs();
495 $this->tabs_gui->activateTab('role_assignments');
496 $this->ctrl->saveParameter($this, 'rule_id');
497
498 $parser = new ilQueryParser(unserialize(ilSession::get('ldap_role_ass'), ['allowed_classes' => false])['role_search']);
499 $parser->setMinWordLength(1);
500 $parser->setCombination(ilQueryParser::QP_COMBINATION_AND);
501 $parser->parse();
502
503 $object_search = new ilLikeObjectSearch($parser);
504 $object_search->setFilter(['role']);
505 $res = $object_search->performSearch();
506
507 $entries = $res->getEntries();
508
509 $table = new ilRoleSelectionTableGUI($this, 'showRoleSelection');
510 $table->setTitle($this->lng->txt('ldap_role_selection'));
511 $table->addMultiCommand('saveRoleSelection', $this->lng->txt('ldap_choose_role'));
512 $table->parse($entries);
513
514 $this->tpl->setContent($table->getHTML());
515 }
516
517 private function saveRoleSelectionCmd(): void
518 {
519 if (!$this->ilAccess->checkAccess('write', '', $this->ref_id)) {
520 $this->main_tpl->setOnScreenMessage('failure', $this->lng->txt('permission_denied'), true);
521 $this->roleAssignmentsCmd();
522 return;
523 }
524
525 if (!$this->role_id) {
526 $this->main_tpl->setOnScreenMessage('failure', $this->lng->txt('select_one'));
527 $this->showRoleSelectionCmd();
528 return;
529 }
530
531 $this->loadRoleAssignmentRule($this->rule_id ?? 0, false);
532 $this->rule->setRoleId($this->role_id);
533
534 if ($this->rule_id) {
535 $this->rule->update();
536 } else {
537 $this->rule->create();
538 }
539
540 $this->main_tpl->setOnScreenMessage('success', $this->lng->txt('settings_saved'), true);
541 $this->ctrl->setParameter($this, 'rule_id', null);
542 $this->ctrl->redirect($this, 'roleAssignments');
543 }
544
545 private function checkRoleAssignmentInput(int $a_rule_id = 0): string
546 {
547 $this->loadRoleAssignmentRule($a_rule_id);
548 $this->rule->validate();
549
550 return $this->ilErr->getMessage();
551 }
552
553 private function getRoleAssignmentTable(): ?Table
554 {
555 $rules = ilLDAPRoleAssignmentRule::_getRules($this->server->getServerId());
556 if ($rules !== []) {
557 return (new LDAPRoleAssignmentTable(
558 $this->http->request(),
559 $this->lng,
560 $this->ui_factory,
561 (new Factory())
562 ->uri(
563 ilUtil::_getHttpPath() . '/' . $this->ctrl->getLinkTarget($this, 'handleRoleAssignmentTableActions')
564 ),
565 $this->server->getServerId(),
566 ))->getComponent();
567 }
568
569 return null;
570 }
571
572 private function loadRoleAssignmentRule(int $a_rule_id, bool $load_from_form = true): void
573 {
574 if (is_object($this->rule)) {
575 return;
576 }
577
578 $this->rule = ilLDAPRoleAssignmentRule::_getInstanceByRuleId($a_rule_id);
579
580 if ($load_from_form) {
581 if ($this->form->getInput('role_name') === '0') {
582 $this->rule->setRoleId((int) $this->form->getInput('role_id'));
583 } elseif ($this->form->getInput('role_search')) {
584 $parser = new ilQueryParser('"' . $this->form->getInput('role_search') . '"');
585
586 // TODO: Handle minWordLength
587 $parser->setMinWordLength(1);
588 $parser->setCombination(ilQueryParser::QP_COMBINATION_AND);
589 $parser->parse();
590
591 $object_search = new ilLikeObjectSearch($parser);
592 $object_search->setFilter(['role']);
593 $res = $object_search->performSearch();
594
595 $entries = $res->getEntries();
596 if (count($entries) === 1) {
597 $role = current($entries);
598 $this->rule->setRoleId($role['obj_id']);
599 } elseif (count($entries) > 1) {
600 $this->rule->setRoleId(-1);
601 }
602 }
603
604 $this->rule->setAttributeName($this->form->getInput('name'));
605 $this->rule->setAttributeValue($this->form->getInput('value'));
606 $this->rule->setDN($this->form->getInput('dn'));
607 $this->rule->setMemberAttribute($this->form->getInput('at'));
608 $this->rule->setMemberIsDN((bool) $this->form->getInput('isdn'));
609 $this->rule->enableAddOnUpdate((bool) $this->form->getInput('add_missing'));
610 $this->rule->enableRemoveOnUpdate((bool) $this->form->getInput('remove_deprecated'));
611 $this->rule->setPluginId((int) $this->form->getInput('plugin_id'));
612 $this->rule->setType((int) $this->form->getInput('type'));
613 $this->rule->setServerId($this->getServer()->getServerId());
614 return;
615 }
616
617 $this->rule->setServerId($this->getServer()->getServerId());
618 $rule = unserialize(ilSession::get('ldap_role_ass'), ['allowed_classes' => false]);
619
620 $this->rule->enableAddOnUpdate((bool) ($rule['add_on_update'] ?? false));
621 $this->rule->enableRemoveOnUpdate((bool) ($rule['remove_on_update'] ?? false));
622 $this->rule->setType((int) ilUtil::stripSlashes(
623 $rule['type'] ?? (string) ilLDAPRoleAssignmentRule::TYPE_ATTRIBUTE
624 ));
625 $this->rule->setDN(ilUtil::stripSlashes($rule['dn'] ?? ''));
626 $this->rule->setMemberAttribute(ilUtil::stripSlashes($rule['at'] ?? ''));
627 $this->rule->setMemberIsDN((bool) (ilUtil::stripSlashes($rule['isdn'] ?? false)));
628 $this->rule->setAttributeName(ilUtil::stripSlashes($rule['name'] ?? ''));
629 $this->rule->setAttributeValue(ilUtil::stripSlashes($rule['value'] ?? ''));
630 $this->rule->setPluginId((int) ilUtil::stripSlashes((string) ($rule['plugin'] ?? '0')));
631 }
632
633 private function deleteRoleMappingCmd(): void
634 {
635 if (!$this->mappings) {
636 $this->main_tpl->setOnScreenMessage('failure', $this->lng->txt('select_one'));
637 $this->roleMappingCmd();
638 return;
639 }
640
641 $this->initRoleMapping();
642
643 foreach ($this->mappings as $mapping_id) {
644 $this->role_mapping->delete($mapping_id);
645 }
646 $this->main_tpl->setOnScreenMessage('success', $this->lng->txt('ldap_deleted_role_mapping'));
647 $this->roleMappingCmd();
648 }
649
650 private function chooseMappingCmd(): void
651 {
652 if (!$this->mapping_template) {
653 $this->userMappingCmd();
654 return;
655 }
656
657 $this->initAttributeMapping();
658 $this->mapping->clearRules();
659
660 foreach (ilLDAPAttributeMappingUtils::_getMappingRulesByClass($this->mapping_template) as $key => $value) {
661 $this->mapping->setRule($key, $value, false);
662 }
663 $this->userMappingCmd();
664 }
665
666 private function saveMappingCmd(): void
667 {
668 $this->initAttributeMapping();
669 $this->tabs_gui->activateTab('role_mapping');
670
671 foreach (array_keys($this->getMappingFields()) as $key) {
672 $this->mapping->setRule(
673 $key,
674 $this->attribute_mappings[$key][0],
675 $this->attribute_mappings[$key][1]
676 );
677 }
678 $this->initUserDefinedFields();
679 foreach ($this->user_defined_fields as $field) {
680 $key = 'udf_' . $field->getIdentifier();
681 $this->mapping->setRule(
682 $key,
683 $this->attribute_mappings[$key][0],
684 $this->attribute_mappings[$key][1]
685 );
686 }
687
688 $this->mapping->save();
689 $this->userMappingCmd();
690
691 $this->main_tpl->setOnScreenMessage('success', $this->lng->txt('settings_saved'));
692 }
693
694 private function getServerTableAction(): string
695 {
696 return $this->http->wrapper()->query()->retrieve(
697 'ldap_servers_table_action',
698 $this->refinery->byTrying([
699 $this->refinery->kindlyTo()->string(),
700 $this->refinery->always('')
701 ])
702 );
703 }
704
705 private function handleServerTableActionsCmd(): void
706 {
707 match ($this->getServerTableAction()) {
708 'editServerSettings' => $this->editServerSettingsCmd(),
709 'activateServer' => $this->activateServer(),
710 'deactivateServer' => $this->deactivateServer(),
711 'confirmDeleteServerSettings' => $this->confirmDeleteServerSettings(),
712 default => $this->ctrl->redirect($this, 'serverList')
713 };
714 }
715
716 private function getRoleAssigmentsTableAction(): string
717 {
718 return $this->http->wrapper()->query()->retrieve(
719 'ldap_role_assignment_table_action',
720 $this->refinery->byTrying([
721 $this->refinery->kindlyTo()->string(),
722 $this->refinery->always('')
723 ])
724 );
725 }
726
727 private function handleRoleAssignmentTableActionsCmd(): void
728 {
729 match ($this->getRoleAssigmentsTableAction()) {
