ILIAS  trunk Revision v12.0_alpha-1227-g7ff6d300864
class.ilLDAPSettingsGUI.php
Go to the documentation of this file.
1<?php
2
19declare(strict_types=1);
20
21use ILIAS\Data\Factory;
22use ILIAS\UI\Component\Table\Table;
23use ILIAS\User\Profile\Profile;
24
25class ilLDAPSettingsGUI implements ilCtrlSecurityInterface
26{
27 private int $ref_id;
28 private ilLDAPServer $server;
29 private ilLDAPAttributeMapping $mapping;
30 private ?ilPropertyFormGUI $form_gui = null;
31 private ?ilPropertyFormGUI $form = null;
32
33 private ilCtrl $ctrl;
34 private ilTabsGUI $tabs_gui;
35 private ilLanguage $lng;
36 private ilGlobalTemplateInterface $tpl;
37 private ilErrorHandling $ilErr;
38 private ilAccessHandler $ilAccess;
39 private ilRbacReview $rbacReview;
40 private ilRbacSystem $rbacSystem;
41 private ilToolbarGUI $toolbar;
42 private ilGlobalTemplateInterface $main_tpl;
43 private ilComponentRepository $component_repository;
44 private ?ilLDAPRoleAssignmentRule $role_mapping_rule = null;
45 private ?ilLDAPRoleAssignmentRule $rule = null;
46 private ?ilLDAPRoleGroupMappingSettings $role_mapping = null;
48 private ?array $rule_ids = null;
49 private ?int $rule_id = null;
50 private ?int $role_id = null;
52 private ?array $mappings = null;
53 private ?string $mapping_template = null;
54 private ?int $ldap_server_id = null;
56 private ?array $server_ids = null;
57 private ?int $mapping_id = null;
58 private ?string $role_bind_user = null;
59 private ?string $role_bind_pass = null;
60 private bool $role_sync_active = false;
61 private array $attribute_mappings = [];
62 private readonly \ILIAS\UI\Factory $ui_factory;
63 private readonly \ILIAS\UI\Renderer $ui_renderer;
64 private readonly \ILIAS\HTTP\GlobalHttpState $http;
65 private readonly \ILIAS\Refinery\Factory $refinery;
66 private readonly ilObjectDataCache $object_data_cache;
67 private readonly Profile $profile;
68
69 public function __construct(int $a_auth_ref_id)
70 {
71 global $DIC;
72
73 $this->ctrl = $DIC->ctrl();
74 $this->tabs_gui = $DIC->tabs();
75 $this->lng = $DIC->language();
76 $this->lng->loadLanguageModule('ldap');
77 $this->lng->loadLanguageModule('ui');
78 $this->ilErr = $DIC['ilErr'];
79 $this->ilAccess = $DIC->access();
80 $this->component_repository = $DIC['component.repository'];
81 $this->rbacReview = $DIC->rbac()->review();
82 $this->rbacSystem = $DIC->rbac()->system();
83 $this->toolbar = $DIC->toolbar();
84 $this->main_tpl = $DIC->ui()->mainTemplate();
85 $this->http = $DIC->http();
86 $this->ui_factory = $DIC->ui()->factory();
87 $this->ui_renderer = $DIC->ui()->renderer();
88 $this->refinery = $DIC->refinery();
89 $this->object_data_cache = $DIC['ilObjDataCache'];
90 $this->profile = $DIC['user']->getProfile();
91
92 $this->tpl = $DIC->ui()->mainTemplate();
93
94 $http_wrapper = $DIC->http()->wrapper();
95 $is_post_request = $DIC->http()->request()->getMethod() === 'POST';
96 $refinery = $DIC->refinery();
97
98 if ($http_wrapper->query()->has('rule_id')) {
99 $this->rule_id = $http_wrapper->query()->retrieve(
100 'rule_id',
101 $refinery->kindlyTo()->int()
102 );
103 }
104 if ($http_wrapper->query()->has('ldap_server_id')) {
105 $this->ldap_server_id = $http_wrapper->query()->retrieve(
106 'ldap_server_id',
107 $refinery->kindlyTo()->int()
108 );
109 } elseif ($http_wrapper->query()->has('ldap_servers_server_id')) {
110 $this->ldap_server_id = $http_wrapper->query()->retrieve(
111 'ldap_servers_server_id',
112 $this->refinery->in()->series([
113 $refinery->kindlyTo()->listOf(
114 $refinery->kindlyTo()->int()
115 ),
116 $this->refinery->custom()->constraint(
117 fn($value): bool => count($value) === 1,
118 $this->lng->txt('select_one')
119 ),
120 $this->refinery->custom()->transformation(
121 fn($value): int => $value[0]
122 )
123 ])
124 );
125 }
126 $this->initServer();
127
128 if ($http_wrapper->query()->has('mapping_id')) {
129 $this->mapping_id = $http_wrapper->query()->retrieve(
130 'mapping_id',
131 $refinery->kindlyTo()->int()
132 );
133 }
134 if ($http_wrapper->query()->has('ldap_role_mapping_mapping_ids')) {
135 $this->mappings = $http_wrapper->query()->retrieve(
136 'ldap_role_mapping_mapping_ids',
137 $refinery->kindlyTo()->listOf($refinery->kindlyTo()->string())
138 );
139 if ($this->mappings === ['ALL_OBJECTS']) {
140 $mapping_instance = ilLDAPRoleGroupMappingSettings::_getInstanceByServerId($this->server->getServerId());
141 $this->mappings = array_map(static function (array $mapping): int {
142 return $mapping['mapping_id'];
143 }, $mapping_instance->getMappings());
144 }
145 $this->mappings = $this->refinery->kindlyTo()->listOf($this->refinery->kindlyTo()->int())->transform($this->mappings);
146 if (count($this->mappings) === 1) {
147 $this->mapping_id = current($this->mappings);
148 }
149 }
150 if ($http_wrapper->query()->has('ldap_role_assignment_rule_ids')) {
151 $this->rule_ids = $http_wrapper->query()->retrieve(
152 'ldap_role_assignment_rule_ids',
153 $refinery->kindlyTo()->listOf($refinery->kindlyTo()->string())
154 );
155 if ($this->rule_ids === ['ALL_OBJECTS']) {
156 $rule_objs = ilLDAPRoleAssignmentRule::_getRules($this->server->getServerId());
157 $this->rule_ids = array_map(static function (ilLDAPRoleAssignmentRule $rule): int {
158 return $rule->getRuleId();
159 }, $rule_objs);
160 }
161 $this->rule_ids = $this->refinery->kindlyTo()->listOf($this->refinery->kindlyTo()->int())->transform($this->rule_ids);
162 if (count($this->rule_ids) === 1) {
163 $this->rule_id = current($this->rule_ids);
164 }
165 }
166 if ($is_post_request) {
167 if ($http_wrapper->post()->has('rule_ids')) {
168 $this->rule_ids = $http_wrapper->post()->retrieve(
169 'rule_ids',
170 $refinery->kindlyTo()->listOf($refinery->kindlyTo()->int())
171 );
172 }
173 if ($http_wrapper->post()->has('role_id')) {
174 $this->role_id = $http_wrapper->post()->retrieve(
175 'role_id',
176 $refinery->kindlyTo()->int()
177 );
178 }
179 if ($http_wrapper->post()->has('rule_id')) {
180 $this->rule_id = $http_wrapper->post()->retrieve(
181 'rule_id',
182 $refinery->kindlyTo()->int()
183 );
184 }
185 if ($http_wrapper->post()->has('mappings')) {
186 $this->mappings = $http_wrapper->post()->retrieve(
187 'mappings',
188 $refinery->kindlyTo()->listOf($refinery->kindlyTo()->int())
189 );
190 }
191 if ($http_wrapper->post()->has('server_ids')) {
192 $this->server_ids = $http_wrapper->post()->retrieve(
193 'server_ids',
194 $refinery->kindlyTo()->listOf($refinery->kindlyTo()->int())
195 );
196 }
197 if ($http_wrapper->post()->has('mapping_template')) {
198 $this->mapping_template = $http_wrapper->post()->retrieve(
199 'mapping_template',
200 $refinery->kindlyTo()->string()
201 );
202 }
203 if ($http_wrapper->post()->has('role_bind_user')) {
204 $this->role_bind_user = ilUtil::stripSlashes($http_wrapper->post()->retrieve(
205 'role_bind_user',
206 $refinery->kindlyTo()->string()
207 ));
208 }
209 if ($http_wrapper->post()->has('role_bind_pass')) {
210 $this->role_bind_pass = ilUtil::stripSlashes($http_wrapper->post()->retrieve(
211 'role_bind_pass',
212 $refinery->kindlyTo()->string()
213 ));
214 }
215 if ($http_wrapper->post()->has('role_sync_active')) {
216 $this->role_sync_active = $http_wrapper->post()->retrieve(
217 'role_sync_active',
218 $refinery->kindlyTo()->bool()
219 );
220 }
221 foreach ($this->getAttributeMappingKeys() as $key) {
222 if ($http_wrapper->post()->has($key . '_value')) {
223 $this->attribute_mappings[$key] = [ilUtil::stripSlashes($http_wrapper->post()->retrieve(
224 $key . '_value',
225 $refinery->kindlyTo()->string()
226 )), $http_wrapper->post()->has($key . '_update')];
227 } else {
228 $this->attribute_mappings[$key] = ['', false];
229 }
230 }
231 }
232
233 $this->ref_id = $a_auth_ref_id;
234
235 if ($this->ctrl->getCmd() !== 'addServerSettings') {
236 $this->ctrl->setParameter($this, 'ldap_server_id', $this->ldap_server_id);
237 }
238 }
239
240 public function executeCommand(): bool
241 {
242 $cmd = $this->ctrl->getCmd();
243
244 if ($cmd === null || $cmd === '' || !method_exists($this, $cmd . 'Cmd')) {
245 $cmd = 'serverList';
246 }
247
248 if (!$this->rbacSystem->checkAccess('read', $this->ref_id)) {
249 $this->ilErr->raiseError($this->lng->txt('permission_denied'), $this->ilErr->WARNING);
250 }
251
252 $verified_command = $cmd . 'Cmd';
253 $this->$verified_command();
254
255 return true;
256 }
257
258 private function checkAccess(string $permission): void
259 {
260 if (!$this->ilAccess->checkAccess($permission, '', $this->ref_id)) {
261 $this->ilErr->raiseError($this->lng->txt('msg_no_perm_read'), $this->ilErr->WARNING);
262 }
263 }
264
268 private function getAttributeMappingKeys(): array
269 {
270 $keys = [];
271 foreach (array_keys($this->getMappingFields()) as $key) {
272 $keys[] = $key;
273 }
274 foreach ($this->profile->getFields() as $field) {
275 if (!$field->isCustom()) {
276 continue;
277 }
278
279 $keys[] = 'udf_' . $field->getIdentifier();
280 }
281
282 return $keys;
283 }
284
285
286 private function getServer(): ilLDAPServer
287 {
288 return $this->server;
289 }
290
291 private function roleAssignmentsCmd(): void
292 {
293 $this->setSubTabs();
294 $this->tabs_gui->activateTab('role_assignments');
295
296 $this->tpl->addBlockFile('ADM_CONTENT', 'adm_content', 'tpl.ldap_role_assignments.html', 'components/ILIAS/LDAP');
297
298 $this->initFormRoleAssignments('create');
299 $this->role_mapping_rule = ilLDAPRoleAssignmentRule::_getInstanceByRuleId(0);
300 $this->tpl->setVariable('NEW_ASSIGNMENT_TBL', $this->form->getHTML());
301
302 $rules = ilLDAPRoleAssignmentRule::_getRules($this->server->getServerId());
303 if ($rules !== []) {
