/**
* Connect to the LDAP server, using the plugin configured
* settings. It's actually a wrapper around ldap_connect_moodle()
*
* @param progress_trace $trace
* @return bool success
*/
protected function ldap_connect(progress_trace $trace = null)
{
global $CFG;
require_once $CFG->libdir . '/ldaplib.php';
if (isset($this->ldapconnection)) {
return true;
}
if ($ldapconnection = ldap_connect_moodle($this->get_config('host_url'), $this->get_config('ldap_version'), $this->get_config('user_type'), $this->get_config('bind_dn'), $this->get_config('bind_pw'), $this->get_config('opt_deref'), $debuginfo, $this->get_config('start_tls'))) {
$this->ldapconnection = $ldapconnection;
return true;
}
if ($trace) {
$trace->output($debuginfo);
} else {
error_log($this->errorlogtag . $debuginfo);
}
return false;
}
public function test_enrol_ldap()
{
global $CFG, $DB;
if (!extension_loaded('ldap')) {
$this->markTestSkipped('LDAP extension is not loaded.');
}
$this->resetAfterTest();
require_once $CFG->dirroot . '/enrol/ldap/lib.php';
require_once $CFG->libdir . '/ldaplib.php';
if (!defined('TEST_ENROL_LDAP_HOST_URL') or !defined('TEST_ENROL_LDAP_BIND_DN') or !defined('TEST_ENROL_LDAP_BIND_PW') or !defined('TEST_ENROL_LDAP_DOMAIN')) {
$this->markTestSkipped('External LDAP test server not configured.');
}
// Make sure we can connect the server.
$debuginfo = '';
if (!($connection = ldap_connect_moodle(TEST_ENROL_LDAP_HOST_URL, 3, 'rfc2307', TEST_ENROL_LDAP_BIND_DN, TEST_ENROL_LDAP_BIND_PW, LDAP_DEREF_NEVER, $debuginfo, false))) {
$this->markTestSkipped('Can not connect to LDAP test server: ' . $debuginfo);
}
$this->enable_plugin();
// Create new empty test container.
$topdn = 'dc=moodletest,' . TEST_ENROL_LDAP_DOMAIN;
$this->recursive_delete($connection, TEST_ENROL_LDAP_DOMAIN, 'dc=moodletest');
$o = array();
$o['objectClass'] = array('dcObject', 'organizationalUnit');
$o['dc'] = 'moodletest';
$o['ou'] = 'MOODLETEST';
if (!ldap_add($connection, 'dc=moodletest,' . TEST_ENROL_LDAP_DOMAIN, $o)) {
$this->markTestSkipped('Can not create test LDAP container.');
}
// Configure enrol plugin.
/** @var enrol_ldap_plugin $enrol */
$enrol = enrol_get_plugin('ldap');
$enrol->set_config('host_url', TEST_ENROL_LDAP_HOST_URL);
$enrol->set_config('start_tls', 0);
$enrol->set_config('ldap_version', 3);
$enrol->set_config('ldapencoding', 'utf-8');
$enrol->set_config('page_size', '2');
$enrol->set_config('bind_dn', TEST_ENROL_LDAP_BIND_DN);
$enrol->set_config('bind_pw', TEST_ENROL_LDAP_BIND_PW);
$enrol->set_config('course_search_sub', 0);
$enrol->set_config('memberattribute_isdn', 0);
$enrol->set_config('user_contexts', '');
$enrol->set_config('user_search_sub', 0);
$enrol->set_config('user_type', 'rfc2307');
$enrol->set_config('opt_deref', LDAP_DEREF_NEVER);
$enrol->set_config('objectclass', '(objectClass=posixGroup)');
$enrol->set_config('course_idnumber', 'cn');
$enrol->set_config('course_shortname', 'cn');
$enrol->set_config('course_fullname', 'cn');
$enrol->set_config('course_summary', '');
$enrol->set_config('ignorehiddencourses', 0);
$enrol->set_config('nested_groups', 0);
$enrol->set_config('autocreate', 0);
$enrol->set_config('unenrolaction', ENROL_EXT_REMOVED_KEEP);
$roles = get_all_roles();
foreach ($roles as $role) {
$enrol->set_config('contexts_role' . $role->id, '');
$enrol->set_config('memberattribute_role' . $role->id, '');
}
// Create group for teacher enrolments.
$teacherrole = $DB->get_record('role', array('shortname' => 'teacher'));
$this->assertNotEmpty($teacherrole);
$o = array();
$o['objectClass'] = array('organizationalUnit');
$o['ou'] = 'teachers';
ldap_add($connection, 'ou=teachers,' . $topdn, $o);
$enrol->set_config('contexts_role' . $teacherrole->id, 'ou=teachers,' . $topdn);
$enrol->set_config('memberattribute_role' . $teacherrole->id, 'memberuid');
// Create group for student enrolments.