730 'confirmDeleteRules' => $this->confirmDeleteRules(),
731 'editRoleAssignment' => $this->editRoleAssignment(),
732 default => $this->ctrl->redirect($this, 'serverList')
733 };
734 }
735
736 private function getRoleMappingsTableAction(): string
737 {
738 return $this->http->wrapper()->query()->retrieve(
739 'ldap_role_mapping_table_action',
740 $this->refinery->byTrying([
741 $this->refinery->kindlyTo()->string(),
742 $this->refinery->always('')
743 ])
744 );
745 }
746
747 private function handleRoleMappingTableActionsCmd(): void
748 {
749 match ($this->getRoleMappingsTableAction()) {
750 'confirmDeleteRoleMapping' => $this->confirmDeleteRoleMapping(),
751 'addRoleMapping' => $this->addRoleMappingCmd(),
752 'editRoleMapping' => $this->editRoleMapping(),
753 default => $this->ctrl->redirect($this, 'serverList'),
754 };
755 }
756
757 private function serverListCmd(): void
758 {
759 if (!$this->rbacSystem->checkAccess('visible,read', $this->ref_id)) {
760 $this->ilErr->raiseError($this->lng->txt('msg_no_perm_read'), $this->ilErr->WARNING);
761 }
762
763 if (!ilLDAPServer::checkLDAPLib() && $this->server->isActive()) {
764 $this->main_tpl->setOnScreenMessage('failure', 'Missing LDAP libraries. Please ensure that the PHP LDAP module is installed on your server.');
765 }
766
767 if ($this->rbacSystem->checkAccess('write', $this->ref_id)) {
768 $this->toolbar->addButton(
769 $this->lng->txt('add_ldap_server'),
770 $this->ctrl->getLinkTarget($this, 'addServerSettings')
771 );
772 }
773
774 $this->ctrl->setParameter($this, 'ldap_server_id', null);
775
776 $table = new \ILIAS\LDAP\Server\UI\ServerTable(
777 ilLDAPServer::_getAllServer(),
778 $this,
779 $this->ui_factory,
780 $this->ui_renderer,
781 $this->lng,
782 $this->ctrl,
783 $this->http->request(),
784 (new Factory())
785 ->uri(
786 ilUtil::_getHttpPath() . '/' . $this->ctrl->getLinkTarget($this, 'handleServerTableActions')
787 ),
788 $this->rbacSystem->checkAccess('write', $this->ref_id)
789 );
790
791 $this->tpl->setContent($this->ui_renderer->render($table->getComponent()));
792 }
793
794 private function setServerFormValues(): void
795 {
796 $this->form_gui->setValuesByArray([
797 'active' => $this->server->isActive(),
798 'ds' => !$this->server->isAuthenticationEnabled(),
799 'server_name' => $this->server->getName(),
800 'server_url' => $this->server->getUrlString(),
801 'version' => $this->server->getVersion(),
802 'base_dn' => $this->server->getBaseDN(),
803 'referrals' => $this->server->isActiveReferrer(),
804 'tls' => $this->server->isActiveTLS(),
805 'binding_type' => $this->server->getBindingType(),
806 'bind_dn' => $this->server->getBindUser(),
807 'bind_pass' => $this->server->getBindPassword(),
808 'bind_pass_retype' => $this->server->getBindPassword(),
809 'search_base' => $this->server->getSearchBase(),
810 'user_scope' => $this->server->getUserScope(),
811 'user_attribute' => $this->server->getUserAttribute(),
812 'filter' => $this->server->getFilter(),
813 'group_dn' => $this->server->getGroupDN(),
814 'group_scope' => $this->server->getGroupScope(),
815 'group_filter' => $this->server->getGroupFilter(),
816 'group_member' => $this->server->getGroupMember(),
817 'memberisdn' => $this->server->enabledGroupMemberIsDN(),
818 'group' => $this->server->getGroupName(),
819 'group_attribute' => $this->server->getGroupAttribute(),
820 'group_optional' => $this->server->isMembershipOptional(),
821 'group_user_filter' => $this->server->getGroupUserFilter(),
822 'sync_on_login' => $this->server->enabledSyncOnLogin(),
823 'sync_per_cron' => $this->server->enabledSyncPerCron(),
824 'global_role' => ilLDAPAttributeMapping::_lookupGlobalRole($this->server->getServerId()),
825 'migration' => (int) $this->server->isAccountMigrationEnabled(),
826 'name_filter' => $this->server->getUsernameFilter(),
827 'escape_dn' => $this->server->enabledEscapeDN()
828 ]);
829 }
830
831 private function initForm(): void
832 {
833 $this->form_gui = new ilPropertyFormGUI();
834 $this->form_gui->setFormAction($this->ctrl->getFormAction($this, 'save'));
835 $this->form_gui->setTitle($this->lng->txt('ldap_configure'));
836
837 $active = new ilCheckboxInputGUI($this->lng->txt('auth_ldap_enable'), 'active');
838 $active->setValue('1');
839 $this->form_gui->addItem($active);
840
841 $ds = new ilCheckboxInputGUI($this->lng->txt('ldap_as_ds'), 'ds');
842 $ds->setValue('1');
843 $ds->setInfo($this->lng->txt('ldap_as_ds_info'));
844 $this->form_gui->addItem($ds);
845
846 $servername = new ilTextInputGUI($this->lng->txt('ldap_server_name'), 'server_name');
847 $servername->setRequired(true);
848 $servername->setInfo($this->lng->txt('ldap_server_name_info'));
849 $servername->setSize(32);
850 $servername->setMaxLength(32);
851 $this->form_gui->addItem($servername);
852
853 $namefilter = new ilTextInputGUI($this->lng->txt('ldap_username_filter'), 'name_filter');
854 $namefilter->setInfo($this->lng->txt('ldap_username_filter_info'));
855 $namefilter->setSize(64);
856 $namefilter->setMaxLength(255);
857 $this->form_gui->addItem($namefilter);
858
859 $serverurl = new ilTextInputGUI($this->lng->txt('ldap_server'), 'server_url');
860 $serverurl->setRequired(true);
861 $serverurl->setInfo($this->lng->txt('ldap_server_url_info'));
862 $serverurl->setSize(64);
863 $serverurl->setMaxLength(255);
864 $this->form_gui->addItem($serverurl);
865
866 $version = new ilSelectInputGUI($this->lng->txt('ldap_version'), 'version');
867 $version->setOptions([2 => 2, 3 => 3]);
868 $version->setInfo($this->lng->txt('ldap_server_version_info'));
869 $this->form_gui->addItem($version);
870
871 $basedsn = new ilTextInputGUI($this->lng->txt('basedn'), 'base_dn');
872 $basedsn->setRequired(true);
873 $basedsn->setSize(64);
874 $basedsn->setMaxLength(255);
875 $this->form_gui->addItem($basedsn);
876
877 $referrals = new ilCheckboxInputGUI($this->lng->txt('ldap_referrals'), 'referrals');
878 $referrals->setValue('1');
879 $referrals->setInfo($this->lng->txt('ldap_referrals_info'));
880 $this->form_gui->addItem($referrals);
881
882 $section_security = new ilFormSectionHeaderGUI();
883 $section_security->setTitle($this->lng->txt('ldap_server_security_settings'));
884 $this->form_gui->addItem($section_security);
885
886 $tls = new ilCheckboxInputGUI($this->lng->txt('ldap_tls'), 'tls');
887 $tls->setValue('1');
888 $this->form_gui->addItem($tls);
889
890 $binding = new ilRadioGroupInputGUI($this->lng->txt('ldap_server_binding'), 'binding_type');
891 $anonymous = new ilRadioOption($this->lng->txt('ldap_bind_anonymous'), (string) ilLDAPServer::LDAP_BIND_ANONYMOUS);
892 $binding->addOption($anonymous);
893 $user = new ilRadioOption($this->lng->txt('ldap_bind_user'), (string) ilLDAPServer::LDAP_BIND_USER);
894 $dn = new ilTextInputGUI($this->lng->txt('ldap_server_bind_dn'), 'bind_dn');
895 $dn->setSize(64);
896 $dn->setMaxLength(255);
897 $user->addSubItem($dn);
898 $pass = new ilPasswordInputGUI($this->lng->txt('ldap_server_bind_pass'), 'bind_pass');
899 $pass->setSkipSyntaxCheck(true);
900 $pass->setSize(12);
901 $pass->setMaxLength(100);
902 $user->addSubItem($pass);
903 $binding->addOption($user);
904 $this->form_gui->addItem($binding);
905
906 $section_auth = new ilFormSectionHeaderGUI();
907 $section_auth->setTitle($this->lng->txt('ldap_authentication_settings'));
908 $this->form_gui->addItem($section_auth);
909
910 $search_base = new ilTextInputGUI($this->lng->txt('ldap_user_dn'), 'search_base');
911 $search_base->setInfo($this->lng->txt('ldap_search_base_info'));
912 $search_base->setSize(64);
913 $search_base->setMaxLength(255);
914 $this->form_gui->addItem($search_base);
915
916 $user_scope = new ilSelectInputGUI($this->lng->txt('ldap_user_scope'), 'user_scope');
917 $user_scope->setOptions([
918 ilLDAPServer::LDAP_SCOPE_ONE => $this->lng->txt('ldap_scope_one'),
919 ilLDAPServer::LDAP_SCOPE_SUB => $this->lng->txt('ldap_scope_sub')
920 ]);