304 $this->tpl->setVariable('RULES_TBL', $this->ui_renderer->render($this->getRoleAssignmentTable()));
305 }
306 }
307
308 private function editRoleAssignment(): void
309 {
310 if (!$this->rule_id) {
311 $this->main_tpl->setOnScreenMessage('failure', $this->lng->txt('select_one'));
312 $this->roleAssignmentsCmd();
313 return;
314 }
315
316 $this->setSubTabs();
317 $this->tabs_gui->activateTab('role_assignments');
318
319 $this->ctrl->setParameter($this, 'rule_id', $this->rule_id);
320 $this->initFormRoleAssignments(
321 'edit'
322 );
323 $this->role_mapping_rule = ilLDAPRoleAssignmentRule::_getInstanceByRuleId($this->rule_id);
324 $this->setValuesByArray();
325 $this->tpl->setContent($this->form->getHTML());
326 }
327
328 private function setValuesByArray(): void
329 {
330 $role_id = $this->role_mapping_rule->getRoleId();
331 if ($this->rbacReview->isGlobalRole($role_id)) {
332 $val['role_name'] = 0;
333 $val['role_id'] = $role_id;
334 } else {
335 $val['role_name'] = 1;
336 $val['role_search'] = ilObject::_lookupTitle($role_id);
337 }
338 $val['add_missing'] = (int) $this->role_mapping_rule->isAddOnUpdateEnabled();
339 $val['remove_deprecated'] = (int) $this->role_mapping_rule->isRemoveOnUpdateEnabled();
340 $val['type'] = $this->role_mapping_rule->getType();
341 $val['dn'] = $this->role_mapping_rule->getDN();
342 $val['at'] = $this->role_mapping_rule->getMemberAttribute();
343 $val['isdn'] = $this->role_mapping_rule->isMemberAttributeDN();
344 $val['name'] = $this->role_mapping_rule->getAttributeName();
345 $val['value'] = $this->role_mapping_rule->getAttributeValue();
346 $val['plugin_id'] = $this->role_mapping_rule->getPluginId();
347
348 $this->form->setValuesByArray($val);
349 }
350
351 private function updateRoleAssignmentCmd(): void
352 {
353 if (!$this->ilAccess->checkAccess('write', '', $this->ref_id)) {
354 $this->main_tpl->setOnScreenMessage('failure', $this->lng->txt('permission_denied'), true);
355 $this->roleAssignmentsCmd();
356 return;
357 }
358
359 $this->initFormRoleAssignments('edit');
360
361 $formWithoutErrors = $this->form->checkInput();
362 $roleErrorMessage = $this->checkRoleAssignmentInput($this->rule_id);
363 if (!$formWithoutErrors || $roleErrorMessage !== '') {
364 if ($roleErrorMessage !== '') {
365 $this->main_tpl->setOnScreenMessage('failure', $this->lng->txt($roleErrorMessage));
366 }
367
368 $this->tpl->addBlockFile('ADM_CONTENT', 'adm_content', 'tpl.ldap_role_assignments.html', 'components/ILIAS/LDAP');
369
370 $this->form->setValuesByPost();
371 $this->tpl->setVariable('NEW_ASSIGNMENT_TBL', $this->form->getHTML());
372 $this->tabs_gui->activateSubTab('role_assignments');
373 return;
374 }
375
376 if ($this->roleSelectionRequired()) {
377 $this->ctrl->redirect($this, 'showRoleSelection');
378 } else {
379 $this->rule->update();
380
381 $this->main_tpl->setOnScreenMessage('success', $this->lng->txt('settings_saved'), true);
382 $this->ctrl->redirect($this, 'roleAssignments');
383 }
384 }
385
386 private function confirmDeleteRules(): void
387 {
388 $this->checkAccess('write');
389
390 if (!$this->rule_ids) {
391 $this->main_tpl->setOnScreenMessage('failure', $this->lng->txt('select_one'));
392 $this->roleAssignmentsCmd();
393 return;
394 }
395
396 $this->setSubTabs();
397 $this->tabs_gui->activateTab('role_assignments');
398
399 $c_gui = new ilConfirmationGUI();
400 $c_gui->setFormAction($this->ctrl->getFormAction($this, 'deleteRules'));
401 $c_gui->setHeaderText($this->lng->txt('ldap_confirm_del_role_ass'));
402 $c_gui->setCancel($this->lng->txt('cancel'), 'roleAssignments');
403 $c_gui->setConfirm($this->lng->txt('confirm'), 'deleteRules');
404 foreach ($this->rule_ids as $rule_id) {
405 $rule = ilLDAPRoleAssignmentRule::_getInstanceByRuleId($rule_id);
406 $c_gui->addItem('rule_ids[]', (string) $rule_id, $rule->conditionToString());
407 }
408
409 $this->tpl->setContent($c_gui->getHTML());
410 }
411
412 private function deleteRulesCmd(): void
413 {
414 $this->checkAccess('write');
415
416 if (!$this->rule_ids) {
417 $this->main_tpl->setOnScreenMessage('failure', $this->lng->txt('select_once'));
418 $this->roleAssignmentsCmd();
419 return;
420 }
421
422 foreach ($this->rule_ids as $rule_id) {
423 $rule = ilLDAPRoleAssignmentRule::_getInstanceByRuleId($rule_id);
424 $rule->delete();
425 }
426
427 $this->main_tpl->setOnScreenMessage('success', $this->lng->txt('ldap_deleted_rule'), true);
428 $this->ctrl->redirect($this, 'roleAssignments');
429 }
430
431 private function addRoleAssignmentCmd(): void
432 {
433 if (!$this->ilAccess->checkAccess('write', '', $this->ref_id)) {
434 $this->main_tpl->setOnScreenMessage('failure', $this->lng->txt('permission_denied'));
435 $this->roleAssignmentsCmd();
436 return;
437 }
438
439 $this->setSubTabs();
440 $this->initFormRoleAssignments('create');
441
442 $formWithoutErrors = $this->form->checkInput();
443 $roleErrorMessage = $this->checkRoleAssignmentInput();
444 if (!$formWithoutErrors || $roleErrorMessage !== '') {
445 if ($roleErrorMessage !== '') {
446 $this->main_tpl->setOnScreenMessage('failure', $this->lng->txt($roleErrorMessage));
447 }
448
449 $this->tpl->addBlockFile('ADM_CONTENT', 'adm_content', 'tpl.ldap_role_assignments.html', 'components/ILIAS/LDAP');
450
451 $this->form->setValuesByPost();
452 $this->tpl->setVariable('NEW_ASSIGNMENT_TBL', $this->form->getHTML());
453 $this->tpl->setVariable('RULES_TBL', $this->ui_renderer->render($this->getRoleAssignmentTable()));
454 $this->tabs_gui->activateSubTab('role_assignments');
455 return;
456 }
457
458 if ($this->roleSelectionRequired()) {
459 $this->ctrl->redirect($this, 'showRoleSelection');
460 } else {
461 $this->rule->create();
462
463 $this->main_tpl->setOnScreenMessage('success', $this->lng->txt('settings_saved'), true);
464 $this->ctrl->redirect($this, 'roleAssignments');
465 }
466 }
467
468 private function roleSelectionRequired(): bool
469 {
470 if ($this->rule->getRoleId() > 0) {
471 return false;
472 }
473
474 $rule = [];
475 $rule['server_id'] = $this->getServer()->getServerId();
476 $rule['rule_id'] = $this->rule_id ?: 0;
477 $rule['role_search'] = $this->form->getInput('role_search');
478 $rule['add_on_update'] = $this->form->getInput('add_missing');
479 $rule['remove_on_update'] = $this->form->getInput('remove_deprecated');
480 $rule['type'] = $this->form->getInput('type');
481 $rule['dn'] = $this->form->getInput('dn');
482 $rule['at'] = $this->form->getInput('at');
483 $rule['isdn'] = $this->form->getInput('isdn');
484 $rule['name'] = $this->form->getInput('name');
485 $rule['value'] = $this->form->getInput('value');
486 $rule['plugin'] = $this->form->getInput('plugin_id');
487 ilSession::set('ldap_role_ass', serialize($rule));
488 $this->ctrl->saveParameter($this, 'rule_id');
489
490 return true;
491 }
492
493 private function showRoleSelectionCmd(): void
494 {
495 $this->checkAccess('read');
496
497 $this->setSubTabs();
498 $this->tabs_gui->activateTab('role_assignments');
499 $this->ctrl->saveParameter($this, 'rule_id');
500
501 $parser = new ilQueryParser(unserialize(ilSession::get('ldap_role_ass'), ['allowed_classes' => false])['role_search']);
502 $parser->setMinWordLength(1);
503 $parser->setCombination(ilQueryParser::QP_COMBINATION_AND);
504 $parser->parse();
505
506 $object_search = new ilLikeObjectSearch($parser);
507 $object_search->setFilter(['role']);
508 $res = $object_search->performSearch();
509
510 $entries = $res->getEntries();
511
512 $table = new ilRoleSelectionTableGUI($this, 'showRoleSelection');
513 $table->setTitle($this->lng->txt('ldap_role_selection'));
514 if ($this->rbacSystem->checkAccess('write', $this->ref_id)) {
515 $table->addMultiCommand('saveRoleSelection', $this->lng->txt('ldap_choose_role'));
516 }
517 $table->parse($entries);
518
519 $this->tpl->setContent($table->getHTML());
520 }
521
522 private function saveRoleSelectionCmd(): void
523 {
524 if (!$this->ilAccess->checkAccess('write', '', $this->ref_id)) {
525 $this->main_tpl->setOnScreenMessage('failure', $this->lng->txt('permission_denied'), true);
526 $this->roleAssignmentsCmd();
527 return;
528 }
529
530 if (!$this->role_id) {
531 $this->main_tpl->setOnScreenMessage('failure', $this->lng->txt('select_one'));
532 $this->showRoleSelectionCmd();
533 return;
534 }
535
536 $this->loadRoleAssignmentRule($this->rule_id ?? 0, false);
537 $this->rule->setRoleId($this->role_id);
538
539 if ($this->rule_id) {
540 $this->rule->update();
541 } else {
542 $this->rule->create();
543 }
544
545 $this->main_tpl->setOnScreenMessage('success', $this->lng->txt('settings_saved'), true);
546 $this->ctrl->setParameter($this, 'rule_id', null);
547 $this->ctrl->redirect($this, 'roleAssignments');
548 }
549
550 private function checkRoleAssignmentInput(int $a_rule_id = 0): string
551 {
552 $this->loadRoleAssignmentRule($a_rule_id);
553 $this->rule->validate();
554
555 return $this->ilErr->getMessage();
556 }
557
558 private function getRoleAssignmentTable(): ?Table
559 {
560 $rules = ilLDAPRoleAssignmentRule::_getRules($this->server->getServerId());
561 if ($rules !== []) {
562 return (new LDAPRoleAssignmentTable(
563 $this->http->request(),
564 $this->lng,
565 $this->ui_factory,
566 (new Factory())
567 ->uri(
568 ilUtil::_getHttpPath() . '/' . $this->ctrl->getLinkTarget($this, 'handleRoleAssignmentTableActions')
569 ),
570 $this->server->getServerId(),
571 $this->rbacSystem->checkAccess('write', $this->ref_id)
572 ))->getComponent();
573 }
574
575 return null;
576 }
577
578 private function loadRoleAssignmentRule(int $a_rule_id, bool $load_from_form = true): void
579 {
580 if (is_object($this->rule)) {
581 return;
582 }
583