$studentrole = $DB->get_record('role', array('shortname' => 'student'));
$this->assertNotEmpty($studentrole);
$o = array();
$o['objectClass'] = array('organizationalUnit');
$o['ou'] = 'students';
ldap_add($connection, 'ou=students,' . $topdn, $o);
$enrol->set_config('contexts_role' . $studentrole->id, 'ou=students,' . $topdn);
$enrol->set_config('memberattribute_role' . $studentrole->id, 'memberuid');
// Create some users and courses.
$user1 = $this->getDataGenerator()->create_user(array('idnumber' => 'user1', 'username' => 'user1'));
$user2 = $this->getDataGenerator()->create_user(array('idnumber' => 'user2', 'username' => 'user2'));
$user3 = $this->getDataGenerator()->create_user(array('idnumber' => 'user3', 'username' => 'user3'));
$user4 = $this->getDataGenerator()->create_user(array('idnumber' => 'user4', 'username' => 'user4'));
$user5 = $this->getDataGenerator()->create_user(array('idnumber' => 'user5', 'username' => 'user5'));
$user6 = $this->getDataGenerator()->create_user(array('idnumber' => 'user6', 'username' => 'user6'));
$course1 = $this->getDataGenerator()->create_course(array('idnumber' => 'course1', 'shortname' => 'course1'));
$course2 = $this->getDataGenerator()->create_course(array('idnumber' => 'course2', 'shortname' => 'course2'));
$course3 = $this->getDataGenerator()->create_course(array('idnumber' => 'course3', 'shortname' => 'course3'));
// Set up some ldap data.
$o = array();
$o['objectClass'] = array('posixGroup');
$o['cn'] = 'course1';
$o['gidNumber'] = '1';
$o['memberUid'] = array('user1', 'user2', 'user3', 'userx');
ldap_add($connection, 'cn=' . $o['cn'] . ',ou=students,' . $topdn, $o);
$o = array();
$o['objectClass'] = array('posixGroup');
$o['cn'] = 'course1';
$o['gidNumber'] = '2';
$o['memberUid'] = array('user5');
ldap_add($connection, 'cn=' . $o['cn'] . ',ou=teachers,' . $topdn, $o);
$o = array();
$o['objectClass'] = array('posixGroup');
$o['cn'] = 'course2';
$o['gidNumber'] = '3';
$o['memberUid'] = array('user1', 'user2', 'user3', 'user4');
ldap_add($connection, 'cn=' . $o['cn'] . ',ou=students,' . $topdn, $o);
$o = array();
$o['objectClass'] = array('posixGroup');
$o['cn'] = 'course4';
$o['gidNumber'] = '4';
$o['memberUid'] = array('user1', 'user2');
ldap_add($connection, 'cn=' . $o['cn'] . ',ou=students,' . $topdn, $o);
$o = array();
$o['objectClass'] = array('posixGroup');
$o['cn'] = 'course4';
$o['gidNumber'] = '5';
$o['memberUid'] = array('user5', 'user6');
ldap_add($connection, 'cn=' . $o['cn'] . ',ou=teachers,' . $topdn, $o);
// Test simple test without creation.
$this->assertEquals(0, $DB->count_records('user_enrolments'));
$this->assertEquals(0, $DB->count_records('role_assignments'));
$this->assertEquals(4, $DB->count_records('course'));
$enrol->sync_enrolments(new null_progress_trace());
$this->assertEquals(8, $DB->count_records('user_enrolments'));
$this->assertEquals(8, $DB->count_records('role_assignments'));
$this->assertEquals(4, $DB->count_records('course'));
$this->assertIsEnrolled($course1->id, $user1->id, $studentrole->id);
$this->assertIsEnrolled($course1->id, $user2->id, $studentrole->id);
$this->assertIsEnrolled($course1->id, $user3->id, $studentrole->id);
$this->assertIsEnrolled($course1->id, $user5->id, $teacherrole->id);
$this->assertIsEnrolled($course2->id, $user1->id, $studentrole->id);
$this->assertIsEnrolled($course2->id, $user2->id, $studentrole->id);
$this->assertIsEnrolled($course2->id, $user3->id, $studentrole->id);
$this->assertIsEnrolled($course2->id, $user4->id, $studentrole->id);
// Test course creation.
$enrol->set_config('autocreate', 1);
$enrol->sync_enrolments(new null_progress_trace());
$this->assertEquals(12, $DB->count_records('user_enrolments'));
$this->assertEquals(12, $DB->count_records('role_assignments'));
$this->assertEquals(5, $DB->count_records('course'));
$course4 = $DB->get_record('course', array('idnumber' => 'course4'), '*', MUST_EXIST);
$this->assertIsEnrolled($course4->id, $user1->id, $studentrole->id);
$this->assertIsEnrolled($course4->id, $user2->id, $studentrole->id);
$this->assertIsEnrolled($course4->id, $user5->id, $teacherrole->id);
$this->assertIsEnrolled($course4->id, $user6->id, $teacherrole->id);
// Test unenrolment.