921 $user_scope->setInfo($this->lng->txt('ldap_user_scope_info'));
922 $this->form_gui->addItem($user_scope);
923
924 $user_attribute = new ilTextInputGUI($this->lng->txt('ldap_user_attribute'), 'user_attribute');
925 $user_attribute->setSize(16);
926 $user_attribute->setMaxLength(64);
927 $user_attribute->setRequired(true);
928 $this->form_gui->addItem($user_attribute);
929
930 $filter = new ilTextInputGUI($this->lng->txt('ldap_search_filter'), 'filter');
931 $filter->setInfo($this->lng->txt('ldap_filter_info'));
932 $filter->setSize(64);
933 $filter->setMaxLength(512);
934 $this->form_gui->addItem($filter);
935
936 $section_restrictions = new ilFormSectionHeaderGUI();
937 $section_restrictions->setTitle($this->lng->txt('ldap_group_restrictions'));
938 $this->form_gui->addItem($section_restrictions);
939
940 $group_dn = new ilTextInputGUI($this->lng->txt('ldap_group_search_base'), 'group_dn');
941 $group_dn->setInfo($this->lng->txt('ldap_group_dn_info'));
942 $group_dn->setSize(64);
943 $group_dn->setMaxLength(255);
944 $this->form_gui->addItem($group_dn);
945
946 $group_scope = new ilSelectInputGUI($this->lng->txt('ldap_group_scope'), 'group_scope');
947 $group_scope->setOptions([
948 ilLDAPServer::LDAP_SCOPE_ONE => $this->lng->txt('ldap_scope_one'),
949 ilLDAPServer::LDAP_SCOPE_SUB => $this->lng->txt('ldap_scope_sub')
950 ]);
951 $group_scope->setInfo($this->lng->txt('ldap_group_scope_info'));
952 $this->form_gui->addItem($group_scope);
953
954 $group_filter = new ilTextInputGUI($this->lng->txt('ldap_group_filter'), 'group_filter');
955 $group_filter->setInfo($this->lng->txt('ldap_group_filter_info'));
956 $group_filter->setSize(64);
957 $group_filter->setMaxLength(255);
958 $this->form_gui->addItem($group_filter);
959
960 $group_member = new ilTextInputGUI($this->lng->txt('ldap_group_member'), 'group_member');
961 $group_member->setInfo($this->lng->txt('ldap_group_member_info'));
962 $group_member->setSize(32);
963 $group_member->setMaxLength(255);
964 $this->form_gui->addItem($group_member);
965
966 $group_member_isdn = new ilCheckboxInputGUI($this->lng->txt('ldap_memberisdn'), 'memberisdn');
967 $this->form_gui->addItem($group_member_isdn);
968
969 $escapedn = new ilCheckboxInputGUI($this->lng->txt('ldap_escapedn'), 'escape_dn');
970 $escapedn->setValue('1');
971 $escapedn->setInfo($this->lng->txt('ldap_escapedn_info'));
972 $this->form_gui->addItem($escapedn);
973
974 $group = new ilTextInputGUI($this->lng->txt('ldap_group_name'), 'group');
975 $group->setInfo($this->lng->txt('ldap_group_name_info'));
976 $group->setSize(32);
977 $group->setMaxLength(255);
978 $this->form_gui->addItem($group);
979
980 $group_atrr = new ilTextInputGUI($this->lng->txt('ldap_group_attribute'), 'group_attribute');
981 $group_atrr->setInfo($this->lng->txt('ldap_group_attribute_info'));
982 $group_atrr->setSize(16);
983 $group_atrr->setMaxLength(64);
984 $this->form_gui->addItem($group_atrr);
985
986 $group_optional = new ilCheckboxInputGUI($this->lng->txt('ldap_group_membership'), 'group_optional');
987 $group_optional->setOptionTitle($this->lng->txt('ldap_group_member_optional'));
988 $group_optional->setInfo($this->lng->txt('ldap_group_optional_info'));
989 $group_optional->setValue('1');
990 $group_user_filter = new ilTextInputGUI($this->lng->txt('ldap_group_user_filter'), 'group_user_filter');
991 $group_user_filter->setSize(64);
992 $group_user_filter->setMaxLength(255);
993 $group_optional->addSubItem($group_user_filter);
994 $this->form_gui->addItem($group_optional);
995
996 $section_sync = new ilFormSectionHeaderGUI();
997 $section_sync->setTitle($this->lng->txt('ldap_user_sync'));
998 $this->form_gui->addItem($section_sync);
999
1000 $ci_gui = new ilCustomInputGUI($this->lng->txt('ldap_moment_sync'));
1001 $sync_on_login = new ilCheckboxInputGUI($this->lng->txt('ldap_sync_login'), 'sync_on_login');
1002 $sync_on_login->setValue('1');
1003 $ci_gui->addSubItem($sync_on_login);
1004 $sync_per_cron = new ilCheckboxInputGUI($this->lng->txt('ldap_sync_cron'), 'sync_per_cron');
1005 $sync_per_cron->setValue('1');
1006 $ci_gui->addSubItem($sync_per_cron);
1007 $ci_gui->setInfo($this->lng->txt('ldap_user_sync_info'));
1008 $this->form_gui->addItem($ci_gui);
1009
1010 $global_role = new ilSelectInputGUI($this->lng->txt('ldap_global_role_assignment'), 'global_role');
1011 $global_role->setOptions($this->prepareGlobalRoleSelection());
1012 $global_role->setInfo($this->lng->txt('ldap_global_role_info'));
1013 $this->form_gui->addItem($global_role);
1014
1015 $migr = new ilCheckboxInputGUI($this->lng->txt('auth_ldap_migration'), 'migration');
1016 $migr->setInfo($this->lng->txt('auth_ldap_migration_info'));
1017 $migr->setValue('1');
1018 $this->form_gui->addItem($migr);
1019
1020 ilAdministrationSettingsFormHandler::addFieldsToForm(
1021 ilAdministrationSettingsFormHandler::FORM_LDAP,
1022 $this->form_gui,
1023 ilAdministrationSettingsFormHandler::getSettingsGUIInstance('auth')
1024 );
1025
1026 $this->form_gui->addCommandButton('save', $this->lng->txt('save'));
1027 if ($this->ctrl->getCmd() === 'addServerSettings') {
1028 $this->form_gui->addCommandButton('serverList', $this->lng->txt('cancel'));
1029 }
1030 }
1031
1032 private function saveCmd(): void
1033 {
1034 $this->setSubTabs();
1035 $this->tabs_gui->setTabActive('settings');
1036
1037 $this->initForm();
1038 if ($this->form_gui->checkInput()) {
1039 $this->server->toggleActive((bool) $this->form_gui->getInput('active'));
1040 $this->server->enableAuthentication(!(bool) $this->form_gui->getInput('ds'));
1041 $this->server->setName($this->form_gui->getInput('server_name'));
1042 $this->server->setUrl($this->form_gui->getInput('server_url'));
1043 $this->server->setVersion((int) $this->form_gui->getInput('version'));
1044 $this->server->setBaseDN($this->form_gui->getInput('base_dn'));
1045 $this->server->toggleReferrer((bool) $this->form_gui->getInput('referrals'));
1046 $this->server->toggleTLS((bool) $this->form_gui->getInput('tls'));
1047 $this->server->setBindingType((int) $this->form_gui->getInput('binding_type'));
1048 $this->server->setBindUser($this->form_gui->getInput('bind_dn'));
1049 $this->server->setBindPassword($this->form_gui->getInput('bind_pass'));
1050 $this->server->setSearchBase($this->form_gui->getInput('search_base'));
1051 $this->server->setUserScope((int) $this->form_gui->getInput('user_scope'));
1052 $this->server->setUserAttribute($this->form_gui->getInput('user_attribute'));
1053 $this->server->setFilter($this->form_gui->getInput('filter'));
1054 $this->server->setGroupDN($this->form_gui->getInput('group_dn'));
1055 $this->server->setGroupScope((int) $this->form_gui->getInput('group_scope'));
1056 $this->server->setGroupFilter($this->form_gui->getInput('group_filter'));
1057 $this->server->setGroupMember($this->form_gui->getInput('group_member'));
1058 $this->server->enableGroupMemberIsDN((bool) $this->form_gui->getInput('memberisdn'));
1059 $this->server->setGroupName($this->form_gui->getInput('group'));
1060 $this->server->setGroupAttribute($this->form_gui->getInput('group_attribute'));
1061 $this->server->setGroupUserFilter($this->form_gui->getInput('group_user_filter'));
1062 $this->server->toggleMembershipOptional((bool) $this->form_gui->getInput('group_optional'));
1063 $this->server->enableSyncOnLogin((bool) $this->form_gui->getInput('sync_on_login'));
1064 $this->server->enableSyncPerCron((bool) $this->form_gui->getInput('sync_per_cron'));
1065 $this->server->setGlobalRole((int) $this->form_gui->getInput('global_role'));
1066 $this->server->enableAccountMigration((bool) $this->form_gui->getInput('migration'));
1067 $this->server->setUsernameFilter($this->form_gui->getInput('name_filter'));
1068 $this->server->enableEscapeDN((bool) $this->form_gui->getInput('escape_dn'));
1069 if (!$this->server->validate()) {
1070 $this->main_tpl->setOnScreenMessage('failure', $this->ilErr->getMessage());
1071 $this->form_gui->setValuesByPost();