584 $this->rule = ilLDAPRoleAssignmentRule::_getInstanceByRuleId($a_rule_id);
585
586 if ($load_from_form) {
587 if ($this->form->getInput('role_name') === '0') {
588 $this->rule->setRoleId((int) $this->form->getInput('role_id'));
589 } elseif ($this->form->getInput('role_search')) {
590 $parser = new ilQueryParser('"' . $this->form->getInput('role_search') . '"');
591
592 // TODO: Handle minWordLength
593 $parser->setMinWordLength(1);
594 $parser->setCombination(ilQueryParser::QP_COMBINATION_AND);
595 $parser->parse();
596
597 $object_search = new ilLikeObjectSearch($parser);
598 $object_search->setFilter(['role']);
599 $res = $object_search->performSearch();
600
601 $entries = $res->getEntries();
602 if (count($entries) === 1) {
603 $role = current($entries);
604 $this->rule->setRoleId($role['obj_id']);
605 } elseif (count($entries) > 1) {
606 $this->rule->setRoleId(-1);
607 }
608 }
609
610 $this->rule->setAttributeName($this->form->getInput('name'));
611 $this->rule->setAttributeValue($this->form->getInput('value'));
612 $this->rule->setDN($this->form->getInput('dn'));
613 $this->rule->setMemberAttribute($this->form->getInput('at'));
614 $this->rule->setMemberIsDN((bool) $this->form->getInput('isdn'));
615 $this->rule->enableAddOnUpdate((bool) $this->form->getInput('add_missing'));
616 $this->rule->enableRemoveOnUpdate((bool) $this->form->getInput('remove_deprecated'));
617 $this->rule->setPluginId((int) $this->form->getInput('plugin_id'));
618 $this->rule->setType((int) $this->form->getInput('type'));
619 $this->rule->setServerId($this->getServer()->getServerId());
620 return;
621 }
622
623 $this->rule->setServerId($this->getServer()->getServerId());
624 $rule = unserialize(ilSession::get('ldap_role_ass'), ['allowed_classes' => false]);
625
626 $this->rule->enableAddOnUpdate((bool) ($rule['add_on_update'] ?? false));
627 $this->rule->enableRemoveOnUpdate((bool) ($rule['remove_on_update'] ?? false));
628 $this->rule->setType((int) ilUtil::stripSlashes(
629 $rule['type'] ?? (string) ilLDAPRoleAssignmentRule::TYPE_ATTRIBUTE
630 ));
631 $this->rule->setDN(ilUtil::stripSlashes($rule['dn'] ?? ''));
632 $this->rule->setMemberAttribute(ilUtil::stripSlashes($rule['at'] ?? ''));
633 $this->rule->setMemberIsDN((bool) (ilUtil::stripSlashes($rule['isdn'] ?? false)));
634 $this->rule->setAttributeName(ilUtil::stripSlashes($rule['name'] ?? ''));
635 $this->rule->setAttributeValue(ilUtil::stripSlashes($rule['value'] ?? ''));
636 $this->rule->setPluginId((int) ilUtil::stripSlashes((string) ($rule['plugin'] ?? '0')));
637 }
638
639 private function deleteRoleMappingCmd(): void
640 {
641 $this->checkAccess('write');
642
643 if (!$this->mappings) {
644 $this->main_tpl->setOnScreenMessage('failure', $this->lng->txt('select_one'));
645 $this->roleMappingCmd();
646 return;
647 }
648
649 $this->initRoleMapping();
650
651 foreach ($this->mappings as $mapping_id) {
652 $this->role_mapping->delete($mapping_id);
653 }
654 $this->main_tpl->setOnScreenMessage('success', $this->lng->txt('ldap_deleted_role_mapping'));
655 $this->roleMappingCmd();
656 }
657
658 private function chooseMappingCmd(): void
659 {
660 $this->checkAccess('read');
661
662 if (!$this->mapping_template) {
663 $this->userMappingCmd();
664 return;
665 }
666
667 $this->initAttributeMapping();
668 $this->mapping->clearRules();
669
670 foreach (ilLDAPAttributeMappingUtils::_getMappingRulesByClass($this->mapping_template) as $key => $value) {
671 $this->mapping->setRule($key, $value, false);
672 }
673 $this->userMappingCmd();
674 }
675
676 private function saveMappingCmd(): void
677 {
678 $this->checkAccess('write');
679
680 $this->initAttributeMapping();
681 $this->tabs_gui->activateTab('role_mapping');
682
683 foreach (array_keys($this->getMappingFields()) as $key) {
684 $this->mapping->setRule(
685 $key,
686 $this->attribute_mappings[$key][0],
687 $this->attribute_mappings[$key][1]
688 );
689 }
690 foreach ($this->profile->getFields() as $field) {
691 if (!$field->isCustom()) {
692 continue;
693 }
694
695 $key = 'udf_' . $field->getIdentifier();
696 $this->mapping->setRule(
697 $key,
698 $this->attribute_mappings[$key][0],
699 $this->attribute_mappings[$key][1]
700 );
701 }
702
703 $this->mapping->save();
704 $this->userMappingCmd();
705
706 $this->main_tpl->setOnScreenMessage('success', $this->lng->txt('settings_saved'));
707 }
708
709 private function getServerTableAction(): string
710 {
711 return $this->http->wrapper()->query()->retrieve(
712 'ldap_servers_table_action',
713 $this->refinery->byTrying([
714 $this->refinery->kindlyTo()->string(),
715 $this->refinery->always('')
716 ])
717 );
718 }
719
720 private function handleServerTableActionsCmd(): void
721 {
722 match ($this->getServerTableAction()) {
723 'editServerSettings' => $this->editServerSettingsCmd(),
724 'activateServer' => $this->activateServer(),
725 'deactivateServer' => $this->deactivateServer(),
726 'confirmDeleteServerSettings' => $this->confirmDeleteServerSettings(),
727 default => $this->ctrl->redirect($this, 'serverList')
728 };
729 }
730
731 private function getRoleAssigmentsTableAction(): string
732 {
733 return $this->http->wrapper()->query()->retrieve(
734 'ldap_role_assignment_table_action',
735 $this->refinery->byTrying([
736 $this->refinery->kindlyTo()->string(),
737 $this->refinery->always('')
738 ])
739 );
740 }
741
742 private function handleRoleAssignmentTableActionsCmd(): void
743 {
744 match ($this->getRoleAssigmentsTableAction()) {
745 'confirmDeleteRules' => $this->confirmDeleteRules(),
746 'editRoleAssignment' => $this->editRoleAssignment(),
747 default => $this->ctrl->redirect($this, 'serverList')
748 };
749 }
750
751 private function getRoleMappingsTableAction(): string
752 {
753 return $this->http->wrapper()->query()->retrieve(
754 'ldap_role_mapping_table_action',
755 $this->refinery->byTrying([
756 $this->refinery->kindlyTo()->string(),
757 $this->refinery->always('')
758 ])
759 );
760 }
761
762 private function handleRoleMappingTableActionsCmd(): void
763 {
764 match ($this->getRoleMappingsTableAction()) {
765 'confirmDeleteRoleMapping' => $this->confirmDeleteRoleMapping(),
766 'addRoleMapping' => $this->addRoleMappingCmd(),
767 'editRoleMapping' => $this->editRoleMapping(),
768 default => $this->ctrl->redirect($this, 'serverList'),
769 };
770 }
771
772 private function serverListCmd(): void
773 {
774 if (!$this->rbacSystem->checkAccess('read', $this->ref_id)) {
775 $this->ilErr->raiseError($this->lng->txt('msg_no_perm_read'), $this->ilErr->WARNING);
776 }
777
778 if (!ilLDAPServer::checkLDAPLib() && $this->server->isActive()) {
779 $this->main_tpl->setOnScreenMessage('failure', 'Missing LDAP libraries. Please ensure that the PHP LDAP module is installed on your server.');
780 }
781
782 if ($this->rbacSystem->checkAccess('write', $this->ref_id)) {
783 $this->toolbar->addButton(
784 $this->lng->txt('add_ldap_server'),
785 $this->ctrl->getLinkTarget($this, 'addServerSettings')
786 );
787 }
788
789 $this->ctrl->setParameter($this, 'ldap_server_id', null);
790
791 $table = new \ILIAS\LDAP\Server\UI\ServerTable(
792 ilLDAPServer::_getAllServer(),
793 $this,
794 $this->ui_factory,
795 $this->ui_renderer,
796 $this->lng,
797 $this->ctrl,
798 $this->http->request(),
799 (new Factory())
800 ->uri(
801 ilUtil::_getHttpPath() . '/' . $this->ctrl->getLinkTarget($this, 'handleServerTableActions')
802 ),
803 $this->rbacSystem->checkAccess('write', $this->ref_id),
804 $this->rbacSystem->checkAccess('read', $this->ref_id)
805 );
806
807 $this->tpl->setContent($this->ui_renderer->render($table->getComponent()));
808 }
809
810 private function setServerFormValues(): void
811 {
812 $this->form_gui->setValuesByArray([
813 'active' => $this->server->isActive(),
814 'ds' => !$this->server->isAuthenticationEnabled(),
815 'server_name' => $this->server->getName(),
816 'server_url' => $this->server->getUrlString(),
817 'version' => $this->server->getVersion(),
818 'base_dn' => $this->server->getBaseDN(),
819 'referrals' => $this->server->isActiveReferrer(),
820 'tls' => $this->server->isActiveTLS(),
821 'binding_type' => $this->server->getBindingType(),
822 'bind_dn' => $this->server->getBindUser(),
823 'bind_pass' => $this->server->getBindPassword(),
824 'bind_pass_retype' => $this->server->getBindPassword(),
825 'search_base' => $this->server->getSearchBase(),
826 'user_scope' => $this->server->getUserScope(),
827 'user_attribute' => $this->server->getUserAttribute(),
828 'filter' => $this->server->getFilter(),
829 'group_dn' => $this->server->getGroupDN(),
830 'group_scope' => $this->server->getGroupScope(),
831 'group_filter' => $this->server->getGroupFilter(),
832 'group_member' => $this->server->getGroupMember(),
833 'memberisdn' => $this->server->enabledGroupMemberIsDN(),
834 'group' => $this->server->getGroupName(),
835 'group_attribute' => $this->server->getGroupAttribute(),
836 'group_optional' => $this->server->isMembershipOptional(),
837 'group_user_filter' => $this->server->getGroupUserFilter(),
838 'sync_on_login' => $this->server->enabledSyncOnLogin(),
839 'sync_per_cron' => $this->server->enabledSyncPerCron(),
840 'global_role' => ilLDAPAttributeMapping::_lookupGlobalRole($this->server->getServerId()),
841 'migration' => (int) $this->server->isAccountMigrationEnabled(),
842 'name_filter' => $this->server->getUsernameFilter(),
843 'escape_dn' => $this->server->enabledEscapeDN()
844 ]);
845 }
846
847 private function initForm(): void
848 {
849 $this->form_gui = new ilPropertyFormGUI();
850 $this->form_gui->setFormAction($this->ctrl->getFormAction($this, 'save'));
851 $this->form_gui->setTitle($this->lng->txt('ldap_configure'));
852