ldap_delete($connection, 'cn=course1,ou=students,' . $topdn);
$o = array();
$o['objectClass'] = array('posixGroup');
$o['cn'] = 'course1';
$o['gidNumber'] = '1';
ldap_add($connection, 'cn=' . $o['cn'] . ',ou=students,' . $topdn, $o);
$enrol->set_config('unenrolaction', ENROL_EXT_REMOVED_KEEP);
$enrol->sync_enrolments(new null_progress_trace());
$this->assertEquals(12, $DB->count_records('user_enrolments'));
$this->assertEquals(12, $DB->count_records('role_assignments'));
$this->assertEquals(5, $DB->count_records('course'));
$enrol->set_config('unenrolaction', ENROL_EXT_REMOVED_SUSPEND);
$enrol->sync_enrolments(new null_progress_trace());
$this->assertEquals(12, $DB->count_records('user_enrolments'));
$this->assertEquals(12, $DB->count_records('role_assignments'));
$this->assertEquals(5, $DB->count_records('course'));
$this->assertIsEnrolled($course1->id, $user1->id, $studentrole->id, ENROL_USER_SUSPENDED);
$this->assertIsEnrolled($course1->id, $user2->id, $studentrole->id, ENROL_USER_SUSPENDED);
$this->assertIsEnrolled($course1->id, $user3->id, $studentrole->id, ENROL_USER_SUSPENDED);
ldap_delete($connection, 'cn=course1,ou=students,' . $topdn);
$o = array();
$o['objectClass'] = array('posixGroup');
$o['cn'] = 'course1';
$o['gidNumber'] = '1';
$o['memberUid'] = array('user1', 'user2', 'user3');
ldap_add($connection, 'cn=' . $o['cn'] . ',ou=students,' . $topdn, $o);
$enrol->sync_enrolments(new null_progress_trace());
$this->assertEquals(12, $DB->count_records('user_enrolments'));
$this->assertEquals(12, $DB->count_records('role_assignments'));
$this->assertEquals(5, $DB->count_records('course'));
$this->assertIsEnrolled($course1->id, $user1->id, $studentrole->id, ENROL_USER_ACTIVE);
$this->assertIsEnrolled($course1->id, $user2->id, $studentrole->id, ENROL_USER_ACTIVE);
$this->assertIsEnrolled($course1->id, $user3->id, $studentrole->id, ENROL_USER_ACTIVE);
ldap_delete($connection, 'cn=course1,ou=students,' . $topdn);
$o = array();
$o['objectClass'] = array('posixGroup');
$o['cn'] = 'course1';
$o['gidNumber'] = '1';
ldap_add($connection, 'cn=' . $o['cn'] . ',ou=students,' . $topdn, $o);
$enrol->set_config('unenrolaction', ENROL_EXT_REMOVED_SUSPENDNOROLES);
$enrol->sync_enrolments(new null_progress_trace());
$this->assertEquals(12, $DB->count_records('user_enrolments'));
$this->assertEquals(9, $DB->count_records('role_assignments'));
$this->assertEquals(5, $DB->count_records('course'));
$this->assertIsEnrolled($course1->id, $user1->id, 0, ENROL_USER_SUSPENDED);
$this->assertIsEnrolled($course1->id, $user2->id, 0, ENROL_USER_SUSPENDED);
$this->assertIsEnrolled($course1->id, $user3->id, 0, ENROL_USER_SUSPENDED);
ldap_delete($connection, 'cn=course1,ou=students,' . $topdn);
$o = array();
$o['objectClass'] = array('posixGroup');
$o['cn'] = 'course1';
$o['gidNumber'] = '1';
$o['memberUid'] = array('user1', 'user2', 'user3');
ldap_add($connection, 'cn=' . $o['cn'] . ',ou=students,' . $topdn, $o);
$enrol->sync_enrolments(new null_progress_trace());
$this->assertEquals(12, $DB->count_records('user_enrolments'));
$this->assertEquals(12, $DB->count_records('role_assignments'));
$this->assertEquals(5, $DB->count_records('course'));
$this->assertIsEnrolled($course1->id, $user1->id, $studentrole->id, ENROL_USER_ACTIVE);
$this->assertIsEnrolled($course1->id, $user2->id, $studentrole->id, ENROL_USER_ACTIVE);
$this->assertIsEnrolled($course1->id, $user3->id, $studentrole->id, ENROL_USER_ACTIVE);
ldap_delete($connection, 'cn=course1,ou=students,' . $topdn);
$o = array();
$o['objectClass'] = array('posixGroup');
$o['cn'] = 'course1';
$o['gidNumber'] = '1';
ldap_add($connection, 'cn=' . $o['cn'] . ',ou=students,' . $topdn, $o);
$enrol->set_config('unenrolaction', ENROL_EXT_REMOVED_UNENROL);
$enrol->sync_enrolments(new null_progress_trace());
$this->assertEquals(9, $DB->count_records('user_enrolments'));
$this->assertEquals(9, $DB->count_records('role_assignments'));
$this->assertEquals(5, $DB->count_records('course'));
$this->assertIsNotEnrolled($course1->id, $user1->id);
$this->assertIsNotEnrolled($course1->id, $user2->id);
$this->assertIsNotEnrolled($course1->id, $user3->id);
// Individual user enrolments-
ldap_delete($connection, 'cn=course1,ou=students,' . $topdn);
$o = array();
$o['objectClass'] = array('posixGroup');
$o['cn'] = 'course1';
$o['gidNumber'] = '1';
$o['memberUid'] = array('user1', 'user2', 'user3');
ldap_add($connection, 'cn=' . $o['cn'] . ',ou=students,' . $topdn, $o);