1072 $this->tpl->setContent($this->form_gui->getHTML());
1073 return;
1074 }
1075
1076 if ($this->server->getServerId()) {
1077 $this->server->update();
1078 } else {
1079 $this->server->create();
1080 }
1081
1082 $this->initAttributeMapping();
1083 $this->mapping->setRule('global_role', (string) $this->form_gui->getInput('global_role'), false);
1084 $this->mapping->save();
1085
1086 $this->main_tpl->setOnScreenMessage('success', $this->lng->txt('settings_saved'), true);
1087 $this->ctrl->setParameter($this, 'ldap_server_id', null);
1088 $this->ctrl->redirect($this, 'serverList');
1089 }
1090
1091 $this->form_gui->setValuesByPost();
1092 $this->tpl->setContent($this->form_gui->getHTML());
1093 }
1094
1095 private function backToServerListCmd(): never
1096 {
1097 $this->ctrl->setParameter($this, 'ldap_server_id', null);
1098 $this->ctrl->redirect($this, 'serverList');
1099 }
1100
1101 private function setSubTabs(): void
1102 {
1103 $this->tabs_gui->clearTargets();
1104
1105 $this->tabs_gui->setBackTarget(
1106 $this->lng->txt('back'),
1107 $this->ctrl->getLinkTarget($this, 'backToServerList')
1108 );
1109
1110 $this->tabs_gui->addTab(
1111 'settings',
1112 $this->lng->txt('ldap_settings'),
1113 $this->ctrl->getLinkTarget($this, 'editServerSettings')
1114 );
1115
1116 // Disable all other tabs, if server hasn't been configured.
1117 if (!count(ilLDAPServer::_getServerList())) {
1118 return;
1119 }
1120
1121 $this->tabs_gui->addTab(
1122 'user_mapping',
1123 $this->lng->txt('ldap_user_mapping'),
1124 $this->ctrl->getLinkTarget($this, 'userMapping')
1125 );
1126
1127 $this->tabs_gui->addTab(
1128 'role_assignments',
1129 $this->lng->txt('ldap_role_assignments'),
1130 $this->ctrl->getLinkTarget($this, 'roleAssignments')
1131 );
1132
1133 $this->tabs_gui->addTab(
1134 'role_mapping',
1135 $this->lng->txt('ldap_role_mapping'),
1136 $this->ctrl->getLinkTarget($this, 'roleMapping')
1137 );
1138 }
1139
1140 private function initServer(): void
1141 {
1142 $server_id = 0;
1143 if ($this->ldap_server_id) {
1144 $server_id = $this->ldap_server_id;
1145 }
1146
1147 $this->server = new ilLDAPServer($server_id);
1148 }
1149
1150 private function initAttributeMapping(): void
1151 {
1152 $this->mapping = ilLDAPAttributeMapping::_getInstanceByServerId($this->getServer()->getServerId());
1153 }
1154
1155 private function initRoleMapping(): void
1156 {
1157 $this->role_mapping = ilLDAPRoleGroupMappingSettings::_getInstanceByServerId($this->getServer()->getServerId());
1158 }
1159
1163 private function prepareGlobalRoleSelection(): array
1164 {
1165 $global_roles = ilUtil::_sortIds(
1166 $this->rbacReview->getGlobalRoles(),
1167 'object_data',
1168 'title',
1169 'obj_id'
1170 );
1171
1172 $select[0] = $this->lng->txt('links_select_one');
1173 foreach ($global_roles as $role_id) {
1174 $select[$role_id] = ilObject::_lookupTitle((int) $role_id);
1175 }
1176
1177 return $select;
1178 }
1179
1183 private function getMappingFields(): array
1184 {
1185 return [
1186 'gender' => $this->lng->txt('gender'),
1187 'firstname' => $this->lng->txt('firstname'),
1188 'lastname' => $this->lng->txt('lastname'),
1189 'title' => $this->lng->txt('person_title'),
1190 'institution' => $this->lng->txt('institution'),
1191 'department' => $this->lng->txt('department'),
1192 'street' => $this->lng->txt('street'),
1193 'city' => $this->lng->txt('city'),
1194 'zipcode' => $this->lng->txt('zipcode'),
1195 'country' => $this->lng->txt('country'),
1196 'phone_office' => $this->lng->txt('phone_office'),
1197 'phone_home' => $this->lng->txt('phone_home'),
1198 'phone_mobile' => $this->lng->txt('phone_mobile'),
1199 'fax' => $this->lng->txt('fax'),
1200 'email' => $this->lng->txt('email'),
1201 'second_email' => $this->lng->txt('second_email'),
1202 'hobby' => $this->lng->txt('hobby'),
1203 'matriculation' => $this->lng->txt('matriculation')
1204 ];
1205 }
1206
1207 private function initUserDefinedFields(): void
1208 {
1209 if ($this->user_defined_fields === null) {
1210 $this->user_defined_fields = $this->profile->getAllUserDefinedFields();
1211 }
1212 }
1213
1214 private function initFormRoleAssignments(string $a_mode): void
1215 {
1216 $this->form = new ilPropertyFormGUI();
1217 $this->form->setFormAction($this->ctrl->getFormAction($this));
1218
1219 switch ($a_mode) {
1220 case 'edit':
1221 $this->form->setTitle($this->lng->txt('ldap_edit_role_ass_rule'));
1222 $this->form->addCommandButton('updateRoleAssignment', $this->lng->txt('save'));
1223 break;
1224 case 'create':
1225 $this->form->setTitle($this->lng->txt('ldap_add_role_ass_rule'));
1226 $this->form->addCommandButton('addRoleAssignment', $this->lng->txt('ldap_btn_add_role_ass'));
1227 break;
1228 }
1229
1230 $role = new ilRadioGroupInputGUI($this->lng->txt('ldap_ilias_role'), 'role_name');
1231 $role->setInfo($this->lng->txt('ldap_role_name_info'));
1232 $role->setRequired(true);
1233 $this->form->addItem($role);
1234
1235 $global = new ilRadioOption($this->lng->txt('ldap_global_role'), '0');
1236 $role->addOption($global);
1237
1238 $role_select = new ilSelectInputGUI('', 'role_id');
1239 $role_select->setOptions($this->prepareGlobalRoleSelection());
1240 $global->addSubItem($role_select);
1241
1242 $local = new ilRadioOption($this->lng->txt('ldap_local_role'), '1');
1243 $role->addOption($local);
1244
1245 $role_search = new ilRoleAutoCompleteInputGUI('', 'role_search', $this, 'addRoleAutoCompleteObject');
1246 $role_search->setSize(40);
1247 $local->addSubItem($role_search);
1248
1249 $update = new ilNonEditableValueGUI($this->lng->txt('ldap_update_roles'), 'update_roles');
1250 $update->setValue($this->lng->txt('ldap_check_role_assignment'));
1251
1252 $add = new ilCheckboxInputGUI('', 'add_missing');
1253 $add->setOptionTitle($this->lng->txt('ldap_add_missing'));
1254 $update->addSubItem($add);
1255
1256 $remove = new ilCheckboxInputGUI('', 'remove_deprecated');
1257 $remove->setOptionTitle($this->lng->txt('ldap_remove_deprecated'));
1258 $update->addSubItem($remove);
1259
1260 $this->form->addItem($update);
1261
1262 $group = new ilRadioGroupInputGUI($this->lng->txt('ldap_assignment_type'), 'type');
1263 $group->setRequired(true);
1264
1265 $radio_group = new ilRadioOption($this->lng->txt('ldap_role_by_group'), (string) ilLDAPRoleAssignmentRule::TYPE_GROUP);
1266
1267 $dn = new ilTextInputGUI($this->lng->txt('ldap_group_dn'), 'dn');
1268 $dn->setSize(32);
1269 $dn->setMaxLength(512);
1270 $dn->setInfo($this->lng->txt('ldap_role_grp_dn_info'));
1271 $radio_group->addSubItem($dn);
1272 $at = new ilTextInputGUI($this->lng->txt('ldap_role_grp_at'), 'at');
1273 $at->setSize(16);
1274 $at->setMaxLength(128);
1275 $radio_group->addSubItem($at);
1276 $isdn = new ilCheckboxInputGUI($this->lng->txt('ldap_role_grp_isdn'), 'isdn');
1277 $isdn->setInfo($this->lng->txt('ldap_group_member_info'));
1278 $radio_group->addSubItem($isdn);
1279 $radio_group->setInfo($this->lng->txt('ldap_role_grp_info'));
1280
1281 $group->addOption($radio_group);
1282
1283 $radio_attribute = new ilRadioOption($this->lng->txt('ldap_role_by_attribute'), (string) ilLDAPRoleAssignmentRule::TYPE_ATTRIBUTE);
1284 $name = new ilTextInputGUI($this->lng->txt('ldap_role_at_name'), 'name');
1285 $name->setSize(32);
1286 $name->setMaxLength(128);
1287 $radio_attribute->addSubItem($name);
1288
1289 $val = new ilTextInputGUI($this->lng->txt('ldap_role_at_value'), 'value');
1290 $val->setSize(32);
1291 $val->setMaxLength(128);
1292 $radio_attribute->addSubItem($val);
1293 $radio_attribute->setInfo($this->lng->txt('ldap_role_at_info'));
1294
1295 $group->addOption($radio_attribute);
1296
1297 $pl_active = $this->component_repository->getPluginSlotById('ldaphk')->hasActivePlugins();
1298 $pl = new ilRadioOption($this->lng->txt('ldap_plugin'), '3');
1299
1300 $pl->setInfo($this->lng->txt('ldap_plugin_info'));
1301 $pl->setDisabled(!$pl_active);
1302
1303 $id = new ilNumberInputGUI($this->lng->txt('ldap_plugin_id'), 'plugin_id');