853 $active = new ilCheckboxInputGUI($this->lng->txt('auth_ldap_enable'), 'active');
854 $active->setValue('1');
855 $this->form_gui->addItem($active);
856
857 $ds = new ilCheckboxInputGUI($this->lng->txt('ldap_as_ds'), 'ds');
858 $ds->setValue('1');
859 $ds->setInfo($this->lng->txt('ldap_as_ds_info'));
860 $this->form_gui->addItem($ds);
861
862 $servername = new ilTextInputGUI($this->lng->txt('ldap_server_name'), 'server_name');
863 $servername->setRequired(true);
864 $servername->setInfo($this->lng->txt('ldap_server_name_info'));
865 $servername->setSize(32);
866 $servername->setMaxLength(32);
867 $this->form_gui->addItem($servername);
868
869 $namefilter = new ilTextInputGUI($this->lng->txt('ldap_username_filter'), 'name_filter');
870 $namefilter->setInfo($this->lng->txt('ldap_username_filter_info'));
871 $namefilter->setSize(64);
872 $namefilter->setMaxLength(255);
873 $this->form_gui->addItem($namefilter);
874
875 $serverurl = new ilTextInputGUI($this->lng->txt('ldap_server'), 'server_url');
876 $serverurl->setRequired(true);
877 $serverurl->setInfo($this->lng->txt('ldap_server_url_info'));
878 $serverurl->setSize(64);
879 $serverurl->setMaxLength(255);
880 $this->form_gui->addItem($serverurl);
881
882 $version = new ilSelectInputGUI($this->lng->txt('ldap_version'), 'version');
883 $version->setOptions([2 => 2, 3 => 3]);
884 $version->setInfo($this->lng->txt('ldap_server_version_info'));
885 $this->form_gui->addItem($version);
886
887 $basedsn = new ilTextInputGUI($this->lng->txt('basedn'), 'base_dn');
888 $basedsn->setRequired(true);
889 $basedsn->setSize(64);
890 $basedsn->setMaxLength(255);
891 $this->form_gui->addItem($basedsn);
892
893 $referrals = new ilCheckboxInputGUI($this->lng->txt('ldap_referrals'), 'referrals');
894 $referrals->setValue('1');
895 $referrals->setInfo($this->lng->txt('ldap_referrals_info'));
896 $this->form_gui->addItem($referrals);
897
898 $section_security = new ilFormSectionHeaderGUI();
899 $section_security->setTitle($this->lng->txt('ldap_server_security_settings'));
900 $this->form_gui->addItem($section_security);
901
902 $tls = new ilCheckboxInputGUI($this->lng->txt('ldap_tls'), 'tls');
903 $tls->setValue('1');
904 $this->form_gui->addItem($tls);
905
906 $binding = new ilRadioGroupInputGUI($this->lng->txt('ldap_server_binding'), 'binding_type');
907 $anonymous = new ilRadioOption($this->lng->txt('ldap_bind_anonymous'), (string) ilLDAPServer::LDAP_BIND_ANONYMOUS);
908 $binding->addOption($anonymous);
909 $user = new ilRadioOption($this->lng->txt('ldap_bind_user'), (string) ilLDAPServer::LDAP_BIND_USER);
910 $dn = new ilTextInputGUI($this->lng->txt('ldap_server_bind_dn'), 'bind_dn');
911 $dn->setSize(64);
912 $dn->setMaxLength(255);
913 $user->addSubItem($dn);
914 $pass = new ilPasswordInputGUI($this->lng->txt('ldap_server_bind_pass'), 'bind_pass');
915 $pass->setSkipSyntaxCheck(true);
916 $pass->setSize(12);
917 $pass->setMaxLength(100);
918 $user->addSubItem($pass);
919 $binding->addOption($user);
920 $this->form_gui->addItem($binding);
921
922 $section_auth = new ilFormSectionHeaderGUI();
923 $section_auth->setTitle($this->lng->txt('ldap_authentication_settings'));
924 $this->form_gui->addItem($section_auth);
925
926 $search_base = new ilTextInputGUI($this->lng->txt('ldap_user_dn'), 'search_base');
927 $search_base->setInfo($this->lng->txt('ldap_search_base_info'));
928 $search_base->setSize(64);
929 $search_base->setMaxLength(255);
930 $this->form_gui->addItem($search_base);
931
932 $user_scope = new ilSelectInputGUI($this->lng->txt('ldap_user_scope'), 'user_scope');
933 $user_scope->setOptions([
934 ilLDAPServer::LDAP_SCOPE_ONE => $this->lng->txt('ldap_scope_one'),
935 ilLDAPServer::LDAP_SCOPE_SUB => $this->lng->txt('ldap_scope_sub')
936 ]);
937 $user_scope->setInfo($this->lng->txt('ldap_user_scope_info'));
938 $this->form_gui->addItem($user_scope);
939
940 $user_attribute = new ilTextInputGUI($this->lng->txt('ldap_user_attribute'), 'user_attribute');
941 $user_attribute->setSize(16);
942 $user_attribute->setMaxLength(64);
943 $user_attribute->setRequired(true);
944 $this->form_gui->addItem($user_attribute);
945
946 $filter = new ilTextInputGUI($this->lng->txt('ldap_search_filter'), 'filter');
947 $filter->setInfo($this->lng->txt('ldap_filter_info'));
948 $filter->setSize(64);
949 $filter->setMaxLength(512);
950 $this->form_gui->addItem($filter);
951
952 $section_restrictions = new ilFormSectionHeaderGUI();
953 $section_restrictions->setTitle($this->lng->txt('ldap_group_restrictions'));
954 $this->form_gui->addItem($section_restrictions);
955
956 $group_dn = new ilTextInputGUI($this->lng->txt('ldap_group_search_base'), 'group_dn');
957 $group_dn->setInfo($this->lng->txt('ldap_group_dn_info'));
958 $group_dn->setSize(64);
959 $group_dn->setMaxLength(255);
960 $this->form_gui->addItem($group_dn);
961
962 $group_scope = new ilSelectInputGUI($this->lng->txt('ldap_group_scope'), 'group_scope');
963 $group_scope->setOptions([
964 ilLDAPServer::LDAP_SCOPE_ONE => $this->lng->txt('ldap_scope_one'),
965 ilLDAPServer::LDAP_SCOPE_SUB => $this->lng->txt('ldap_scope_sub')
966 ]);
967 $group_scope->setInfo($this->lng->txt('ldap_group_scope_info'));
968 $this->form_gui->addItem($group_scope);
969
970 $group_filter = new ilTextInputGUI($this->lng->txt('ldap_group_filter'), 'group_filter');
971 $group_filter->setInfo($this->lng->txt('ldap_group_filter_info'));
972 $group_filter->setSize(64);
973 $group_filter->setMaxLength(255);
974 $this->form_gui->addItem($group_filter);
975
976 $group_member = new ilTextInputGUI($this->lng->txt('ldap_group_member'), 'group_member');
977 $group_member->setInfo($this->lng->txt('ldap_group_member_info'));
978 $group_member->setSize(32);
979 $group_member->setMaxLength(255);
980 $this->form_gui->addItem($group_member);
981
982 $group_member_isdn = new ilCheckboxInputGUI($this->lng->txt('ldap_memberisdn'), 'memberisdn');
983 $this->form_gui->addItem($group_member_isdn);
984
985 $escapedn = new ilCheckboxInputGUI($this->lng->txt('ldap_escapedn'), 'escape_dn');
986 $escapedn->setValue('1');
987 $escapedn->setInfo($this->lng->txt('ldap_escapedn_info'));
988 $this->form_gui->addItem($escapedn);
989
990 $group = new ilTextInputGUI($this->lng->txt('ldap_group_name'), 'group');
991 $group->setInfo($this->lng->txt('ldap_group_name_info'));
992 $group->setSize(32);
993 $group->setMaxLength(255);
994 $this->form_gui->addItem($group);
995
996 $group_atrr = new ilTextInputGUI($this->lng->txt('ldap_group_attribute'), 'group_attribute');
997 $group_atrr->setInfo($this->lng->txt('ldap_group_attribute_info'));
998 $group_atrr->setSize(16);
999 $group_atrr->setMaxLength(64);
1000 $this->form_gui->addItem($group_atrr);
1001
1002 $group_optional = new ilCheckboxInputGUI($this->lng->txt('ldap_group_membership'), 'group_optional');
1003 $group_optional->setOptionTitle($this->lng->txt('ldap_group_member_optional'));
1004 $group_optional->setInfo($this->lng->txt('ldap_group_optional_info'));
1005 $group_optional->setValue('1');
1006 $group_user_filter = new ilTextInputGUI($this->lng->txt('ldap_group_user_filter'), 'group_user_filter');
1007 $group_user_filter->setSize(64);
1008 $group_user_filter->setMaxLength(255);
1009 $group_optional->addSubItem($group_user_filter);
1010 $this->form_gui->addItem($group_optional);
1011
1012 $section_sync = new ilFormSectionHeaderGUI();
1013 $section_sync->setTitle($this->lng->txt('ldap_user_sync'));
1014 $this->form_gui->addItem($section_sync);
1015
1016 $ci_gui = new ilCustomInputGUI($this->lng->txt('ldap_moment_sync'));
1017 $sync_on_login = new ilCheckboxInputGUI($this->lng->txt('ldap_sync_login'), 'sync_on_login');
1018 $sync_on_login->setValue('1');
1019 $ci_gui->addSubItem($sync_on_login);
1020 $sync_per_cron = new ilCheckboxInputGUI($this->lng->txt('ldap_sync_cron'), 'sync_per_cron');
1021 $sync_per_cron->setValue('1');
1022 $ci_gui->addSubItem($sync_per_cron);
1023 $ci_gui->setInfo($this->lng->txt('ldap_user_sync_info'));
1024 $this->form_gui->addItem($ci_gui);
1025
1026 $global_role = new ilSelectInputGUI($this->lng->txt('ldap_global_role_assignment'), 'global_role');
1027 $global_role->setOptions($this->prepareGlobalRoleSelection());
1028 $global_role->setInfo($this->lng->txt('ldap_global_role_info'));
1029 $this->form_gui->addItem($global_role);
1030
1031 $migr = new ilCheckboxInputGUI($this->lng->txt('auth_ldap_migration'), 'migration');
1032 $migr->setInfo($this->lng->txt('auth_ldap_migration_info'));
1033 $migr->setValue('1');
1034 $this->form_gui->addItem($migr);
1035
1036 ilAdministrationSettingsFormHandler::addFieldsToForm(
1037 ilAdministrationSettingsFormHandler::FORM_LDAP,
1038 $this->form_gui,
1039 ilAdministrationSettingsFormHandler::getSettingsGUIInstance('auth')
1040 );
1041
1042 if ($this->rbacSystem->checkAccess('write', $this->ref_id)) {
1043 $this->form_gui->addCommandButton('save', $this->lng->txt('save'));
1044 } else {
1045 foreach ($this->form_gui->getItems() as $item) {
1046 if ($item instanceof ilFormSectionHeaderGUI) {
1047 continue;
1048 }
1049 $item->setDisabled(true);
1050 }
1051 }
1052
1053 if ($this->ctrl->getCmd() === 'addServerSettings') {
1054 $this->form_gui->addCommandButton('serverList', $this->lng->txt('cancel'));
1055 }
1056 }
1057
1058 private function saveCmd(): void
1059 {
1060 $this->checkAccess('write');
1061
1062 $this->setSubTabs();
1063 $this->tabs_gui->setTabActive('settings');
1064
1065 $this->initForm();
1066 if ($this->form_gui->checkInput()) {
1067 $this->server->toggleActive((bool) $this->form_gui->getInput('active'));
1068 $this->server->enableAuthentication(!(bool) $this->form_gui->getInput('ds'));
1069 $this->server->setName($this->form_gui->getInput('server_name'));
