/**
  * Constructor
  *
  * @access public
  * @param array array of pear parameters
  * 
  */
 public function __construct()
 {
     global $ilLog;
     include_once 'Services/LDAP/classes/class.ilLDAPServer.php';
     $this->server = new ilLDAPServer(ilLDAPServer::_getFirstActiveServer());
     $this->log = $ilLog;
     parent::__construct($this->server->toPearAuthArray());
 }
 /**
  * Get default global role
  * @return 
  */
 public static function getDefaultRole()
 {
     if (self::$default_role) {
         return self::$default_role;
     }
     include_once './Services/LDAP/classes/class.ilLDAPAttributeMapping.php';
     include_once './Services/LDAP/classes/class.ilLDAPServer.php';
     return self::$default_role = ilLDAPAttributeMapping::_lookupGlobalRole(ilLDAPServer::_getFirstActiveServer());
 }
 /**
  * Deactivate users that are disabled in LDAP
  *
  * @access private
  * 
  */
 private function deactivateUsers(ilLDAPServer $server, $a_ldap_users)
 {
     include_once './Services/User/classes/class.ilObjUser.php';
     foreach ($ext = ilObjUser::_getExternalAccountsByAuthMode($server->getAuthenticationMappingKey(), true) as $usr_id => $external_account) {
         if (!array_key_exists($external_account, $a_ldap_users)) {
             $inactive[] = $usr_id;
         }
     }
     if (count($inactive)) {
         ilObjUser::_toggleActiveStatusOfUsers($inactive, false);
         $this->log->write('LDAP: Found ' . count($inactive) . ' inactive users.');
     } else {
         $this->log->write('LDAP: No inactive users found');
     }
 }
 /**
  * Handle ldap as data source
  * @param Auth $auth
  * @param string $ext_account
  */
 protected function handleLDAPDataSource($a_auth, $ext_account)
 {
     include_once './Services/LDAP/classes/class.ilLDAPServer.php';
     $server = ilLDAPServer::getInstanceByServerId(ilLDAPServer::getDataSource(AUTH_RADIUS));
     $GLOBALS['ilLog']->write(__METHOD__ . 'Using ldap data source');
     include_once './Services/LDAP/classes/class.ilLDAPUserSynchronisation.php';
     $sync = new ilLDAPUserSynchronisation('radius', $server->getServerId());
     $sync->setExternalAccount($ext_account);
     $sync->setUserData(array());
     $sync->forceCreation($this->force_creation);
     try {
         $internal_account = $sync->sync();
     } catch (UnexpectedValueException $e) {
         $GLOBALS['ilLog']->write(__METHOD__ . ': Login failed with message: ' . $e->getMessage());
         $a_auth->status = AUTH_WRONG_LOGIN;
         $a_auth->logout();
         return false;
     } catch (ilLDAPSynchronisationForbiddenException $e) {
         // No syncronisation allowed => create Error
         $GLOBALS['ilLog']->write(__METHOD__ . ': Login failed with message: ' . $e->getMessage());
         $a_auth->status = AUTH_RADIUS_NO_ILIAS_USER;
         $a_auth->logout();
         return false;
     } catch (ilLDAPAccountMigrationRequiredException $e) {
         $GLOBALS['ilLog']->write(__METHOD__ . ': Starting account migration.');
         $a_auth->logout();
         ilUtil::redirect('ilias.php?baseClass=ilStartUpGUI&cmdClass=ilstartupgui&cmd=showAccountMigration');
     }
     $a_auth->setAuth($internal_account);
     return true;
 }
 /**
  * display settings menu
  * 
  * @access	public
  */
 function authSettingsObject()
 {
     global $rbacsystem, $ilSetting;
     if (!$rbacsystem->checkAccess("visible,read", $this->object->getRefId())) {
         $this->ilias->raiseError($this->lng->txt("permission_denied"), $this->ilias->error_obj->MESSAGE);
     }
     $this->tabs_gui->setTabActive('authentication_settings');
     $this->setSubTabs('authSettings');
     $this->tabs_gui->setSubTabActive("auth_settings");