1304 $id->setDisabled(!$pl_active);
1305 $id->setSize(3);
1306 $id->setMaxLength(3);
1307 $id->setMaxValue(999);
1308 $id->setMinValue(1);
1309 $pl->addSubItem($id);
1310
1311 $group->addOption($pl);
1312 $this->form->addItem($group);
1313 }
1314
1315 private function addRoleAutoCompleteObjectCmd(): void
1316 {
1317 ilRoleAutoCompleteInputGUI::echoAutoCompleteList();
1318 }
1319
1320 private function userMappingToolbar(): void
1321 {
1322 $select_form = new ilSelectInputGUI('mapping_template');
1323 $select_form->setPostVar('mapping_template');
1324 $options = [
1325 '' => $this->lng->txt('ldap_mapping_template'),
1326 'inetOrgPerson' => 'inetOrgPerson',
1327 'organizationalPerson' => 'organizationalPerson',
1328 'person' => 'person',
1329 'ad_2003' => 'Active Directory (Win 2003)'
1330 ];
1331 $select_form->setOptions($options);
1332 $select_form->setValue($this->mapping_template);
1333
1334 $this->toolbar->addInputItem($select_form);
1335 $this->toolbar->addFormButton($this->lng->txt('show'), 'chooseMapping');
1336 $this->toolbar->setFormAction($this->ctrl->getFormAction($this, 'chooseMapping'));
1337 }
1338
1339 private function initUserMappingForm(): ilPropertyFormGUI
1340 {
1341 $propertie_form = new ilPropertyFormGUI();
1342 $propertie_form->setTitle($this->lng->txt('ldap_mapping_table'));
1343 $propertie_form->setFormAction($this->ctrl->getFormAction($this, 'saveMapping'));
1344 $propertie_form->addCommandButton('saveMapping', $this->lng->txt('save'));
1345
1346 foreach ($this->getMappingFields() as $mapping => $lang) {
1347 $text_form = new ilTextInputGUI($lang);
1348 $text_form->setPostVar($mapping . '_value');
1349 $text_form->setValue($this->mapping->getValue($mapping));
1350 $text_form->setSize(32);
1351 $text_form->setMaxLength(255);
1352 $propertie_form->addItem($text_form);
1353
1354 $checkbox_form = new ilCheckboxInputGUI('');
1355 $checkbox_form->setPostVar($mapping . '_update');
1356 $checkbox_form->setChecked($this->mapping->enabledUpdate($mapping));
1357 $checkbox_form->setOptionTitle($this->lng->txt('ldap_update_field_info'));
1358 $propertie_form->addItem($checkbox_form);
1359 }
1360
1361 $this->initUserDefinedFields();
1362 foreach ($this->user_defined_fields as $field) {
1363 $text_form = new ilTextInputGUI($field->getLabel());
1364 $text_form->setPostVar('udf_' . $field->getIdentifier() . '_value');
1365 $text_form->setValue($this->mapping->getValue('udf_' . $field->getIdentifier()));
1366 $text_form->setSize(32);
1367 $text_form->setMaxLength(255);
1368 $propertie_form->addItem($text_form);
1369
1370 $checkbox_form = new ilCheckboxInputGUI("");
1371 $checkbox_form->setPostVar('udf_' . $field->getIdentifier() . '_update');
1372 $checkbox_form->setChecked($this->mapping->enabledUpdate('udf_' . $field->getIdentifier()));
1373 $checkbox_form->setOptionTitle($this->lng->txt('ldap_update_field_info'));
1374 $propertie_form->addItem($checkbox_form);
1375 }
1376
1377 return $propertie_form;
1378 }
1379
1380 private function roleMappingCmd(): void
1381 {
1382 $this->setSubTabs();
1383 $this->tabs_gui->setTabActive('role_mapping');
1384 $this->toolbar->addButton(
1385 $this->lng->txt('ldap_new_role_assignment'),
1386 $this->ctrl->getLinkTarget($this, 'addRoleMapping')
1387 );
1388
1389 $propertie_form = new ilPropertyFormGUI();
1390 $propertie_form->setTitle($this->lng->txt('ldap_role_settings'));
1391 $propertie_form->setFormAction($this->ctrl->getFormAction($this, 'saveSyncronizationSettings'));
1392 $propertie_form->addCommandButton('saveSyncronizationSettings', $this->lng->txt('save'));
1393 $role_active = new ilCheckboxInputGUI($this->lng->txt('ldap_role_active'));
1394 $role_active->setPostVar('role_sync_active');
1395 $role_active->setChecked($this->server->enabledRoleSynchronization());
1396 $propertie_form->addItem($role_active);
1397 $binding = new ilCombinationInputGUI($this->lng->txt('ldap_server_binding'));
1398 $binding->setInfo($this->lng->txt('ldap_role_bind_user_info'));
1399 $user = new ilTextInputGUI('');
1400 $user->setPostVar('role_bind_user');
1401 $user->setValue($this->server->getRoleBindDN());
1402 $user->setSize(50);
1403 $user->setMaxLength(255);
1404 $binding->addCombinationItem('0', $user, $this->lng->txt('ldap_role_bind_user'));
1405
1406 $pass = new ilPasswordInputGUI('');
1407 $pass->setPostVar('role_bind_pass');
1408 $pass->setValue($this->server->getRoleBindPassword());
1409 $pass->setSize(12);
1410 $pass->setMaxLength(100);
1411 $pass->setRetype(false);
1412 $binding->addCombinationItem('1', $pass, $this->lng->txt('ldap_role_bind_pass'));
1413
1414 $propertie_form->addItem($binding);
1415
1416 $this->tpl->addBlockFile('ADM_CONTENT', 'adm_content', 'tpl.ldap_role_mappings.html', 'components/ILIAS/LDAP');
1417 $this->tpl->setVariable('NEW_ASSIGNMENT_TBL', $propertie_form->getHTML());
1418
1419 $this->tpl->setVariable(
1420 'RULES_TBL',
1421 $this->ui_renderer->render((new LDAPRoleMappingTable(
1422 $this->http->request(),
1423 $this->lng,
1424 $this->ui_factory,
1425 $this->server->getServerId(),
1426 $this->object_data_cache,
1427 $this->rbacReview,
1428 (new Factory())
1429 ->uri(ilUtil::_getHttpPath() . '/' . $this->ctrl->getLinkTarget($this, 'handleRoleMappingTableActions'))
1430 ))->getComponent())
1431 );
1432 }
1433
1434 private function editRoleMapping(): void
1435 {
1436 $mapping = new ilLDAPRoleGroupMappingSetting($this->mapping_id);
1437 $mapping->read();
1438
1439 $propertie_form = $this->initRoleMappingForm('updateRoleMapping');
1440 $propertie_form->setTitle($this->lng->txt('ldap_edit_role_assignment'));
1441 if ($propertie_form->getItemByPostVar('url')) {
1442 $propertie_form->getItemByPostVar('url')->setValue($mapping->getURL());
1443 }
1444 if ($propertie_form->getItemByPostVar('dn')) {
1445 $propertie_form->getItemByPostVar('dn')->setValue($mapping->getDN());
1446 }
1447 if ($propertie_form->getItemByPostVar('member')) {
1448 $propertie_form->getItemByPostVar('member')->setValue($mapping->getMemberAttribute());
1449 }
1450 if ($propertie_form->getItemByPostVar('memberisdn')) {
1451 $propertie_form->getItemByPostVar('memberisdn')->setChecked($mapping->getMemberISDN());
1452 }
1453 if ($propertie_form->getItemByPostVar('role')) {
1454 $propertie_form->getItemByPostVar('role')->setValue($mapping->getRoleName());
1455 }
1456 if ($propertie_form->getItemByPostVar('info')) {
1457 $propertie_form->getItemByPostVar('info')->setValue($mapping->getMappingInfo());
1458 }
1459 if ($propertie_form->getItemByPostVar('info_type')) {
1460 $propertie_form->getItemByPostVar('info_type')->setChecked($mapping->getMappingInfoType());
1461 }
1462
1463 $this->tpl->setContent($propertie_form->getHTML());
1464 }
1465
1466 private function createRoleMappingCmd(): void
1467 {
1468 $propertie_form = $this->initRoleMappingForm('createRoleMapping');
1469 if ($propertie_form->checkInput() && $this->rbacReview->roleExists($propertie_form->getInput('role'))) {
1470 $mapping = new ilLDAPRoleGroupMappingSetting(0);
1471 $mapping->setServerId($this->server->getServerId());
1472 $mapping->setURL($propertie_form->getInput('url'));
1473 $mapping->setDN($propertie_form->getInput('dn'));
1474 $mapping->setMemberAttribute($propertie_form->getInput('member'));
1475 $mapping->setMemberISDN((bool) $propertie_form->getInput('memberisdn'));
1476 $mapping->setRoleByName($propertie_form->getInput('role'));
1477 $mapping->setMappingInfo($propertie_form->getInput('info'));
1478 $mapping->setMappingInfoType((bool) $propertie_form->getInput('info_type'));
1479 $mapping->save();
1480
1481 $this->main_tpl->setOnScreenMessage('success', $this->lng->txt('settings_saved'), true);
1482 $this->ctrl->redirect($this, 'roleMapping');
1483 } else {
1484 if (!$this->rbacReview->roleExists($propertie_form->getInput('role'))) {
1485 $this->main_tpl->setOnScreenMessage('failure', $this->lng->txt('ldap_role_not_exists') . ' ' .