1070 $this->server->setUrl($this->form_gui->getInput('server_url'));
1071 $this->server->setVersion((int) $this->form_gui->getInput('version'));
1072 $this->server->setBaseDN($this->form_gui->getInput('base_dn'));
1073 $this->server->toggleReferrer((bool) $this->form_gui->getInput('referrals'));
1074 $this->server->toggleTLS((bool) $this->form_gui->getInput('tls'));
1075 $this->server->setBindingType((int) $this->form_gui->getInput('binding_type'));
1076 $this->server->setBindUser($this->form_gui->getInput('bind_dn'));
1077 $this->server->setBindPassword($this->form_gui->getInput('bind_pass'));
1078 $this->server->setSearchBase($this->form_gui->getInput('search_base'));
1079 $this->server->setUserScope((int) $this->form_gui->getInput('user_scope'));
1080 $this->server->setUserAttribute($this->form_gui->getInput('user_attribute'));
1081 $this->server->setFilter($this->form_gui->getInput('filter'));
1082 $this->server->setGroupDN($this->form_gui->getInput('group_dn'));
1083 $this->server->setGroupScope((int) $this->form_gui->getInput('group_scope'));
1084 $this->server->setGroupFilter($this->form_gui->getInput('group_filter'));
1085 $this->server->setGroupMember($this->form_gui->getInput('group_member'));
1086 $this->server->enableGroupMemberIsDN((bool) $this->form_gui->getInput('memberisdn'));
1087 $this->server->setGroupName($this->form_gui->getInput('group'));
1088 $this->server->setGroupAttribute($this->form_gui->getInput('group_attribute'));
1089 $this->server->setGroupUserFilter($this->form_gui->getInput('group_user_filter'));
1090 $this->server->toggleMembershipOptional((bool) $this->form_gui->getInput('group_optional'));
1091 $this->server->enableSyncOnLogin((bool) $this->form_gui->getInput('sync_on_login'));
1092 $this->server->enableSyncPerCron((bool) $this->form_gui->getInput('sync_per_cron'));
1093 $this->server->setGlobalRole((int) $this->form_gui->getInput('global_role'));
1094 $this->server->enableAccountMigration((bool) $this->form_gui->getInput('migration'));
1095 $this->server->setUsernameFilter($this->form_gui->getInput('name_filter'));
1096 $this->server->enableEscapeDN((bool) $this->form_gui->getInput('escape_dn'));
1097 if (!$this->server->validate()) {
1098 $this->main_tpl->setOnScreenMessage('failure', $this->ilErr->getMessage());
1099 $url_err = $this->server->getUrlValidationError();
1100 if (!empty($url_err)) {
1101 $this->form_gui->getItemByPostVar('server_url')?->setAlert(
1102 $this->refinery->encode()->htmlSpecialCharsAsEntities()->transform($url_err)
1103 );
1104 }
1105 $this->form_gui->setValuesByPost();
1106 $this->tpl->setContent($this->form_gui->getHTML());
1107 return;
1108 }
1109
1110 if ($this->server->getServerId()) {
1111 $this->server->update();
1112 } else {
1113 $this->server->create();
1114 }
1115
1116 $this->initAttributeMapping();
1117 $this->mapping->setRule('global_role', (string) $this->form_gui->getInput('global_role'), false);
1118 $this->mapping->save();
1119
1120 $this->main_tpl->setOnScreenMessage('success', $this->lng->txt('settings_saved'), true);
1121 $this->ctrl->setParameter($this, 'ldap_server_id', null);
1122 $this->ctrl->redirect($this, 'serverList');
1123 }
1124
1125 $this->form_gui->setValuesByPost();
1126 $this->tpl->setContent($this->form_gui->getHTML());
1127 }
1128
1129 private function backToServerListCmd(): never
1130 {
1131 $this->ctrl->setParameter($this, 'ldap_server_id', null);
1132 $this->ctrl->redirect($this, 'serverList');
1133 }
1134
1135 private function setSubTabs(): void
1136 {
1137 $this->tabs_gui->clearTargets();
1138
1139 $this->tabs_gui->setBackTarget(
1140 $this->lng->txt('back'),
1141 $this->ctrl->getLinkTarget($this, 'backToServerList')
1142 );
1143
1144 $this->tabs_gui->addTab(
1145 'settings',
1146 $this->lng->txt('ldap_settings'),
1147 $this->ctrl->getLinkTarget($this, 'editServerSettings')
1148 );
1149
1150 // Disable all other tabs, if server hasn't been configured.
1151 if (!count(ilLDAPServer::_getServerList())) {
1152 return;
1153 }
1154
1155 $this->tabs_gui->addTab(
1156 'user_mapping',
1157 $this->lng->txt('ldap_user_mapping'),
1158 $this->ctrl->getLinkTarget($this, 'userMapping')
1159 );
1160
1161 $this->tabs_gui->addTab(
1162 'role_assignments',
1163 $this->lng->txt('ldap_role_assignments'),
1164 $this->ctrl->getLinkTarget($this, 'roleAssignments')
1165 );
1166
1167 $this->tabs_gui->addTab(
1168 'role_mapping',
1169 $this->lng->txt('ldap_role_mapping'),
1170 $this->ctrl->getLinkTarget($this, 'roleMapping')
1171 );
1172 }
1173
1174 private function initServer(): void
1175 {
1176 $server_id = 0;
1177 if ($this->ldap_server_id) {
1178 $server_id = $this->ldap_server_id;
1179 }
1180
1181 $this->server = new ilLDAPServer($server_id);
1182 }
1183
1184 private function initAttributeMapping(): void
1185 {
1186 $this->mapping = ilLDAPAttributeMapping::_getInstanceByServerId($this->getServer()->getServerId());
1187 }
1188
1189 private function initRoleMapping(): void
1190 {
1191 $this->role_mapping = ilLDAPRoleGroupMappingSettings::_getInstanceByServerId($this->getServer()->getServerId());
1192 }
1193
1197 private function prepareGlobalRoleSelection(): array
1198 {
1199 $global_roles = ilUtil::_sortIds(
1200 $this->rbacReview->getGlobalRoles(),
1201 'object_data',
1202 'title',
1203 'obj_id'
1204 );
1205
1206 $select[0] = $this->lng->txt('links_select_one');
1207 foreach ($global_roles as $role_id) {
1208 $select[$role_id] = ilObject::_lookupTitle((int) $role_id);
1209 }
1210
1211 return $select;
1212 }
1213
1217 private function getMappingFields(): array
1218 {
1219 return [
1220 'gender' => $this->lng->txt('gender'),
1221 'firstname' => $this->lng->txt('firstname'),
1222 'lastname' => $this->lng->txt('lastname'),
1223 'title' => $this->lng->txt('person_title'),
1224 'institution' => $this->lng->txt('institution'),
1225 'department' => $this->lng->txt('department'),
1226 'street' => $this->lng->txt('street'),
1227 'city' => $this->lng->txt('city'),
1228 'zipcode' => $this->lng->txt('zipcode'),
1229 'country' => $this->lng->txt('country'),
1230 'phone_office' => $this->lng->txt('phone_office'),
1231 'phone_home' => $this->lng->txt('phone_home'),
1232 'phone_mobile' => $this->lng->txt('phone_mobile'),
1233 'fax' => $this->lng->txt('fax'),
1234 'email' => $this->lng->txt('email'),
1235 'second_email' => $this->lng->txt('second_email'),
1236 'hobby' => $this->lng->txt('hobby'),
1237 'matriculation' => $this->lng->txt('matriculation')
1238 ];
1239 }
1240
1241 private function initFormRoleAssignments(string $a_mode): void
1242 {
1243 $this->form = new ilPropertyFormGUI();
1244 $this->form->setFormAction($this->ctrl->getFormAction($this));
1245
1246 $role = new ilRadioGroupInputGUI($this->lng->txt('ldap_ilias_role'), 'role_name');
1247 $role->setInfo($this->lng->txt('ldap_role_name_info'));
1248 $role->setRequired(true);
1249 $this->form->addItem($role);
1250
1251 $global = new ilRadioOption($this->lng->txt('ldap_global_role'), '0');
1252 $role->addOption($global);
1253
1254 $role_select = new ilSelectInputGUI('', 'role_id');
1255 $role_select->setOptions($this->prepareGlobalRoleSelection());
1256 $global->addSubItem($role_select);
1257
1258 $local = new ilRadioOption($this->lng->txt('ldap_local_role'), '1');
1259 $role->addOption($local);
1260
1261 $role_search = new ilRoleAutoCompleteInputGUI('', 'role_search', $this, 'addRoleAutoCompleteObject');
1262 $role_search->setSize(40);
1263 $local->addSubItem($role_search);
1264
1265 $update = new ilNonEditableValueGUI($this->lng->txt('ldap_update_roles'), 'update_roles');
1266 $update->setValue($this->lng->txt('ldap_check_role_assignment'));
1267
1268 $add = new ilCheckboxInputGUI('', 'add_missing');
1269 $add->setOptionTitle($this->lng->txt('ldap_add_missing'));
1270 $update->addSubItem($add);
1271
1272 $remove = new ilCheckboxInputGUI('', 'remove_deprecated');
1273 $remove->setOptionTitle($this->lng->txt('ldap_remove_deprecated'));
1274 $update->addSubItem($remove);
1275
1276 $this->form->addItem($update);
1277
1278 $group = new ilRadioGroupInputGUI($this->lng->txt('ldap_assignment_type'), 'type');
1279 $group->setRequired(true);
1280
1281 $radio_group = new ilRadioOption($this->lng->txt('ldap_role_by_group'), (string) ilLDAPRoleAssignmentRule::TYPE_GROUP);
1282
1283 $dn = new ilTextInputGUI($this->lng->txt('ldap_group_dn'), 'dn');
1284 $dn->setSize(32);
1285 $dn->setMaxLength(512);
1286 $dn->setInfo($this->lng->txt('ldap_role_grp_dn_info'));
1287 $radio_group->addSubItem($dn);
1288 $at = new ilTextInputGUI($this->lng->txt('ldap_role_grp_at'), 'at');
1289 $at->setSize(16);
1290 $at->setMaxLength(128);
1291 $radio_group->addSubItem($at);
1292 $isdn = new ilCheckboxInputGUI($this->lng->txt('ldap_role_grp_isdn'), 'isdn');
1293 $isdn->setInfo($this->lng->txt('ldap_group_member_info'));
1294 $radio_group->addSubItem($isdn);
1295 $radio_group->setInfo($this->lng->txt('ldap_role_grp_info'));
1296
1297 $group->addOption($radio_group);
1298
1299 $radio_attribute = new ilRadioOption($this->lng->txt('ldap_role_by_attribute'), (string) ilLDAPRoleAssignmentRule::TYPE_ATTRIBUTE);
1300 $name = new ilTextInputGUI($this->lng->txt('ldap_role_at_name'), 'name');
1301 $name->setSize(32);
1302 $name->setMaxLength(128);
1303 $radio_attribute->addSubItem($name);
1304
1305 $val = new ilTextInputGUI($this->lng->txt('ldap_role_at_value'), 'value');
1306 $val->setSize(32);
1307 $val->setMaxLength(128);
1308 $radio_attribute->addSubItem($val);
1309 $radio_attribute->setInfo($this->lng->txt('ldap_role_at_info'));
1310
1311 $group->addOption($radio_attribute);
1312