     $this->tpl->addBlockFile("ADM_CONTENT", "adm_content", "tpl.auth_general.html", "Services/Authentication");
     $this->tpl->setVariable("FORMACTION", $this->ctrl->getFormAction($this));
     $this->tpl->setVariable("TXT_AUTH_TITLE", $this->lng->txt("auth_select"));
     $this->tpl->setVariable("TXT_AUTH_MODE", $this->lng->txt("auth_mode"));
     $this->tpl->setVariable("TXT_AUTH_DEFAULT", $this->lng->txt("default"));
     $this->tpl->setVariable("TXT_AUTH_ACTIVE", $this->lng->txt("active"));
     $this->tpl->setVariable("TXT_AUTH_NUM_USERS", $this->lng->txt("num_users"));
     $this->tpl->setVariable("TXT_LOCAL", $this->lng->txt("auth_local"));
     $this->tpl->setVariable("TXT_LDAP", $this->lng->txt("auth_ldap"));
     $this->tpl->setVariable("TXT_SHIB", $this->lng->txt("auth_shib"));
     $this->tpl->setVariable("TXT_CAS", $this->lng->txt("auth_cas"));
     $this->tpl->setVariable("TXT_RADIUS", $this->lng->txt("auth_radius"));
     $this->tpl->setVariable("TXT_SCRIPT", $this->lng->txt("auth_script"));
     $this->tpl->setVariable("TXT_APACHE", $this->lng->txt("auth_apache"));
     $auth_cnt = ilObjUser::_getNumberOfUsersPerAuthMode();
     $auth_modes = ilAuthUtils::_getAllAuthModes();
     foreach ($auth_modes as $mode => $mode_name) {
         //echo "-".$ilSetting->get('auth_mode')."-".$mode."-";
         if ($ilSetting->get('auth_mode') == $mode) {
             $this->tpl->setVariable("NUM_" . strtoupper($mode_name), (int) $auth_cnt[$mode_name] + $auth_cnt["default"] . " (" . $this->lng->txt("auth_per_default") . ": " . $auth_cnt["default"] . ")");
         } else {
             $this->tpl->setVariable("NUM_" . strtoupper($mode_name), (int) $auth_cnt[$mode_name]);
         }
     }
     $this->tpl->setVariable("TXT_CONFIGURE", $this->lng->txt("auth_configure"));
     $this->tpl->setVariable("TXT_AUTH_REMARK", $this->lng->txt("auth_remark_non_local_auth"));
     $this->tpl->setVariable("TXT_SUBMIT", $this->lng->txt("save"));
     $this->tpl->setVariable("CMD_SUBMIT", "setAuthMode");
     // local vars
     $checked = "checked=\"checked\"";
     $disabled = "disabled=\"disabled\"";
     $style_disabled = "_disabled";
     // icon handlers
     $icon_ok = "<img src=\"" . ilUtil::getImagePath("icon_ok.svg") . "\" alt=\"" . $this->lng->txt("enabled") . "\" title=\"" . $this->lng->txt("enabled") . "\" border=\"0\" vspace=\"0\"/>";
     $icon_not_ok = "<img src=\"" . ilUtil::getImagePath("icon_not_ok.svg") . "\" alt=\"" . $this->lng->txt("disabled") . "\" title=\"" . $this->lng->txt("disabled") . "\" border=\"0\" vspace=\"0\"/>";
     $this->tpl->setVariable("AUTH_LOCAL_ACTIVE", $icon_ok);
     include_once 'Services/LDAP/classes/class.ilLDAPServer.php';
     $this->tpl->setVariable('AUTH_LDAP_ACTIVE', count(ilLDAPServer::_getActiveServerList()) ? $icon_ok : $icon_not_ok);
     #$this->tpl->setVariable("AUTH_LDAP_ACTIVE", $this->ilias->getSetting('ldap_active') ? $icon_ok : $icon_not_ok);
     $this->tpl->setVariable("AUTH_RADIUS_ACTIVE", $this->ilias->getSetting('radius_active') ? $icon_ok : $icon_not_ok);
     $this->tpl->setVariable("AUTH_SHIB_ACTIVE", $this->ilias->getSetting('shib_active') ? $icon_ok : $icon_not_ok);
     $this->tpl->setVariable("AUTH_SCRIPT_ACTIVE", $this->ilias->getSetting('script_active') ? $icon_ok : $icon_not_ok);
     $this->tpl->setVariable("AUTH_CAS_ACTIVE", $this->ilias->getSetting('cas_active') ? $icon_ok : $icon_not_ok);
     $this->tpl->setVariable("AUTH_APACHE_ACTIVE", $this->ilias->getSetting('apache_active') ? $icon_ok : $icon_not_ok);
     // alter style and disable buttons depending on current selection
     switch ($this->ilias->getSetting('auth_mode')) {
         case AUTH_LOCAL:
             // default
             $this->tpl->setVariable("CHK_LOCAL", $checked);
             break;