1486 $propertie_form->getInput('role'));
1487 }
1488 $propertie_form->setValuesByPost();
1489
1490 $this->tpl->setContent($propertie_form->getHTML());
1491 }
1492 }
1493
1494 private function confirmDeleteRoleMapping(): void
1495 {
1496 if (!$this->mappings) {
1497 $this->main_tpl->setOnScreenMessage('failure', $this->lng->txt('select_one'), true);
1498 $this->ctrl->redirect($this, 'roleMapping');
1499 return;
1500 }
1501
1502 $this->setSubTabs();
1503 $this->tabs_gui->activateTab('role_mapping');
1504
1505 $c_gui = new ilConfirmationGUI();
1506 $c_gui->setFormAction($this->ctrl->getFormAction($this, 'deleteRoleMapping'));
1507 $c_gui->setHeaderText($this->lng->txt('ldap_confirm_del_role_ass'));
1508 $c_gui->setCancel($this->lng->txt('cancel'), 'roleMapping');
1509 $c_gui->setConfirm($this->lng->txt('confirm'), 'deleteRoleMapping');
1510
1511 foreach ($this->mappings as $id) {
1512 $mapping = new ilLDAPRoleGroupMappingSetting($id);
1513 $mapping->read();
1514 $txt = $this->lng->txt('obj_role') . ': ' . $mapping->getRoleName() . ', ';
1515 $txt .= $this->lng->txt('ldap_group_dn') . ': ' . $mapping->getDN() . ', ';
1516 $txt .= $this->lng->txt('ldap_server_short') . ' ' . $mapping->getURL() . ', ';
1517 $txt .= $this->lng->txt('ldap_group_member_short') . ' ' . $mapping->getMemberAttribute();
1518 $c_gui->addItem('mappings[]', (string) $id, $txt);
1519 }
1520
1521 $this->tpl->setContent($c_gui->getHTML());
1522 }
1523
1524 private function addServerSettingsCmd(): void
1525 {
1526 $this->checkAccess('write');
1527
1528 $this->ctrl->clearParameters($this);
1529
1530 $this->initForm();
1531
1532 $this->tpl->setContent($this->form_gui->getHTML());
1533 }
1534
1535 private function editServerSettingsCmd(): void
1536 {
1537 $this->checkAccess('write');
1538
1539 $this->setSubTabs();
1540 $this->tabs_gui->setTabActive('settings');
1541
1542 $this->initForm();
1543 $this->setServerFormValues();
1544
1545 $this->tpl->setContent($this->form_gui->getHTML());
1546 }
1547
1548 private function confirmDeleteServerSettings(): void
1549 {
1550 $this->checkAccess('write');
1551
1552 if (!$this->ldap_server_id) {
1553 $this->main_tpl->setOnScreenMessage('failure', $this->lng->txt('select_one'));
1554 $this->serverListCmd();
1555 return;
1556 }
1557
1558 $c_gui = new ilConfirmationGUI();
1559 $c_gui->setFormAction($this->ctrl->getFormAction($this, 'deleteServerSettings'));
1560 $c_gui->setHeaderText($this->lng->txt('ldap_confirm_del_server_settings'));
1561 $c_gui->setCancel($this->lng->txt('cancel'), 'serverList');
1562 $c_gui->setConfirm($this->lng->txt('confirm'), 'deleteServerSettings');
1563 $setting = new ilLDAPServer($this->ldap_server_id);
1564 $c_gui->addItem('server_ids[]', (string) $setting->getServerId(), $setting->getName());
1565
1566 $this->tpl->setContent($c_gui->getHTML());
1567 }
1568
1569 private function deleteServerSettingsCmd(): void
1570 {
1571 if (!$this->server_ids) {
1572 $this->main_tpl->setOnScreenMessage('failure', $this->lng->txt('select_one'));
1573 $this->serverListCmd();
1574 return;
1575 }
1576
1577 foreach ($this->server_ids as $server_id) {
1578 $setting = new ilLDAPServer($server_id);
1579 $setting->delete();
1580 }
1581
1582 $this->main_tpl->setOnScreenMessage('success', $this->lng->txt('deleted'), true);
1583 $this->ctrl->redirect($this, 'serverlist');
1584 }
1585
1586 private function userMappingCmd(): void
1587 {
1588 $this->initAttributeMapping();
1589
1590 $this->setSubTabs();
1591 $this->tabs_gui->activateTab('user_mapping');
1592 $this->userMappingToolbar();
1593
1594 $propertie_form = $this->initUserMappingForm();
1595
1596 $this->tpl->setContent($propertie_form->getHTML());
1597 }
1598
1599 private function activateServer(): void
1600 {
1601 $this->checkAccess('write');
1602
1603 $this->server->toggleActive(true);
1604 $this->server->update();
1605
1606 $this->tpl->setOnScreenMessage($this->tpl::MESSAGE_TYPE_SUCCESS, $this->lng->txt('saved_successfully'), true);
1607 $this->ctrl->setParameter($this, 'ldap_server_id', null);
1608 $this->ctrl->redirect($this, 'serverList');
1609 }
1610
1611 private function deactivateServer(): void
1612 {
1613 $this->checkAccess('write');
1614
1615 $this->server->toggleActive(false);
1616 $this->server->update();
1617
1618 $this->tpl->setOnScreenMessage($this->tpl::MESSAGE_TYPE_SUCCESS, $this->lng->txt('saved_successfully'), true);
1619 $this->ctrl->setParameter($this, 'ldap_server_id', null);
1620 $this->ctrl->redirect($this, 'serverList');
1621 }
1622
1623 private function initRoleMappingForm(string $command): ilPropertyFormGUI
1624 {
1625 $this->setSubTabs();
1626 $this->tabs_gui->activateTab('role_mapping');
1627
1628 if ($this->mapping_id) {
1629 $this->ctrl->setParameter($this, 'mapping_id', $this->mapping_id);
1630 }
1631
1632 $propertie_form = new ilPropertyFormGUI();
1633 $propertie_form->setTitle($this->lng->txt('ldap_mapping_table'));
1634 $propertie_form->setFormAction($this->ctrl->getFormAction($this, $command));
1635 $propertie_form->addCommandButton($command, $this->lng->txt('save'));
1636 $propertie_form->addCommandButton('roleMapping', $this->lng->txt('cancel'));
1637
1638 $url = new ilTextInputGUI($this->lng->txt('ldap_server'));
1639 $url->setPostVar('url');
1640 $url->setSize(50);
1641 $url->setMaxLength(255);
1642 $url->setRequired(true);
1643
1644 $group_dn = new ilTextInputGUI($this->lng->txt('ldap_group_dn'));
1645 $group_dn->setPostVar('dn');
1646 $group_dn->setSize(50);
1647 $group_dn->setMaxLength(255);
1648 $group_dn->setInfo($this->lng->txt('ldap_dn_info'));
1649 $group_dn->setRequired(true);
1650
1651 $member = new ilTextInputGUI($this->lng->txt('ldap_group_member'));
1652 $member->setPostVar('member');
1653 $member->setSize(32);
1654 $member->setMaxLength(255);
1655 $member->setInfo($this->lng->txt('ldap_member_info'));
1656 $member->setRequired(true);
1657
1658 $member_isdn = new ilCheckboxInputGUI('');
1659 $member_isdn->setPostVar('memberisdn');
1660 $member_isdn->setOptionTitle($this->lng->txt('ldap_memberisdn'));
1661
1662 $role = new ilTextInputGUI($this->lng->txt('ldap_ilias_role'));
1663 $role->setPostVar('role');
1664 $role->setSize(32);
1665 $role->setMaxLength(255);
1666 $role->setInfo($this->lng->txt('ldap_role_info'));
1667 $role->setRequired(true);
1668
1669 $info = new ilTextAreaInputGUI($this->lng->txt('ldap_info_text'));