1313 $pl_active = $this->component_repository->getPluginSlotById('ldaphk')->hasActivePlugins();
1314 $pl = new ilRadioOption($this->lng->txt('ldap_plugin'), '3');
1315
1316 $pl->setInfo($this->lng->txt('ldap_plugin_info'));
1317 $pl->setDisabled(!$pl_active);
1318
1319 $id = new ilNumberInputGUI($this->lng->txt('ldap_plugin_id'), 'plugin_id');
1320 $id->setDisabled(!$pl_active);
1321 $id->setSize(3);
1322 $id->setMaxLength(3);
1323 $id->setMaxValue(999);
1324 $id->setMinValue(1);
1325 $pl->addSubItem($id);
1326
1327 $group->addOption($pl);
1328 $this->form->addItem($group);
1329
1330 if ($this->rbacSystem->checkAccess('write', $this->ref_id)) {
1331 switch ($a_mode) {
1332 case 'edit':
1333 $this->form->setTitle($this->lng->txt('ldap_edit_role_ass_rule'));
1334 $this->form->addCommandButton('updateRoleAssignment', $this->lng->txt('save'));
1335 break;
1336 case 'create':
1337 $this->form->setTitle($this->lng->txt('ldap_add_role_ass_rule'));
1338 $this->form->addCommandButton('addRoleAssignment', $this->lng->txt('ldap_btn_add_role_ass'));
1339 break;
1340 }
1341 } else {
1342 foreach ($this->form->getItems() as $item) {
1343 if ($item instanceof ilFormSectionHeaderGUI) {
1344 continue;
1345 }
1346 $item->setDisabled(true);
1347 }
1348 }
1349 }
1350
1351 private function addRoleAutoCompleteObjectCmd(): void
1352 {
1353 ilRoleAutoCompleteInputGUI::echoAutoCompleteList();
1354 }
1355
1356 private function userMappingToolbar(): void
1357 {
1358 $select_form = new ilSelectInputGUI('mapping_template');
1359 $select_form->setPostVar('mapping_template');
1360 $options = [
1361 '' => $this->lng->txt('ldap_mapping_template'),
1362 'inetOrgPerson' => 'inetOrgPerson',
1363 'organizationalPerson' => 'organizationalPerson',
1364 'person' => 'person',
1365 'ad_2003' => 'Active Directory (Win 2003)'
1366 ];
1367 $select_form->setOptions($options);
1368 $select_form->setValue($this->mapping_template);
1369
1370 $this->toolbar->addInputItem($select_form);
1371 $this->toolbar->addFormButton($this->lng->txt('show'), 'chooseMapping');
1372 $this->toolbar->setFormAction($this->ctrl->getFormAction($this, 'chooseMapping'));
1373 }
1374
1375 private function initUserMappingForm(): ilPropertyFormGUI
1376 {
1377 $propertie_form = new ilPropertyFormGUI();
1378 $propertie_form->setTitle($this->lng->txt('ldap_mapping_table'));
1379 $propertie_form->setFormAction($this->ctrl->getFormAction($this, 'saveMapping'));
1380
1381 foreach ($this->getMappingFields() as $mapping => $lang) {
1382 $text_form = new ilTextInputGUI($lang);
1383 $text_form->setPostVar($mapping . '_value');
1384 $text_form->setValue($this->mapping->getValue($mapping));
1385 $text_form->setSize(32);
1386 $text_form->setMaxLength(255);
1387 $propertie_form->addItem($text_form);
1388
1389 $checkbox_form = new ilCheckboxInputGUI('');
1390 $checkbox_form->setPostVar($mapping . '_update');
1391 $checkbox_form->setChecked($this->mapping->enabledUpdate($mapping));
1392 $checkbox_form->setOptionTitle($this->lng->txt('ldap_update_field_info'));
1393 $propertie_form->addItem($checkbox_form);
1394 }
1395
1396 foreach ($this->profile->getFields() as $field) {
1397 if (!$field->isCustom()) {
1398 continue;
1399 }
1400
1401 $text_form = new ilTextInputGUI($field->getLabel($this->lng));
1402 $text_form->setPostVar('udf_' . $field->getIdentifier() . '_value');
1403 $text_form->setValue($this->mapping->getValue('udf_' . $field->getIdentifier()));
1404 $text_form->setSize(32);
1405 $text_form->setMaxLength(255);
1406 $propertie_form->addItem($text_form);
1407
1408 $checkbox_form = new ilCheckboxInputGUI("");
1409 $checkbox_form->setPostVar('udf_' . $field->getIdentifier() . '_update');
1410 $checkbox_form->setChecked($this->mapping->enabledUpdate('udf_' . $field->getIdentifier()));
1411 $checkbox_form->setOptionTitle($this->lng->txt('ldap_update_field_info'));
1412 $propertie_form->addItem($checkbox_form);
1413 }
1414
1415 if ($this->rbacSystem->checkAccess('write', $this->ref_id)) {
1416 $propertie_form->addCommandButton('saveMapping', $this->lng->txt('save'));
1417 } else {
1418 foreach ($propertie_form->getItems() as $item) {
1419 if ($item instanceof ilFormSectionHeaderGUI) {
1420 continue;
1421 }
1422 if ($item instanceof ilRadioGroupInputGUI) {
1423 $item->setDisabled(true);
1424 }
1425 $item->setDisabled(true);
1426 }
1427 }
1428
1429 return $propertie_form;
1430 }
1431
1432 private function roleMappingCmd(): void
1433 {
1434 $this->checkAccess('read');
1435
1436 $this->setSubTabs();
1437 $this->tabs_gui->setTabActive('role_mapping');
1438
1439 $propertie_form = new ilPropertyFormGUI();
1440 $propertie_form->setTitle($this->lng->txt('ldap_role_settings'));
1441 $propertie_form->setFormAction($this->ctrl->getFormAction($this, 'saveSyncronizationSettings'));
1442 $role_active = new ilCheckboxInputGUI($this->lng->txt('ldap_role_active'));
1443 $role_active->setPostVar('role_sync_active');
1444 $role_active->setChecked($this->server->enabledRoleSynchronization());
1445 $propertie_form->addItem($role_active);
1446 $binding = new ilCombinationInputGUI($this->lng->txt('ldap_server_binding'));
1447 $binding->setInfo($this->lng->txt('ldap_role_bind_user_info'));
1448 $user = new ilTextInputGUI('');
1449 $user->setPostVar('role_bind_user');
1450 $user->setValue($this->server->getRoleBindDN());
1451 $user->setSize(50);
1452 $user->setMaxLength(255);
1453 $binding->addCombinationItem('0', $user, $this->lng->txt('ldap_role_bind_user'));
1454
1455 $pass = new ilPasswordInputGUI('');
1456 $pass->setPostVar('role_bind_pass');
1457 $pass->setValue($this->server->getRoleBindPassword());
1458 $pass->setSize(12);
1459 $pass->setMaxLength(100);
1460 $pass->setRetype(false);
1461 $binding->addCombinationItem('1', $pass, $this->lng->txt('ldap_role_bind_pass'));
1462
1463 $propertie_form->addItem($binding);
1464
1465 if ($this->rbacSystem->checkAccess('write', $this->ref_id)) {
1466 $this->toolbar->addButton(
1467 $this->lng->txt('ldap_new_role_assignment'),
1468 $this->ctrl->getLinkTarget($this, 'addRoleMapping')
1469 );
1470 $propertie_form->addCommandButton('saveSyncronizationSettings', $this->lng->txt('save'));
1471 } else {
1472 foreach ($propertie_form->getItems() as $item) {
1473 if ($item instanceof ilFormSectionHeaderGUI) {
1474 continue;
1475 }
1476 $item->setDisabled(true);
1477 }
1478 }
1479
1480 $this->tpl->addBlockFile('ADM_CONTENT', 'adm_content', 'tpl.ldap_role_mappings.html', 'components/ILIAS/LDAP');
1481 $this->tpl->setVariable('NEW_ASSIGNMENT_TBL', $propertie_form->getHTML());
1482
1483 $this->tpl->setVariable(
1484 'RULES_TBL',
1485 $this->ui_renderer->render((new LDAPRoleMappingTable(
1486 $this->http->request(),
1487 $this->lng,
1488 $this->ui_factory,
1489 $this->server->getServerId(),
1490 $this->object_data_cache,
1491 $this->rbacReview,
1492 (new Factory())
1493 ->uri(ilUtil::_getHttpPath() . '/' . $this->ctrl->getLinkTarget($this, 'handleRoleMappingTableActions')),
1494 $this->rbacSystem->checkAccess('write', $this->ref_id),
1495 ))->getComponent())
1496 );
1497 }
1498
1499 private function editRoleMapping(): void
1500 {
1501 $mapping = new ilLDAPRoleGroupMappingSetting($this->mapping_id);
1502 $mapping->read();
1503
1504 $propertie_form = $this->initRoleMappingForm('updateRoleMapping');
1505 $propertie_form->setTitle($this->lng->txt('ldap_edit_role_assignment'));
1506 if ($propertie_form->getItemByPostVar('url')) {
1507 $propertie_form->getItemByPostVar('url')->setValue($mapping->getURL());
1508 }
1509 if ($propertie_form->getItemByPostVar('dn')) {
1510 $propertie_form->getItemByPostVar('dn')->setValue($mapping->getDN());
1511 }
1512 if ($propertie_form->getItemByPostVar('member')) {
1513 $propertie_form->getItemByPostVar('member')->setValue($mapping->getMemberAttribute());
1514 }
1515 if ($propertie_form->getItemByPostVar('memberisdn')) {
1516 $propertie_form->getItemByPostVar('memberisdn')->setChecked($mapping->getMemberISDN());
1517 }
1518 if ($propertie_form->getItemByPostVar('role')) {
1519 $propertie_form->getItemByPostVar('role')->setValue($mapping->getRoleName());
1520 }
1521 if ($propertie_form->getItemByPostVar('info')) {
1522 $propertie_form->getItemByPostVar('info')->setValue($mapping->getMappingInfo());
1523 }
1524 if ($propertie_form->getItemByPostVar('info_type')) {
1525 $propertie_form->getItemByPostVar('info_type')->setChecked($mapping->getMappingInfoType());
1526 }
1527
1528 $this->tpl->setContent($propertie_form->getHTML());
1529 }
1530
1531 private function createRoleMappingCmd(): void
1532 {
1533 $this->checkAccess('write');
1534
1535 $propertie_form = $this->initRoleMappingForm('createRoleMapping');
1536 if ($propertie_form->checkInput() && $this->rbacReview->roleExists($propertie_form->getInput('role'))) {
1537 $mapping = new ilLDAPRoleGroupMappingSetting(0);
1538 $mapping->setServerId($this->server->getServerId());
1539 $mapping->setURL($propertie_form->getInput('url'));
1540 $mapping->setDN($propertie_form->getInput('dn'));
1541 $mapping->setMemberAttribute($propertie_form->getInput('member'));
1542 $mapping->setMemberISDN((bool) $propertie_form->getInput('memberisdn'));
1543 $mapping->setRoleByName($propertie_form->getInput('role'));
1544 $mapping->setMappingInfo($propertie_form->getInput('info'));
1545 $mapping->setMappingInfoType((bool) $propertie_form->getInput('info_type'));
1546 $mapping->save();
1547
1548 $this->main_tpl->setOnScreenMessage('success', $this->lng->txt('settings_saved'), true);
1549 $this->ctrl->redirect($this, 'roleMapping');
1550 } else {
1551 if (!$this->rbacReview->roleExists($propertie_form->getInput('role'))) {
1552 $this->main_tpl->setOnScreenMessage('failure', $this->lng->txt('ldap_role_not_exists') . ' ' .