         case AUTH_LDAP:
             // LDAP
             $this->tpl->setVariable("CHK_LDAP", $checked);
             break;
         case AUTH_SHIBBOLETH:
             // SHIB
             $this->tpl->setVariable("CHK_SHIB", $checked);
             break;
         case AUTH_RADIUS:
             // RADIUS
             $this->tpl->setVariable("CHK_RADIUS", $checked);
             break;
         case AUTH_CAS:
             // CAS
             $this->tpl->setVariable("CHK_CAS", $checked);
             break;
         case AUTH_SCRIPT:
             // script
             $this->tpl->setVariable("CHK_SCRIPT", $checked);
             break;
         case AUTH_APACHE:
             // apache
             $this->tpl->setVariable("CHK_APACHE", $checked);
             break;
     }
     // auth mode determinitation
     if ($this->initAuthModeDetermination()) {
         $this->tpl->setVariable('TABLE_AUTH_DETERMINATION', $this->form->getHTML());
     }
     // roles table
     $this->tpl->setVariable("FORMACTION_ROLES", $this->ctrl->getFormAction($this));
     $this->tpl->setVariable("TXT_AUTH_ROLES", $this->lng->txt("auth_active_roles"));
     $this->tpl->setVariable("TXT_ROLE", $this->lng->txt("obj_role"));
     $this->tpl->setVariable("TXT_ROLE_AUTH_MODE", $this->lng->txt("auth_role_auth_mode"));
     $this->tpl->setVariable("CMD_SUBMIT_ROLES", "updateAuthRoles");
     include_once "./Services/AccessControl/classes/class.ilObjRole.php";
     $reg_roles = ilObjRole::_lookupRegisterAllowed();
     // auth mode selection
     include_once './Services/Authentication/classes/class.ilAuthUtils.php';
     $active_auth_modes = ilAuthUtils::_getActiveAuthModes();
     foreach ($reg_roles as $role) {
         foreach ($active_auth_modes as $auth_name => $auth_key) {
             // do not list auth modes with external login screen
             // even not default, because it can easily be set to
             // a non-working auth mode
             if ($auth_name == "default" || $auth_name == "cas" || $auth_name == "shibboleth" || $auth_name == 'ldap' || $auth_name == 'apache' || $auth_name == "ecs" || $auth_name == "openid") {
                 continue;
             }
             $this->tpl->setCurrentBlock("auth_mode_selection");
             if ($auth_name == 'default') {
                 $name = $this->lng->txt('auth_' . $auth_name) . " (" . $this->lng->txt('auth_' . ilAuthUtils::_getAuthModeName($auth_key)) . ")";
             } else {
                 $name = $this->lng->txt('auth_' . $auth_name);
             }
             $this->tpl->setVariable("AUTH_MODE_NAME", $name);
             $this->tpl->setVariable("AUTH_MODE", $auth_name);
             if ($role['auth_mode'] == $auth_name) {
                 $this->tpl->setVariable("SELECTED_AUTH_MODE", "selected=\"selected\"");
             }
             $this->tpl->parseCurrentBlock();
         }
         // END auth_mode selection
         $this->tpl->setCurrentBlock("roles");
         $this->tpl->setVariable("ROLE", $role['title']);
         $this->tpl->setVariable("ROLE_ID", $role['id']);
         $this->tpl->parseCurrentBlock();
     }
 }
 /**
  * Create user account
  * @param type $a_person_id
  */
 private function createMember($a_person_id)
 {
     try {
         include_once './Services/LDAP/classes/class.ilLDAPServer.php';
         $server = ilLDAPServer::getInstanceByServerId(ilLDAPServer::_getFirstActiveServer());
         $server->doConnectionCheck();
         include_once './Services/LDAP/classes/class.ilLDAPQuery.php';
         $query = new ilLDAPQuery($server);
         $query->bind(IL_LDAP_BIND_DEFAULT);
         $users = $query->fetchUser($a_person_id);
         if ($users) {
             include_once './Services/LDAP/classes/class.ilLDAPAttributeToUser.php';