1670 $info->setPostVar('info');
1671 $info->setCols(50);
1672 $info->setRows(3);
1673 $info->setInfo($this->lng->txt('ldap_info_text_info'));
1674
1675 $info_type = new ilCheckboxInputGUI('');
1676 $info_type->setPostVar('info_type');
1677 $info_type->setOptionTitle($this->lng->txt('ldap_mapping_info_type'));
1678
1679 $propertie_form->addItem($url);
1680 $propertie_form->addItem($group_dn);
1681 $propertie_form->addItem($member);
1682 $propertie_form->addItem($member_isdn);
1683 $propertie_form->addItem($role);
1684 $propertie_form->addItem($info);
1685 $propertie_form->addItem($info_type);
1686
1687 return $propertie_form;
1688 }
1689
1690 private function addRoleMappingCmd(): void
1691 {
1692 $propertie_form = $this->initRoleMappingForm('createRoleMapping');
1693 if ($propertie_form->getItemByPostVar('url')) {
1694 $propertie_form->getItemByPostVar('url')->setValue($this->server->getUrl());
1695 }
1696
1697 if ($this->mapping_id) {
1698 $mapping = new ilLDAPRoleGroupMappingSetting($this->mapping_id);
1699 $mapping->read();
1700 if ($propertie_form->getItemByPostVar('url')) {
1701 $propertie_form->getItemByPostVar('url')->setValue($mapping->getURL());
1702 }
1703 if ($propertie_form->getItemByPostVar('dn')) {
1704 $propertie_form->getItemByPostVar('dn')->setValue($mapping->getDN());
1705 }
1706 if ($propertie_form->getItemByPostVar('member')) {
1707 $propertie_form->getItemByPostVar('member')->setValue($mapping->getMemberAttribute());
1708 }
1709 if ($propertie_form->getItemByPostVar('memberisdn')) {
1710 $propertie_form->getItemByPostVar('memberisdn')->setChecked($mapping->getMemberISDN());
1711 }
1712 if ($propertie_form->getItemByPostVar('role')) {
1713 $propertie_form->getItemByPostVar('role')->setValue($mapping->getRoleName());
1714 }
1715 if ($propertie_form->getItemByPostVar('info')) {
1716 $propertie_form->getItemByPostVar('info')->setValue($mapping->getMappingInfo());
1717 }
1718 if ($propertie_form->getItemByPostVar('info_type')) {
1719 $propertie_form->getItemByPostVar('info_type')->setChecked($mapping->getMappingInfoType());
1720 }
1721 }
1722
1723 $this->tpl->setContent($propertie_form->getHTML());
1724 }
1725
1726 private function updateRoleMappingCmd(): void
1727 {
1728 $propertie_form = $this->initRoleMappingForm('updateRoleMapping');
1729
1730 if ($propertie_form->checkInput() && $this->rbacReview->roleExists($propertie_form->getInput('role'))) {
1731 $mapping = new ilLDAPRoleGroupMappingSetting($this->mapping_id);
1732 $mapping->setServerId($this->server->getServerId());
1733 $mapping->setURL($propertie_form->getInput('url'));
1734 $mapping->setDN($propertie_form->getInput('dn'));
1735 $mapping->setMemberAttribute($propertie_form->getInput('member'));
1736 $mapping->setMemberISDN((bool) $propertie_form->getInput('memberisdn'));
1737 $mapping->setRoleByName($propertie_form->getInput('role'));
1738 $mapping->setMappingInfo($propertie_form->getInput('info'));
1739 $mapping->setMappingInfoType((bool) $propertie_form->getInput('info_type'));
1740 $mapping->update();
1741
1742 $this->main_tpl->setOnScreenMessage('success', $this->lng->txt('settings_saved'), true);
1743 $this->ctrl->redirect($this, 'roleMapping');
1744 } else {
1745 if (!$this->rbacReview->roleExists($propertie_form->getInput('role'))) {
1746 $this->main_tpl->setOnScreenMessage(
1747 'failure',
1748 $this->lng->txt('ldap_role_not_exists') . ' ' . $propertie_form->getInput('role')
1749 );
1750 }
1751 $propertie_form->setValuesByPost();
1752
1753 $this->tpl->setContent($propertie_form->getHTML());
1754 }
1755 }
1756
1757 private function saveSyncronizationSettingsCmd(): void
1758 {
1759 $this->server->setRoleBindDN($this->role_bind_user);
1760 $this->server->setRoleBindPassword($this->role_bind_pass);
1761 $this->server->enableRoleSynchronization($this->role_sync_active);
1762
1763 if ($this->server->getServerId()) {
1764 $this->server->update();
1765 }
1766
1767 $this->main_tpl->setOnScreenMessage('success', $this->lng->txt('settings_saved'), true);
1768 $this->ctrl->redirect($this, 'roleMapping');
1769 }
1770
1771 public function getUnsafeGetCommands(): array
1772 {
1773 return [
1774 'handleServerTableActions',
1775 'handleRoleAssignmentTableActions',
1776 'handleRoleMappingTableActions',
1777 ];
1778 }
1779
1780 public function getSafePostCommands(): array
1781 {
1782 return [];
1783 }
1784}
$version
$version
Definition: plugin.php:24
$id
$id
plugin.php for ilComponentBuildPluginInfoObjectiveTest::testAddPlugins
Definition: plugin.php:23
ILIAS\Data\Factory
Builds data types.
Definition: Factory.php:36
ilAccess
Class ilAccessHandler Checks access for ILIAS objects.
Definition: class.ilAccess.php:28
ilAccess\checkAccess
checkAccess(string $a_permission, string $a_cmd, int $a_ref_id, string $a_type="", ?int $a_obj_id=null, ?int $a_tree_id=null)
check access for an object (provide $a_type and $a_obj_id if available for better performance)
Definition: class.ilAccess.php:193
ilAdministrationSettingsFormHandler\addFieldsToForm
static addFieldsToForm(int $a_form_id, ilPropertyFormGUI $a_form, ilObjectGUI $a_parent_gui)
Definition: class.ilAdministrationSettingsFormHandler.php:116
ilCheckboxInputGUI
This class represents a checkbox property in a property form.
Definition: class.ilCheckboxInputGUI.php:28
ilCombinationInputGUI
This class represents a number property in a property form.
Definition: class.ilCombinationInputGUI.php:28
ilConfirmationGUI
This file is part of ILIAS, a powerful learning management system published by ILIAS open source e-Le...
Definition: class.ilConfirmationGUI.php:27
ilCtrl
Class ilCtrl provides processing control methods.
Definition: class.ilCtrl.php:36
ilCustomInputGUI
This class represents a custom property in a property form.
Definition: class.ilCustomInputGUI.php:29
ilErrorHandling
Error Handling & global info handling.
Definition: class.ilErrorHandling.php:38
ilFormSectionHeaderGUI
This class represents a section header in a property form.
Definition: class.ilFormSectionHeaderGUI.php:28
ilLDAPAttributeMappingUtils\_getMappingRulesByClass
static _getMappingRulesByClass(string $a_class)
Get mapping rule by objectClass.
Definition: class.ilLDAPAttributeMappingUtils.php:33
ilLDAPAttributeMapping
This class stores the settings that define the mapping between LDAP attribute and user profile fields...