1553 $propertie_form->getInput('role'));
1554 }
1555 $propertie_form->setValuesByPost();
1556
1557 $this->tpl->setContent($propertie_form->getHTML());
1558 }
1559 }
1560
1561 private function confirmDeleteRoleMapping(): void
1562 {
1563 $this->checkAccess('write');
1564
1565 if (!$this->mappings) {
1566 $this->main_tpl->setOnScreenMessage('failure', $this->lng->txt('select_one'), true);
1567 $this->ctrl->redirect($this, 'roleMapping');
1568 return;
1569 }
1570
1571 $this->setSubTabs();
1572 $this->tabs_gui->activateTab('role_mapping');
1573
1574 $c_gui = new ilConfirmationGUI();
1575 $c_gui->setFormAction($this->ctrl->getFormAction($this, 'deleteRoleMapping'));
1576 $c_gui->setHeaderText($this->lng->txt('ldap_confirm_del_role_ass'));
1577 $c_gui->setCancel($this->lng->txt('cancel'), 'roleMapping');
1578 $c_gui->setConfirm($this->lng->txt('confirm'), 'deleteRoleMapping');
1579
1580 foreach ($this->mappings as $id) {
1581 $mapping = new ilLDAPRoleGroupMappingSetting($id);
1582 $mapping->read();
1583 $txt = $this->lng->txt('obj_role') . ': ' . $mapping->getRoleName() . ', ';
1584 $txt .= $this->lng->txt('ldap_group_dn') . ': ' . $mapping->getDN() . ', ';
1585 $txt .= $this->lng->txt('ldap_server_short') . ' ' . $mapping->getURL() . ', ';
1586 $txt .= $this->lng->txt('ldap_group_member_short') . ' ' . $mapping->getMemberAttribute();
1587 $c_gui->addItem('mappings[]', (string) $id, $txt);
1588 }
1589
1590 $this->tpl->setContent($c_gui->getHTML());
1591 }
1592
1593 private function addServerSettingsCmd(): void
1594 {
1595 $this->checkAccess('write');
1596
1597 $this->ctrl->clearParameters($this);
1598
1599 $this->initForm();
1600
1601 $this->tpl->setContent($this->form_gui->getHTML());
1602 }
1603
1604 private function editServerSettingsCmd(): void
1605 {
1606 $this->checkAccess('read');
1607
1608 $this->setSubTabs();
1609 $this->tabs_gui->setTabActive('settings');
1610
1611 $this->initForm();
1612 $this->setServerFormValues();
1613
1614 $this->tpl->setContent($this->form_gui->getHTML());
1615 }
1616
1617 private function confirmDeleteServerSettings(): void
1618 {
1619 $this->checkAccess('write');
1620
1621 if (!$this->ldap_server_id) {
1622 $this->main_tpl->setOnScreenMessage('failure', $this->lng->txt('select_one'));
1623 $this->serverListCmd();
1624 return;
1625 }
1626
1627 $c_gui = new ilConfirmationGUI();
1628 $c_gui->setFormAction($this->ctrl->getFormAction($this, 'deleteServerSettings'));
1629 $c_gui->setHeaderText($this->lng->txt('ldap_confirm_del_server_settings'));
1630 $c_gui->setCancel($this->lng->txt('cancel'), 'serverList');
1631 $c_gui->setConfirm($this->lng->txt('confirm'), 'deleteServerSettings');
1632 $setting = new ilLDAPServer($this->ldap_server_id);
1633 $c_gui->addItem('server_ids[]', (string) $setting->getServerId(), $setting->getName());
1634
1635 $this->tpl->setContent($c_gui->getHTML());
1636 }
1637
1638 private function deleteServerSettingsCmd(): void
1639 {
1640 $this->checkAccess('write');
1641
1642 if (!$this->server_ids) {
1643 $this->main_tpl->setOnScreenMessage('failure', $this->lng->txt('select_one'));
1644 $this->serverListCmd();
1645 return;
1646 }
1647
1648 foreach ($this->server_ids as $server_id) {
1649 $setting = new ilLDAPServer($server_id);
1650 $setting->delete();
1651 }
1652
1653 $this->main_tpl->setOnScreenMessage('success', $this->lng->txt('deleted'), true);
1654 $this->ctrl->redirect($this, 'serverlist');
1655 }
1656
1657 private function userMappingCmd(): void
1658 {
1659 $this->initAttributeMapping();
1660
1661 $this->setSubTabs();
1662 $this->tabs_gui->activateTab('user_mapping');
1663 $this->userMappingToolbar();
1664
1665 $propertie_form = $this->initUserMappingForm();
1666
1667 $this->tpl->setContent($propertie_form->getHTML());
1668 }
1669
1670 private function activateServer(): void
1671 {
1672 $this->checkAccess('write');
1673
1674 $this->server->toggleActive(true);
1675 $this->server->update();
1676
1677 $this->tpl->setOnScreenMessage($this->tpl::MESSAGE_TYPE_SUCCESS, $this->lng->txt('saved_successfully'), true);
1678 $this->ctrl->setParameter($this, 'ldap_server_id', null);
1679 $this->ctrl->redirect($this, 'serverList');
1680 }
1681
1682 private function deactivateServer(): void
1683 {
1684 $this->checkAccess('write');
1685
1686 $this->server->toggleActive(false);
1687 $this->server->update();
1688
1689 $this->tpl->setOnScreenMessage($this->tpl::MESSAGE_TYPE_SUCCESS, $this->lng->txt('saved_successfully'), true);
1690 $this->ctrl->setParameter($this, 'ldap_server_id', null);
1691 $this->ctrl->redirect($this, 'serverList');
1692 }
1693
1694 private function initRoleMappingForm(string $command): ilPropertyFormGUI
1695 {
1696 $this->setSubTabs();
1697 $this->tabs_gui->activateTab('role_mapping');
1698
1699 if ($this->mapping_id) {
1700 $this->ctrl->setParameter($this, 'mapping_id', $this->mapping_id);
1701 }
1702
1703 $propertie_form = new ilPropertyFormGUI();
1704 $propertie_form->setTitle($this->lng->txt('ldap_mapping_table'));
1705 $propertie_form->setFormAction($this->ctrl->getFormAction($this, $command));
1706
1707 $url = new ilTextInputGUI($this->lng->txt('ldap_server'));
1708 $url->setPostVar('url');
1709 $url->setSize(50);
1710 $url->setMaxLength(255);
1711 $url->setRequired(true);
1712
1713 $group_dn = new ilTextInputGUI($this->lng->txt('ldap_group_dn'));
1714 $group_dn->setPostVar('dn');
1715 $group_dn->setSize(50);
1716 $group_dn->setMaxLength(255);
1717 $group_dn->setInfo($this->lng->txt('ldap_dn_info'));
1718 $group_dn->setRequired(true);
1719
1720 $member = new ilTextInputGUI($this->lng->txt('ldap_group_member'));
1721 $member->setPostVar('member');
1722 $member->setSize(32);
1723 $member->setMaxLength(255);
1724 $member->setInfo($this->lng->txt('ldap_member_info'));
1725 $member->setRequired(true);
1726
1727 $member_isdn = new ilCheckboxInputGUI('');
1728 $member_isdn->setPostVar('memberisdn');
1729 $member_isdn->setOptionTitle($this->lng->txt('ldap_memberisdn'));
1730
1731 $role = new ilTextInputGUI($this->lng->txt('ldap_ilias_role'));
1732 $role->setPostVar('role');
1733 $role->setSize(32);
1734 $role->setMaxLength(255);
1735 $role->setInfo($this->lng->txt('ldap_role_info'));
1736 $role->setRequired(true);
1737
1738 $info = new ilTextAreaInputGUI($this->lng->txt('ldap_info_text'));
1739 $info->setPostVar('info');
1740 $info->setCols(50);
1741 $info->setRows(3);
1742 $info->setInfo($this->lng->txt('ldap_info_text_info'));
1743
1744 $info_type = new ilCheckboxInputGUI('');
1745 $info_type->setPostVar('info_type');
1746 $info_type->setOptionTitle($this->lng->txt('ldap_mapping_info_type'));
1747
1748 $propertie_form->addItem($url);
1749 $propertie_form->addItem($group_dn);
1750 $propertie_form->addItem($member);
1751 $propertie_form->addItem($member_isdn);
1752 $propertie_form->addItem($role);
1753 $propertie_form->addItem($info);
1754 $propertie_form->addItem($info_type);
1755
1756 if ($this->rbacSystem->checkAccess('write', $this->ref_id)) {
1757 $propertie_form->addCommandButton($command, $this->lng->txt('save'));
1758 } else {
1759 foreach ($propertie_form->getItems() as $item) {
1760 if ($item instanceof ilFormSectionHeaderGUI) {
1761 continue;
1762 }
1763
1764 $item->setDisabled(true);
1765 }
1766 }
1767 $propertie_form->addCommandButton('roleMapping', $this->lng->txt('cancel'));
1768
1769 return $propertie_form;
1770 }
1771
1772 private function addRoleMappingCmd(): void
1773 {
1774 $propertie_form = $this->initRoleMappingForm('createRoleMapping');
1775 if ($propertie_form->getItemByPostVar('url')) {
1776 $propertie_form->getItemByPostVar('url')->setValue($this->server->getUrl());
1777 }
1778
1779 if ($this->mapping_id) {
1780 $mapping = new ilLDAPRoleGroupMappingSetting($this->mapping_id);
1781 $mapping->read();
1782 if ($propertie_form->getItemByPostVar('url')) {
1783 $propertie_form->getItemByPostVar('url')->setValue($mapping->getURL());
1784 }
1785 if ($propertie_form->getItemByPostVar('dn')) {
1786 $propertie_form->getItemByPostVar('dn')->setValue($mapping->getDN());
1787 }
1788 if ($propertie_form->getItemByPostVar('member')) {
1789 $propertie_form->getItemByPostVar('member')->setValue($mapping->getMemberAttribute());
1790 }
1791 if ($propertie_form->getItemByPostVar('memberisdn')) {
1792 $propertie_form->getItemByPostVar('memberisdn')->setChecked($mapping->getMemberISDN());
1793 }
1794 if ($propertie_form->getItemByPostVar('role')) {
1795 $propertie_form->getItemByPostVar('role')->setValue($mapping->getRoleName());
1796 }
1797 if ($propertie_form->getItemByPostVar('info')) {
1798 $propertie_form->getItemByPostVar('info')->setValue($mapping->getMappingInfo());
1799 }
1800 if ($propertie_form->getItemByPostVar('info_type')) {
1801 $propertie_form->getItemByPostVar('info_type')->setChecked($mapping->getMappingInfoType());
1802 }
1803 }
1804
1805 $this->tpl->setContent($propertie_form->getHTML());
1806 }
1807
1808 private function updateRoleMappingCmd(): void
1809 {
1810 $this->checkAccess('write');
1811 $propertie_form = $this->initRoleMappingForm('updateRoleMapping');
1812
1813 if ($propertie_form->checkInput() &&
1814 $this->rbacReview->roleExists($propertie_form->getInput('role'))) {
1815 $mapping = new ilLDAPRoleGroupMappingSetting($this->mapping_id);
1816 $mapping->setServerId($this->server->getServerId());
1817 $mapping->setURL($propertie_form->getInput('url'));
1818 $mapping->setDN($propertie_form->getInput('dn'));
1819 $mapping->setMemberAttribute($propertie_form->getInput('member'));
1820 $mapping->setMemberISDN((bool) $propertie_form->getInput('memberisdn'));
1821 $mapping->setRoleByName($propertie_form->getInput('role'));
1822 $mapping->setMappingInfo($propertie_form->getInput('info'));
1823 $mapping->setMappingInfoType((bool) $propertie_form->getInput('info_type'));
1824 $mapping->update();
1825
1826 $this->main_tpl->setOnScreenMessage('success', $this->lng->txt('settings_saved'), true);
1827 $this->ctrl->redirect($this, 'roleMapping');
1828 } else {
1829 if (!$this->rbacReview->roleExists($propertie_form->getInput('role'))) {
1830 $this->main_tpl->setOnScreenMessage(
1831 'failure',
1832 $this->lng->txt('ldap_role_not_exists') . ' ' . $propertie_form->getInput('role')
1833 );
1834 }
1835 $propertie_form->setValuesByPost();
1836
1837 $this->tpl->setContent($propertie_form->getHTML());
1838 }
1839 }
1840
1841 private function saveSyncronizationSettingsCmd(): void
1842 {
1843 $this->checkAccess('write');
1844
1845 $this->server->setRoleBindDN($this->role_bind_user);
1846 $this->server->setRoleBindPassword($this->role_bind_pass);
1847 $this->server->enableRoleSynchronization($this->role_sync_active);
1848
1849 if ($this->server->getServerId()) {
1850 $this->server->update();
1851 }
1852
1853 $this->main_tpl->setOnScreenMessage('success', $this->lng->txt('settings_saved'), true);
1854 $this->ctrl->redirect($this, 'roleMapping');
1855 }
1856
1857 public function getUnsafeGetCommands(): array
1858 {
1859 return [
1860 'handleServerTableActions',
1861 'handleRoleAssignmentTableActions',
1862 'handleRoleMappingTableActions',
1863 ];
1864 }
1865
1866 public function getSafePostCommands(): array
1867 {
1868 return [];
1869 }
1870}
$version
$version
Definition: plugin.php:24
$id
$id
plugin.php for ilComponentBuildPluginInfoObjectiveTest::testAddPlugins
Definition: plugin.php:23
ILIAS\Data\Factory
Builds data types.