$enrol->sync_user_enrolments($user1);
$this->assertEquals(10, $DB->count_records('user_enrolments'));
$this->assertEquals(10, $DB->count_records('role_assignments'));
$this->assertEquals(5, $DB->count_records('course'));
$this->assertIsEnrolled($course1->id, $user1->id, $studentrole->id, ENROL_USER_ACTIVE);
ldap_delete($connection, 'cn=course1,ou=students,' . $topdn);
$o = array();
$o['objectClass'] = array('posixGroup');
$o['cn'] = 'course1';
$o['gidNumber'] = '1';
$o['memberUid'] = array('user2', 'user3');
ldap_add($connection, 'cn=' . $o['cn'] . ',ou=students,' . $topdn, $o);
$enrol->set_config('unenrolaction', ENROL_EXT_REMOVED_KEEP);
$enrol->sync_user_enrolments($user1);
$this->assertEquals(10, $DB->count_records('user_enrolments'));
$this->assertEquals(10, $DB->count_records('role_assignments'));
$this->assertEquals(5, $DB->count_records('course'));
$this->assertIsEnrolled($course1->id, $user1->id, $studentrole->id, ENROL_USER_ACTIVE);
$enrol->set_config('unenrolaction', ENROL_EXT_REMOVED_SUSPEND);
$enrol->sync_user_enrolments($user1);
$this->assertEquals(10, $DB->count_records('user_enrolments'));
$this->assertEquals(10, $DB->count_records('role_assignments'));
$this->assertEquals(5, $DB->count_records('course'));
$this->assertIsEnrolled($course1->id, $user1->id, $studentrole->id, ENROL_USER_SUSPENDED);
ldap_delete($connection, 'cn=course1,ou=students,' . $topdn);
$o = array();
$o['objectClass'] = array('posixGroup');
$o['cn'] = 'course1';
$o['gidNumber'] = '1';
$o['memberUid'] = array('user1', 'user2', 'user3');
ldap_add($connection, 'cn=' . $o['cn'] . ',ou=students,' . $topdn, $o);
$enrol->sync_user_enrolments($user1);
$this->assertEquals(10, $DB->count_records('user_enrolments'));
$this->assertEquals(10, $DB->count_records('role_assignments'));
$this->assertEquals(5, $DB->count_records('course'));
$this->assertIsEnrolled($course1->id, $user1->id, $studentrole->id, ENROL_USER_ACTIVE);
ldap_delete($connection, 'cn=course1,ou=students,' . $topdn);
$o = array();
$o['objectClass'] = array('posixGroup');
$o['cn'] = 'course1';
$o['gidNumber'] = '1';
$o['memberUid'] = array('user2', 'user3');
ldap_add($connection, 'cn=' . $o['cn'] . ',ou=students,' . $topdn, $o);
$enrol->set_config('unenrolaction', ENROL_EXT_REMOVED_SUSPENDNOROLES);
$enrol->sync_user_enrolments($user1);
$this->assertEquals(10, $DB->count_records('user_enrolments'));
$this->assertEquals(9, $DB->count_records('role_assignments'));
$this->assertEquals(5, $DB->count_records('course'));
$this->assertIsEnrolled($course1->id, $user1->id, 0, ENROL_USER_SUSPENDED);
ldap_delete($connection, 'cn=course1,ou=students,' . $topdn);
$o = array();
$o['objectClass'] = array('posixGroup');
$o['cn'] = 'course1';
$o['gidNumber'] = '1';
$o['memberUid'] = array('user1', 'user2', 'user3');
ldap_add($connection, 'cn=' . $o['cn'] . ',ou=students,' . $topdn, $o);
$enrol->sync_user_enrolments($user1);
$this->assertEquals(10, $DB->count_records('user_enrolments'));
$this->assertEquals(10, $DB->count_records('role_assignments'));
$this->assertEquals(5, $DB->count_records('course'));
$this->assertIsEnrolled($course1->id, $user1->id, $studentrole->id, ENROL_USER_ACTIVE);
ldap_delete($connection, 'cn=course1,ou=students,' . $topdn);
$o = array();
$o['objectClass'] = array('posixGroup');
$o['cn'] = 'course1';
$o['gidNumber'] = '1';
$o['memberUid'] = array('user2', 'user3');
ldap_add($connection, 'cn=' . $o['cn'] . ',ou=students,' . $topdn, $o);
$enrol->set_config('unenrolaction', ENROL_EXT_REMOVED_UNENROL);
$enrol->sync_user_enrolments($user1);
$this->assertEquals(9, $DB->count_records('user_enrolments'));
$this->assertEquals(9, $DB->count_records('role_assignments'));
$this->assertEquals(5, $DB->count_records('course'));
$this->assertIsNotEnrolled($course1->id, $user1->id);
$this->recursive_delete($connection, TEST_ENROL_LDAP_DOMAIN, 'dc=moodletest');
ldap_close($connection);
// NOTE: multiple roles in one course is not supported, sorry
}
/**
* Connect to the LDAP server, using the plugin configured
* settings. It's actually a wrapper around ldap_connect_moodle()
*
* @return resource A valid LDAP connection (or dies if it can't connect)
*/
function ldap_connect()
{
// Cache ldap connections. They are expensive to set up
// and can drain the TCP/IP ressources on the server if we
// are syncing a lot of users (as we try to open a new connection
// to get the user details). This is the least invasive way
// to reuse existing connections without greater code surgery.