Definition: class.ilLDAPAttributeMapping.php:27
ilLDAPAttributeMapping\_lookupGlobalRole
static _lookupGlobalRole(int $a_server_id)
Definition: class.ilLDAPAttributeMapping.php:65
ilLDAPAttributeMapping\_getInstanceByServerId
static _getInstanceByServerId(int $a_server_id)
Definition: class.ilLDAPAttributeMapping.php:45
ilLDAPAttributeMapping\save
save()
Save mapping rules to db.
Definition: class.ilLDAPAttributeMapping.php:177
ilLDAPAttributeMapping\read
read()
Read mapping settings from db.
Definition: class.ilLDAPAttributeMapping.php:233
ilLDAPRoleAssignmentRule\_getRules
static _getRules($a_server_id)
Get all rules.
Definition: class.ilLDAPRoleAssignmentRule.php:202
ilLDAPRoleAssignmentRule\_getInstanceByRuleId
static _getInstanceByRuleId(int $a_rule_id)
Definition: class.ilLDAPRoleAssignmentRule.php:64
ilLDAPRoleGroupMappingSettings\_getInstanceByServerId
static _getInstanceByServerId(int $a_server_id)
Get instance of class.
Definition: class.ilLDAPRoleGroupMappingSettings.php:59
ilLDAPServer\_getServerList
static _getServerList()
Get list of all configured servers.
Definition: class.ilLDAPServer.php:227
ilLDAPServer\checkLDAPLib
static checkLDAPLib()
Check if ldap module is installed.
Definition: class.ilLDAPServer.php:129
ilLDAPServer\_getAllServer
static _getAllServer()
Get list of all configured servers.
Definition: class.ilLDAPServer.php:269
ilLDAPSettingsGUI\checkAccess
checkAccess(string $permission)
Definition: class.ilLDAPSettingsGUI.php:263
ilLDAPSettingsGUI\$role_mapping_rule
ilLDAPRoleAssignmentRule $role_mapping_rule
Definition: class.ilLDAPSettingsGUI.php:48
ilLDAPSettingsGUI\$http
readonly ILIAS HTTP GlobalHttpState $http
Definition: class.ilLDAPSettingsGUI.php:68
ilLDAPSettingsGUI\loadRoleAssignmentRule
loadRoleAssignmentRule(int $a_rule_id, bool $load_from_form=true)
Definition: class.ilLDAPSettingsGUI.php:572
ilLDAPSettingsGUI\getUnsafeGetCommands
getUnsafeGetCommands()
This method must return a list of unsafe GET commands.
Definition: class.ilLDAPSettingsGUI.php:1771
ilLDAPSettingsGUI\$ui_factory
readonly ILIAS UI Factory $ui_factory
Definition: class.ilLDAPSettingsGUI.php:66
ilLDAPSettingsGUI\$component_repository
ilComponentRepository $component_repository
Definition: class.ilLDAPSettingsGUI.php:43
ilLDAPSettingsGUI\initRoleMappingForm
initRoleMappingForm(string $command)
Definition: class.ilLDAPSettingsGUI.php:1623
ilLDAPSettingsGUI\$role_mapping
ilLDAPRoleGroupMappingSettings $role_mapping
Definition: class.ilLDAPSettingsGUI.php:50
ilLDAPSettingsGUI\checkRoleAssignmentInput
checkRoleAssignmentInput(int $a_rule_id=0)
Definition: class.ilLDAPSettingsGUI.php:545
ilLDAPSettingsGUI\$refinery
readonly ILIAS Refinery Factory $refinery
Definition: class.ilLDAPSettingsGUI.php:69
ilLDAPSettingsGUI\$form_gui
ilPropertyFormGUI $form_gui
Definition: class.ilLDAPSettingsGUI.php:30
ilLDAPSettingsGUI\$ui_renderer
readonly ILIAS UI Renderer $ui_renderer
Definition: class.ilLDAPSettingsGUI.php:67
ilLDAPSettingsGUI\__construct
__construct(int $a_auth_ref_id)
Definition: class.ilLDAPSettingsGUI.php:73
ilLDAPSettingsGUI\$object_data_cache
readonly ilObjectDataCache $object_data_cache
Definition: class.ilLDAPSettingsGUI.php:70
ilLDAPSettingsGUI\initFormRoleAssignments
initFormRoleAssignments(string $a_mode)
Definition: class.ilLDAPSettingsGUI.php:1214
ilLDAPSettingsGUI\$tpl
ilGlobalTemplateInterface $tpl
Definition: class.ilLDAPSettingsGUI.php:36
ilLDAPSettingsGUI\getSafePostCommands
getSafePostCommands()
This method must return a list of safe POST commands.
Definition: class.ilLDAPSettingsGUI.php:1780
ilLDAPSettingsGUI\$mapping
ilLDAPAttributeMapping $mapping
Definition: class.ilLDAPSettingsGUI.php:29
ilLDAPSettingsGUI\$main_tpl
ilGlobalTemplateInterface $main_tpl
Definition: class.ilLDAPSettingsGUI.php:42
ilLDAPSettingsGUI\$rule
ilLDAPRoleAssignmentRule $rule
Definition: class.ilLDAPSettingsGUI.php:49
ilLanguage
language handling
Definition: class.ilLanguage.php:43
ilNonEditableValueGUI
This class represents a non editable value in a property form.
Definition: class.ilNonEditableValueGUI.php:28
ilNumberInputGUI
This class represents a number property in a property form.
Definition: class.ilNumberInputGUI.php:28
ilObjectDataCache
class ilObjectDataCache
Definition: class.ilObjectDataCache.php:30
ilObject\_lookupTitle
static _lookupTitle(int $obj_id)
Definition: class.ilObject.php:847
ilPasswordInputGUI
This class represents a password property in a property form.
Definition: class.ilPasswordInputGUI.php:28
ilPropertyFormGUI
This class represents a property form user interface.
Definition: class.ilPropertyFormGUI.php:32
ilRadioGroupInputGUI
This class represents a property in a property form.
Definition: class.ilRadioGroupInputGUI.php:28
ilRadioOption
This class represents an option in a radio group.
Definition: class.ilRadioOption.php:28
ilRbacReview
class ilRbacReview Contains Review functions of core Rbac.
Definition: class.ilRbacReview.php:34
ilRbacSystem
class ilRbacSystem system function like checkAccess, addActiveRole ... Supporting system functions ar...
Definition: class.ilRbacSystem.php:34
ilRoleAutoCompleteInputGUI
This class represents a role + autocomplete feature form input.
Definition: class.ilRoleAutoCompleteInputGUI.php:28
ilRoleAutoCompleteInputGUI\echoAutoCompleteList
static echoAutoCompleteList()
Static asynchronous default auto complete function.
Definition: class.ilRoleAutoCompleteInputGUI.php:58
ilSelectInputGUI
This class represents a selection list property in a property form.
Definition: class.ilSelectInputGUI.php:28
ilSession\get
static get(string $a_var)
Definition: class.ilSession.php:388
ilSession\set
static set(string $a_var, $a_val)
Set a value.
Definition: class.ilSession.php:380
ilTabsGUI
This file is part of ILIAS, a powerful learning management system published by ILIAS open source e-Le...
Definition: class.ilTabsGUI.php:26
ilTextAreaInputGUI
This class represents a text area property in a property form.
Definition: class.ilTextAreaInputGUI.php:28
ilTextInputGUI
This class represents a text property in a property form.
Definition: class.ilTextInputGUI.php:28
ilToolbarGUI
This file is part of ILIAS, a powerful learning management system published by ILIAS open source e-Le...
Definition: class.ilToolbarGUI.php:28
ilUtil\_getHttpPath
static _getHttpPath()
Definition: class.ilUtil.php:1328
ilUtil\stripSlashes
static stripSlashes(string $a_str, bool $a_strip_html=true, string $a_allow="")
Definition: class.ilUtil.php:397
ilUtil\_sortIds
static _sortIds(array $a_ids, string $a_table, string $a_field, string $a_id_name)
Function that sorts ids by a given table field using WHERE IN E.g: __sort(array(6,...
Definition: class.ilUtil.php:1219
$info
$info
Definition: entry_point.php:21
$txt
$txt
Definition: error.php:31
ilAccessHandler
Interface ilAccessHandler This interface combines all available interfaces which can be called via gl...
Definition: interface.ilAccessHandler.php:27
ilComponentRepository
Readable part of repository interface to ilComponentDataDB.
Definition: class.ilComponentRepository.php:25
ilCtrlSecurityInterface
This file is part of ILIAS, a powerful learning management system published by ILIAS open source e-Le...
Definition: interface.ilCtrlSecurityInterface.php:30
$res
$res
Definition: ltiservices.php:69
ILIAS\FileDelivery\http
static http()
Fetches the global http state from ILIAS.
Definition: HttpServiceAware.php:55
ILIAS\Repository\form
form( $class_path, string $cmd, string $submit_caption="")
Definition: trait.GlobalDICGUIServices.php:139
$DIC
global $DIC
Definition: shib_login.php:26
$url
$url
Definition: shib_logout.php:68
$lang
$lang
Definition: xapiexit.php:25