             $xml = new ilLDAPAttributeToUser($server);
             $xml->setNewUserAuthMode($server->getAuthenticationMappingKey());
             $xml->setUserData($users);
             $xml->refresh();
         }
     } catch (ilLDAPQueryException $exc) {
         $this->log->write($exc->getMessage());
     }
 }
 private function initServer()
 {
     include_once './Services/LDAP/classes/class.ilLDAPServer.php';
     if (!$_GET['ldap_server_id']) {
         $_GET['ldap_server_id'] = ilLDAPServer::_getFirstServer();
     }
     $this->server = new ilLDAPServer((int) $_GET['ldap_server_id']);
 }
 /**
  * Check if user is member of specific group
  *
  * @access private
  * @param array user data
  * @param array user_data
  * 
  */
 private function isGroupMember($a_user_data)
 {
     global $ilLog;
     if ($this->isMemberAttributeDN()) {
         $user_cmp = $a_user_data['dn'];
     } else {
         $user_cmp = $a_user_data['ilExternalAccount'];
     }
     include_once 'Services/LDAP/classes/class.ilLDAPQuery.php';
     include_once 'Services/LDAP/classes/class.ilLDAPServer.php';
     $server = ilLDAPServer::getInstanceByServerId(ilLDAPServer::_getFirstActiveServer());
     try {
         $query = new ilLDAPQuery($server);
         $query->bind();
         $res = $query->query($this->getDN(), sprintf('(%s=%s)', $this->getMemberAttribute(), $user_cmp), IL_LDAP_SCOPE_BASE, array('dn'));
         return $res->numRows() ? true : false;
     } catch (ilLDAPQueryException $e) {
         $ilLog->write(__METHOD__ . ': Caught Exception: ' . $e->getMessage());
         return false;
     }
 }
 /**
  * Check if there is any active server with 
  *
  * @access private
  * @param
  * 
  */
 private function initServers()
 {
     $server_ids = ilLDAPServer::_getRoleSyncServerIds();
     if (!count($server_ids)) {
         return false;
     }
     // Init servers
     include_once 'Services/LDAP/classes/class.ilLDAPRoleGroupMappingSettings.php';
     $this->active_servers = true;
     $this->mappings = array();
     foreach ($server_ids as $server_id) {
         $this->servers[$server_id] = new ilLDAPServer($server_id);
         $this->mappings = ilLDAPRoleGroupMappingSettings::_getAllActiveMappings();
     }
     $this->mapping_info = array();
     $this->mapping_info_strict = array();
     foreach ($this->mappings as $mapping) {
         foreach ($mapping as $key => $data) {
             if (strlen($data['info']) and $data['object_id']) {
                 $this->mapping_info[$data['object_id']][] = $data['info'];
             }
             if (strlen($data['info']) && $data['info_type'] == ilLDAPRoleGroupMappingSettings::MAPPING_INFO_ALL) {
                 $this->mapping_info_strict[$data['object_id']][] = $data['info'];
             }
         }
     }
     $this->users = ilObjUser::_getExternalAccountsByAuthMode('ldap', true);
     return true;
 }
 /**
  * Read settings
  *
  * @access private
  * @param
  * 
  */
 private function read()
 {
     global $ilSetting;
     $this->kind = $this->settings->get('kind', self::TYPE_MANUAL);
     include_once 'Services/LDAP/classes/class.ilLDAPServer.php';
     $ldap_active = ilLDAPServer::_getFirstActiveServer();
     include_once 'Services/Radius/classes/class.ilRadiusSettings.php';
     $rad_settings = ilRadiusSettings::_getInstance();
     $rad_active = $rad_settings->isActive();
     $soap_active = $ilSetting->get('soap_auth_active', false);
     // apache settings
     $apache_settings = new ilSetting('apache_auth');
     $apache_active = $apache_settings->get('apache_enable_auth');
     // Check if active
     for ($i = 0; $i < 5; $i++) {
         if ($auth_mode = $this->settings->get((string) $i, 0)) {