if (!empty($this->ldapconnection)) {
$this->ldapconns++;
return $this->ldapconnection;
}
if ($ldapconnection = ldap_connect_moodle($this->config->host_url, $this->config->ldap_version, $this->config->user_type, $this->config->bind_dn, $this->config->bind_pw, $this->config->opt_deref, $debuginfo, $this->config->start_tls)) {
$this->ldapconns = 1;
$this->ldapconnection = $ldapconnection;
return $ldapconnection;
}
print_error('auth_ldap_noconnect_all', 'auth_ldap', '', $debuginfo);
}
/**
* Test logging in via LDAP calls a user_loggedin event.
*/
public function test_ldap_user_signup()
{
global $CFG, $DB;
// User to create.
$user = array('username' => 'usersignuptest1', 'password' => 'Moodle2014!', 'idnumber' => 'idsignuptest1', 'firstname' => 'First Name User Test 1', 'lastname' => 'Last Name User Test 1', 'middlename' => 'Middle Name User Test 1', 'lastnamephonetic' => '最後のお名前のテスト一号', 'firstnamephonetic' => 'お名前のテスト一号', 'alternatename' => 'Alternate Name User Test 1', 'email' => '*****@*****.**', 'description' => 'This is a description for user 1', 'city' => 'Perth', 'country' => 'au', 'mnethostid' => $CFG->mnet_localhost_id, 'auth' => 'ldap');
if (!extension_loaded('ldap')) {
$this->markTestSkipped('LDAP extension is not loaded.');
}
$this->resetAfterTest();
require_once $CFG->dirroot . '/auth/ldap/auth.php';
require_once $CFG->libdir . '/ldaplib.php';
if (!defined('TEST_AUTH_LDAP_HOST_URL') or !defined('TEST_AUTH_LDAP_BIND_DN') or !defined('TEST_AUTH_LDAP_BIND_PW') or !defined('TEST_AUTH_LDAP_DOMAIN')) {
$this->markTestSkipped('External LDAP test server not configured.');
}
// Make sure we can connect the server.
$debuginfo = '';
if (!($connection = ldap_connect_moodle(TEST_AUTH_LDAP_HOST_URL, 3, 'rfc2307', TEST_AUTH_LDAP_BIND_DN, TEST_AUTH_LDAP_BIND_PW, LDAP_DEREF_NEVER, $debuginfo, false))) {
$this->markTestSkipped('Can not connect to LDAP test server: ' . $debuginfo);
}
$this->enable_plugin();
// Create new empty test container.
$topdn = 'dc=moodletest,' . TEST_AUTH_LDAP_DOMAIN;
$this->recursive_delete($connection, TEST_AUTH_LDAP_DOMAIN, 'dc=moodletest');
$o = array();
$o['objectClass'] = array('dcObject', 'organizationalUnit');
$o['dc'] = 'moodletest';
$o['ou'] = 'MOODLETEST';
if (!ldap_add($connection, 'dc=moodletest,' . TEST_AUTH_LDAP_DOMAIN, $o)) {
$this->markTestSkipped('Can not create test LDAP container.');
}
// Create a few users.