Definition: Factory.php:36
ilAccess
Class ilAccessHandler Checks access for ILIAS objects.
Definition: class.ilAccess.php:28
ilAccess\checkAccess
checkAccess(string $a_permission, string $a_cmd, int $a_ref_id, string $a_type="", ?int $a_obj_id=null, ?int $a_tree_id=null)
check access for an object (provide $a_type and $a_obj_id if available for better performance)
Definition: class.ilAccess.php:193
ilAdministrationSettingsFormHandler\addFieldsToForm
static addFieldsToForm(int $a_form_id, ilPropertyFormGUI $a_form, ilObjectGUI $a_parent_gui)
Definition: class.ilAdministrationSettingsFormHandler.php:116
ilCheckboxInputGUI
This class represents a checkbox property in a property form.
Definition: class.ilCheckboxInputGUI.php:28
ilCombinationInputGUI
This class represents a number property in a property form.
Definition: class.ilCombinationInputGUI.php:28
ilConfirmationGUI
This file is part of ILIAS, a powerful learning management system published by ILIAS open source e-Le...
Definition: class.ilConfirmationGUI.php:27
ilCtrl
Class ilCtrl provides processing control methods.
Definition: class.ilCtrl.php:36
ilCustomInputGUI
This class represents a custom property in a property form.
Definition: class.ilCustomInputGUI.php:29
ilErrorHandling
Error Handling & global info handling.
Definition: class.ilErrorHandling.php:38
ilFormSectionHeaderGUI
This class represents a section header in a property form.
Definition: class.ilFormSectionHeaderGUI.php:28
ilLDAPAttributeMappingUtils\_getMappingRulesByClass
static _getMappingRulesByClass(string $a_class)
Get mapping rule by objectClass.
Definition: class.ilLDAPAttributeMappingUtils.php:33
ilLDAPAttributeMapping
This class stores the settings that define the mapping between LDAP attribute and user profile fields...
Definition: class.ilLDAPAttributeMapping.php:27
ilLDAPAttributeMapping\_lookupGlobalRole
static _lookupGlobalRole(int $a_server_id)
Definition: class.ilLDAPAttributeMapping.php:65
ilLDAPAttributeMapping\_getInstanceByServerId
static _getInstanceByServerId(int $a_server_id)
Definition: class.ilLDAPAttributeMapping.php:45
ilLDAPAttributeMapping\save
save()
Save mapping rules to db.
Definition: class.ilLDAPAttributeMapping.php:177
ilLDAPAttributeMapping\read
read()
Read mapping settings from db.
Definition: class.ilLDAPAttributeMapping.php:233
ilLDAPRoleAssignmentRule\_getRules
static _getRules($a_server_id)
Get all rules.
Definition: class.ilLDAPRoleAssignmentRule.php:202
ilLDAPRoleAssignmentRule\_getInstanceByRuleId
static _getInstanceByRuleId(int $a_rule_id)
Definition: class.ilLDAPRoleAssignmentRule.php:64
ilLDAPRoleGroupMappingSettings\_getInstanceByServerId
static _getInstanceByServerId(int $a_server_id)
Get instance of class.
Definition: class.ilLDAPRoleGroupMappingSettings.php:59
ilLDAPServer\_getServerList
static _getServerList()
Get list of all configured servers.
Definition: class.ilLDAPServer.php:224
ilLDAPServer\checkLDAPLib
static checkLDAPLib()
Check if ldap module is installed.
Definition: class.ilLDAPServer.php:126
ilLDAPServer\_getAllServer
static _getAllServer()
Get list of all configured servers.
Definition: class.ilLDAPServer.php:266
ilLDAPSettingsGUI\checkAccess
checkAccess(string $permission)
Definition: class.ilLDAPSettingsGUI.php:258
ilLDAPSettingsGUI\$role_mapping_rule
ilLDAPRoleAssignmentRule $role_mapping_rule
Definition: class.ilLDAPSettingsGUI.php:44
ilLDAPSettingsGUI\$http
readonly ILIAS HTTP GlobalHttpState $http
Definition: class.ilLDAPSettingsGUI.php:64
ilLDAPSettingsGUI\loadRoleAssignmentRule
loadRoleAssignmentRule(int $a_rule_id, bool $load_from_form=true)
Definition: class.ilLDAPSettingsGUI.php:578
ilLDAPSettingsGUI\getUnsafeGetCommands
getUnsafeGetCommands()
This method must return a list of unsafe GET commands.
Definition: class.ilLDAPSettingsGUI.php:1857
ilLDAPSettingsGUI\$ui_factory
readonly ILIAS UI Factory $ui_factory
Definition: class.ilLDAPSettingsGUI.php:62
ilLDAPSettingsGUI\$component_repository
ilComponentRepository $component_repository
Definition: class.ilLDAPSettingsGUI.php:43
ilLDAPSettingsGUI\initRoleMappingForm
initRoleMappingForm(string $command)
Definition: class.ilLDAPSettingsGUI.php:1694
ilLDAPSettingsGUI\$role_mapping
ilLDAPRoleGroupMappingSettings $role_mapping
Definition: class.ilLDAPSettingsGUI.php:46
ilLDAPSettingsGUI\checkRoleAssignmentInput
checkRoleAssignmentInput(int $a_rule_id=0)
Definition: class.ilLDAPSettingsGUI.php:550
ilLDAPSettingsGUI\$refinery
readonly ILIAS Refinery Factory $refinery
Definition: class.ilLDAPSettingsGUI.php:65
ilLDAPSettingsGUI\$form_gui
ilPropertyFormGUI $form_gui
Definition: class.ilLDAPSettingsGUI.php:30
ilLDAPSettingsGUI\$ui_renderer
readonly ILIAS UI Renderer $ui_renderer
Definition: class.ilLDAPSettingsGUI.php:63
ilLDAPSettingsGUI\__construct
__construct(int $a_auth_ref_id)
Definition: class.ilLDAPSettingsGUI.php:69
ilLDAPSettingsGUI\$object_data_cache
readonly ilObjectDataCache $object_data_cache
Definition: class.ilLDAPSettingsGUI.php:66
ilLDAPSettingsGUI\initFormRoleAssignments
initFormRoleAssignments(string $a_mode)
Definition: class.ilLDAPSettingsGUI.php:1241
ilLDAPSettingsGUI\$tpl
ilGlobalTemplateInterface $tpl
Definition: class.ilLDAPSettingsGUI.php:36
ilLDAPSettingsGUI\getSafePostCommands
getSafePostCommands()
This method must return a list of safe POST commands.
Definition: class.ilLDAPSettingsGUI.php:1866
ilLDAPSettingsGUI\$mapping
ilLDAPAttributeMapping $mapping
Definition: class.ilLDAPSettingsGUI.php:29
ilLDAPSettingsGUI\$main_tpl
ilGlobalTemplateInterface $main_tpl
Definition: class.ilLDAPSettingsGUI.php:42
ilLDAPSettingsGUI\$rule
ilLDAPRoleAssignmentRule $rule
Definition: class.ilLDAPSettingsGUI.php:45
ilLanguage
language handling
Definition: class.ilLanguage.php:43
ilNonEditableValueGUI
This class represents a non editable value in a property form.
Definition: class.ilNonEditableValueGUI.php:28
ilNumberInputGUI
This class represents a number property in a property form.
Definition: class.ilNumberInputGUI.php:28
ilObjectDataCache
class ilObjectDataCache
Definition: class.ilObjectDataCache.php:30
ilObject\_lookupTitle
static _lookupTitle(int $obj_id)
Definition: class.ilObject.php:847
ilPasswordInputGUI
This class represents a password property in a property form.
Definition: class.ilPasswordInputGUI.php:28
ilPropertyFormGUI
This class represents a property form user interface.
Definition: class.ilPropertyFormGUI.php:32
ilRadioGroupInputGUI
This class represents a property in a property form.
Definition: class.ilRadioGroupInputGUI.php:28
ilRadioOption
This class represents an option in a radio group.
Definition: class.ilRadioOption.php:28
ilRbacReview
class ilRbacReview Contains Review functions of core Rbac.
Definition: class.ilRbacReview.php:34
ilRbacSystem
class ilRbacSystem system function like checkAccess, addActiveRole ... Supporting system functions ar...
Definition: class.ilRbacSystem.php:34
ilRoleAutoCompleteInputGUI
This class represents a role + autocomplete feature form input.
Definition: class.ilRoleAutoCompleteInputGUI.php:28
ilRoleAutoCompleteInputGUI\echoAutoCompleteList
static echoAutoCompleteList()
Static asynchronous default auto complete function.
Definition: class.ilRoleAutoCompleteInputGUI.php:58
ilSelectInputGUI
This class represents a selection list property in a property form.
Definition: class.ilSelectInputGUI.php:28
ilSession\get
static get(string $a_var)
Definition: class.ilSession.php:394
ilSession\set
static set(string $a_var, $a_val)
Set a value.
Definition: class.ilSession.php:386
ilTabsGUI
This file is part of ILIAS, a powerful learning management system published by ILIAS open source e-Le...
Definition: class.ilTabsGUI.php:26
ilTextAreaInputGUI
This class represents a text area property in a property form.
Definition: class.ilTextAreaInputGUI.php:28
ilTextInputGUI
This class represents a text property in a property form.
Definition: class.ilTextInputGUI.php:28
ilToolbarGUI
This file is part of ILIAS, a powerful learning management system published by ILIAS open source e-Le...
Definition: class.ilToolbarGUI.php:28
ilUtil\_getHttpPath
static _getHttpPath()
Definition: class.ilUtil.php:1328
ilUtil\stripSlashes
static stripSlashes(string $a_str, bool $a_strip_html=true, string $a_allow="")
Definition: class.ilUtil.php:397
ilUtil\_sortIds
static _sortIds(array $a_ids, string $a_table, string $a_field, string $a_id_name)
Function that sorts ids by a given table field using WHERE IN E.g: __sort(array(6,...
Definition: class.ilUtil.php:1219
$info
$info
Definition: entry_point.php:21
ilAccessHandler
Interface ilAccessHandler This interface combines all available interfaces which can be called via gl...
Definition: interface.ilAccessHandler.php:27
ilComponentRepository
Readable part of repository interface to ilComponentDataDB.
Definition: class.ilComponentRepository.php:25
ilCtrlSecurityInterface
This file is part of ILIAS, a powerful learning management system published by ILIAS open source e-Le...
Definition: interface.ilCtrlSecurityInterface.php:30
$res
$res
Definition: ltiservices.php:69
ILIAS\FileDelivery\http
static http()
Fetches the global http state from ILIAS.
Definition: HttpServiceAware.php:55
ILIAS\Repository\form
form(?array $class_path, string $cmd, string $submit_caption="")
Definition: trait.GlobalDICGUIServices.php:138
$DIC
global $DIC
Definition: shib_login.php:26
$url
$url
Definition: shib_logout.php:70