$o = array();
$o['objectClass'] = array('organizationalUnit');
$o['ou'] = 'users';
ldap_add($connection, 'ou=' . $o['ou'] . ',' . $topdn, $o);
// Configure the plugin a bit.
set_config('host_url', TEST_AUTH_LDAP_HOST_URL, 'auth/ldap');
set_config('start_tls', 0, 'auth/ldap');
set_config('ldap_version', 3, 'auth/ldap');
set_config('ldapencoding', 'utf-8', 'auth/ldap');
set_config('pagesize', '2', 'auth/ldap');
set_config('bind_dn', TEST_AUTH_LDAP_BIND_DN, 'auth/ldap');
set_config('bind_pw', TEST_AUTH_LDAP_BIND_PW, 'auth/ldap');
set_config('user_type', 'rfc2307', 'auth/ldap');
set_config('contexts', 'ou=users,' . $topdn, 'auth/ldap');
set_config('search_sub', 0, 'auth/ldap');
set_config('opt_deref', LDAP_DEREF_NEVER, 'auth/ldap');
set_config('user_attribute', 'cn', 'auth/ldap');
set_config('memberattribute', 'memberuid', 'auth/ldap');
set_config('memberattribute_isdn', 0, 'auth/ldap');
set_config('creators', 'cn=creators,' . $topdn, 'auth/ldap');
set_config('removeuser', AUTH_REMOVEUSER_KEEP, 'auth/ldap');
set_config('field_map_email', 'mail', 'auth/ldap');
set_config('field_updatelocal_email', 'oncreate', 'auth/ldap');
set_config('field_updateremote_email', '0', 'auth/ldap');
set_config('field_lock_email', 'unlocked', 'auth/ldap');
set_config('field_map_firstname', 'givenName', 'auth/ldap');
set_config('field_updatelocal_firstname', 'oncreate', 'auth/ldap');
set_config('field_updateremote_firstname', '0', 'auth/ldap');
set_config('field_lock_firstname', 'unlocked', 'auth/ldap');
set_config('field_map_lastname', 'sn', 'auth/ldap');
set_config('field_updatelocal_lastname', 'oncreate', 'auth/ldap');
set_config('field_updateremote_lastname', '0', 'auth/ldap');
set_config('field_lock_lastname', 'unlocked', 'auth/ldap');
set_config('passtype', 'md5', 'auth/ldap');
set_config('create_context', 'ou=users,' . $topdn, 'auth/ldap');
$this->assertEquals(2, $DB->count_records('user'));
$this->assertEquals(0, $DB->count_records('role_assignments'));
/** @var auth_plugin_ldap $auth */
$auth = get_auth_plugin('ldap');
$sink = $this->redirectEvents();
$mailsink = $this->redirectEmails();
$auth->user_signup((object) $user, false);
$this->assertEquals(1, $mailsink->count());
$events = $sink->get_events();
$sink->close();
// Verify 2 events get generated.
$this->assertCount(2, $events);
// Get record from db.
$dbuser = $DB->get_record('user', array('username' => $user['username']));
$user['id'] = $dbuser->id;
// Last event is user_created.
$event = array_pop($events);
$this->assertInstanceOf('\\core\\event\\user_created', $event);
$this->assertEquals($user['id'], $event->objectid);
$this->assertEquals('user_created', $event->get_legacy_eventname());
$this->assertEquals(context_user::instance($user['id']), $event->get_context());
$expectedlogdata = array(SITEID, 'user', 'add', '/view.php?id=' . $event->objectid, fullname($dbuser));
$this->assertEventLegacyLogData($expectedlogdata, $event);
// First event is user_password_updated.
$event = array_pop($events);
$this->assertInstanceOf('\\core\\event\\user_password_updated', $event);
$this->assertEventContextNotUsed($event);
// Delete user which we just created.
ldap_delete($connection, 'cn=' . $user['username'] . ',ou=users,' . $topdn);
}
/**
* Connect to the LDAP server, using the plugin configured
* settings. It's actually a wrapper around ldap_connect_moodle()
*
* @return mixed A valid LDAP connection or false.
*/
protected function ldap_connect()
{
global $CFG;
require_once $CFG->libdir . '/ldaplib.php';
// Cache ldap connections. They are expensive to set up
// and can drain the TCP/IP ressources on the server if we
// are syncing a lot of users (as we try to open a new connection
// to get the user details). This is the least invasive way
// to reuse existing connections without greater code surgery.
if (!empty($this->ldapconnection)) {
$this->ldapconns++;
return $this->ldapconnection;
}
if ($ldapconnection = ldap_connect_moodle($this->get_config('host_url'), $this->get_config('ldap_version'), $this->get_config('user_type'), $this->get_config('bind_dn'), $this->get_config('bind_pw'), $this->get_config('opt_deref'), $debuginfo)) {
$this->ldapconns = 1;
$this->ldapconnection = $ldapconnection;
return $ldapconnection;
}
// Log the problem, but don't show it to the user. She doesn't
// even have a chance to see it, as we redirect instantly to
// the user/front page.
error_log($this->errorlogtag . $debuginfo);
return false;
}
public function test_auth_ldap()
{
global $CFG, $DB;
if (!extension_loaded('ldap')) {
$this->markTestSkipped('LDAP extension is not loaded.');
}
$this->resetAfterTest();
require_once $CFG->dirroot . '/auth/ldap/auth.php';
require_once $CFG->libdir . '/ldaplib.php';
if (!defined('TEST_AUTH_LDAP_HOST_URL') or !defined('TEST_AUTH_LDAP_BIND_DN') or !defined('TEST_AUTH_LDAP_BIND_PW') or !defined('TEST_AUTH_LDAP_DOMAIN')) {
$this->markTestSkipped('External LDAP test server not configured.');
}
// Make sure we can connect the server.
$debuginfo = '';
if (!($connection = ldap_connect_moodle(TEST_AUTH_LDAP_HOST_URL, 3, 'rfc2307', TEST_AUTH_LDAP_BIND_DN, TEST_AUTH_LDAP_BIND_PW, LDAP_DEREF_NEVER, $debuginfo, false))) {
$this->markTestSkipped('Can not connect to LDAP test server: ' . $debuginfo);
}
$this->enable_plugin();
// Create new empty test container.
$topdn = 'dc=moodletest,' . TEST_AUTH_LDAP_DOMAIN;
$this->recursive_delete($connection, TEST_AUTH_LDAP_DOMAIN, 'dc=moodletest');
$o = array();
$o['objectClass'] = array('dcObject', 'organizationalUnit');
$o['dc'] = 'moodletest';
$o['ou'] = 'MOODLETEST';
if (!ldap_add($connection, 'dc=moodletest,' . TEST_AUTH_LDAP_DOMAIN, $o)) {
$this->markTestSkipped('Can not create test LDAP container.');
}
// Create a few users.
$o = array();
$o['objectClass'] = array('organizationalUnit');
$o['ou'] = 'users';
ldap_add($connection, 'ou=' . $o['ou'] . ',' . $topdn, $o);
for ($i = 1; $i <= 5; $i++) {
$this->create_ldap_user($connection, $topdn, $i);
}
// Set up creators group.
$o = array();
$o['objectClass'] = array('posixGroup');
$o['cn'] = 'creators';
$o['gidNumber'] = 1;
$o['memberUid'] = array('username1', 'username2');
ldap_add($connection, 'cn=' . $o['cn'] . ',' . $topdn, $o);
$creatorrole = $DB->get_record('role', array('shortname' => 'coursecreator'));
$this->assertNotEmpty($creatorrole);
// Configure the plugin a bit.
set_config('host_url', TEST_AUTH_LDAP_HOST_URL, 'auth/ldap');
set_config('start_tls', 0, 'auth/ldap');
set_config('ldap_version', 3, 'auth/ldap');
set_config('ldapencoding', 'utf-8', 'auth/ldap');
set_config('pagesize', '2', 'auth/ldap');
set_config('bind_dn', TEST_AUTH_LDAP_BIND_DN, 'auth/ldap');
set_config('bind_pw', TEST_AUTH_LDAP_BIND_PW, 'auth/ldap');
set_config('user_type', 'rfc2307', 'auth/ldap');
set_config('contexts', 'ou=users,' . $topdn, 'auth/ldap');
set_config('search_sub', 0, 'auth/ldap');
set_config('opt_deref', LDAP_DEREF_NEVER, 'auth/ldap');
set_config('user_attribute', 'cn', 'auth/ldap');
set_config('memberattribute', 'memberuid', 'auth/ldap');
set_config('memberattribute_isdn', 0, 'auth/ldap');
set_config('creators', 'cn=creators,' . $topdn, 'auth/ldap');
set_config('removeuser', AUTH_REMOVEUSER_KEEP, 'auth/ldap');
set_config('field_map_email', 'mail', 'auth/ldap');
set_config('field_updatelocal_email', 'oncreate', 'auth/ldap');
set_config('field_updateremote_email', '0', 'auth/ldap');
set_config('field_lock_email', 'unlocked', 'auth/ldap');
set_config('field_map_firstname', 'givenName', 'auth/ldap');
set_config('field_updatelocal_firstname', 'oncreate', 'auth/ldap');
set_config('field_updateremote_firstname', '0', 'auth/ldap');
set_config('field_lock_firstname', 'unlocked', 'auth/ldap');
set_config('field_map_lastname', 'sn', 'auth/ldap');
set_config('field_updatelocal_lastname', 'oncreate', 'auth/ldap');
set_config('field_updateremote_lastname', '0', 'auth/ldap');
set_config('field_lock_lastname', 'unlocked', 'auth/ldap');
$this->assertEquals(2, $DB->count_records('user'));
$this->assertEquals(0, $DB->count_records('role_assignments'));
/** @var auth_plugin_ldap $auth */
$auth = get_auth_plugin('ldap');
ob_start();
$auth->sync_users(true);
ob_end_clean();
$this->assertEquals(5, $DB->count_records('user', array('auth' => 'ldap')));
$this->assertEquals(2, $DB->count_records('role_assignments'));
$this->assertEquals(2, $DB->count_records('role_assignments', array('roleid' => $creatorrole->id)));
for ($i = 1; $i <= 5; $i++) {
$this->assertTrue($DB->record_exists('user', array('username' => 'username' . $i, 'email' => 'user' . $i . '@example.com', 'firstname' => 'Firstname' . $i, 'lastname' => 'Lastname' . $i)));
}
$this->delete_ldap_user($connection, $topdn, 1);
ob_start();
$auth->sync_users(true);
ob_end_clean();
$this->assertEquals(5, $DB->count_records('user', array('auth' => 'ldap')));
$this->assertEquals(0, $DB->count_records('user', array('suspended' => 1)));
$this->assertEquals(0, $DB->count_records('user', array('deleted' => 1)));
$this->assertEquals(2, $DB->count_records('role_assignments'));
$this->assertEquals(2, $DB->count_records('role_assignments', array('roleid' => $creatorrole->id)));
set_config('removeuser', AUTH_REMOVEUSER_SUSPEND, 'auth/ldap');
/** @var auth_plugin_ldap $auth */
$auth = get_auth_plugin('ldap');
ob_start();
$auth->sync_users(true);
ob_end_clean();
$this->assertEquals(5, $DB->count_records('user', array('auth' => 'ldap')));
$this->assertEquals(0, $DB->count_records('user', array('auth' => 'nologin', 'username' => 'username1')));
$this->assertEquals(1, $DB->count_records('user', array('auth' => 'ldap', 'suspended' => '1', 'username' => 'username1')));
$this->assertEquals(0, $DB->count_records('user', array('deleted' => 1)));
$this->assertEquals(2, $DB->count_records('role_assignments'));
$this->assertEquals(2, $DB->count_records('role_assignments', array('roleid' => $creatorrole->id)));
$this->create_ldap_user($connection, $topdn, 1);
ob_start();
$auth->sync_users(true);
ob_end_clean();
$this->assertEquals(5, $DB->count_records('user', array('auth' => 'ldap')));
$this->assertEquals(0, $DB->count_records('user', array('suspended' => 1)));
$this->assertEquals(0, $DB->count_records('user', array('deleted' => 1)));
$this->assertEquals(2, $DB->count_records('role_assignments'));
$this->assertEquals(2, $DB->count_records('role_assignments', array('roleid' => $creatorrole->id)));
$DB->set_field('user', 'auth', 'nologin', array('username' => 'username1'));
ob_start();
$auth->sync_users(true);
ob_end_clean();
$this->assertEquals(5, $DB->count_records('user', array('auth' => 'ldap')));
$this->assertEquals(0, $DB->count_records('user', array('suspended' => 1)));
$this->assertEquals(0, $DB->count_records('user', array('deleted' => 1)));
$this->assertEquals(2, $DB->count_records('role_assignments'));
$this->assertEquals(2, $DB->count_records('role_assignments', array('roleid' => $creatorrole->id)));
set_config('removeuser', AUTH_REMOVEUSER_FULLDELETE, 'auth/ldap');
/** @var auth_plugin_ldap $auth */
$auth = get_auth_plugin('ldap');
$this->delete_ldap_user($connection, $topdn, 1);
ob_start();
$auth->sync_users(true);
ob_end_clean();
$this->assertEquals(5, $DB->count_records('user', array('auth' => 'ldap')));
$this->assertEquals(0, $DB->count_records('user', array('username' => 'username1')));
$this->assertEquals(0, $DB->count_records('user', array('suspended' => 1)));
$this->assertEquals(1, $DB->count_records('user', array('deleted' => 1)));
$this->assertEquals(1, $DB->count_records('role_assignments'));
$this->assertEquals(1, $DB->count_records('role_assignments', array('roleid' => $creatorrole->id)));
$this->create_ldap_user($connection, $topdn, 1);
ob_start();
$auth->sync_users(true);
ob_end_clean();
$this->assertEquals(6, $DB->count_records('user', array('auth' => 'ldap')));
$this->assertEquals(1, $DB->count_records('user', array('username' => 'username1')));
$this->assertEquals(0, $DB->count_records('user', array('suspended' => 1)));
$this->assertEquals(1, $DB->count_records('user', array('deleted' => 1)));
$this->assertEquals(2, $DB->count_records('role_assignments'));
$this->assertEquals(2, $DB->count_records('role_assignments', array('roleid' => $creatorrole->id)));
$this->recursive_delete($connection, TEST_AUTH_LDAP_DOMAIN, 'dc=moodletest');
ldap_close($connection);
}
function ldap_login($extusername, $extpassword)
{
global $options;
if ($options['ldap_enable'] != 1) {
return false;
}
$ldapconnection = ldap_connect_moodle();
$ldap_user_dn = ldap_find_userdn($ldapconnection, $extusername);
// If ldap_user_dn is empty, user does not exist
if (!$ldap_user_dn) {
ldap_close($ldapconnection);
return false;
}
// Try to bind with current username and password
$ldap_login = @ldap_bind($ldapconnection, $ldap_user_dn, $extpassword);
ldap_close($ldapconnection);
if ($ldap_login) {
return true;
}
return false;
}