             switch ($auth_mode) {
                 case AUTH_LOCAL:
                     $this->position[] = $auth_mode;
                     break;
                 case AUTH_LDAP:
                     if ($ldap_active) {
                         $this->position[] = $auth_mode;
                     }
                     break;
                 case AUTH_RADIUS:
                     if ($rad_active) {
                         $this->position[] = $auth_mode;
                     }
                     break;
                 case AUTH_SOAP:
                     if ($soap_active) {
                         $this->position[] = $auth_mode;
                     }
                     break;
                 case AUTH_APACHE:
                     if ($apache_active) {
                         $this->position[] = $auth_mode;
                     }
                     break;
             }
         }
     }
     // Append missing active auth modes
     if (!in_array(AUTH_LOCAL, $this->position)) {
         $this->position[] = AUTH_LOCAL;
     }
     if ($ldap_active) {
         if (!in_array(AUTH_LDAP, $this->position)) {
             $this->position[] = AUTH_LDAP;
         }
     }
     if ($rad_active) {
         if (!in_array(AUTH_RADIUS, $this->position)) {
             $this->position[] = AUTH_RADIUS;
         }
     }
     if ($soap_active) {
         if (!in_array(AUTH_SOAP, $this->position)) {
             $this->position[] = AUTH_SOAP;
         }
     }
     if ($apache_active) {
         if (!in_array(AUTH_APACHE, $this->position)) {
             $this->position[] = AUTH_APACHE;
         }
     }
 }
Пример #11
0
 /**
  * Check if an external account name is required.
  * That's the case if Radius,LDAP, CAS or SOAP is active
  *
  * @access public
  * @static
  *
  * @param
  */
 public static function _isExternalAccountEnabled()
 {
     global $ilSetting;
     if ($ilSetting->get("cas_active")) {
         return true;
     }
     if ($ilSetting->get("soap_auth_active")) {
         return true;
     }
     if ($ilSetting->get("shib_active")) {
         return true;
     }
     if ($ilSetting->get('radius_active')) {
         return true;
     }
     include_once 'Services/LDAP/classes/class.ilLDAPServer.php';
     if (count(ilLDAPServer::_getActiveServerList())) {
         return true;
     }
     include_once './Services/OpenId/classes/class.ilOpenIdSettings.php';
     if (ilOpenIdSettings::getInstance()->isActive()) {
         return true;
     }
     return false;
 }
Пример #12
0
 /**
  * Save
  *
  * @access public
  * 
  */
 public function save()
 {
     $form = $this->initFormSettings();
     if ($form->checkInput()) {
         $this->getSettings()->setActive($form->getInput('active'));
         $this->getSettings()->setServer($form->getInput('server'));
         $this->getSettings()->setPort($form->getInput('port'));
         $this->getSettings()->setUri($form->getInput('uri'));
         $this->getSettings()->setDefaultRole($form->getInput('role'));
         $this->getSettings()->enableLocalAuthentication($form->getInput('local'));
         $this->getSettings()->setLoginInstruction($form->getInput('instruction'));
         $this->getSettings()->enableUserCreation($form->getInput('sync') == ilCASSettings::SYNC_CAS ? true : false);
         $this->getSettings()->save();
         include_once './Services/LDAP/classes/class.ilLDAPServer.php';
         switch ((int) $form->getInput('sync')) {
             case ilCASSettings::SYNC_DISABLED:
                 ilLDAPServer::toggleDataSource(AUTH_CAS, false);
                 break;
             case ilCASSettings::SYNC_CAS:
                 ilLDAPServer::toggleDataSource(AUTH_CAS, false);
                 break;
             case ilCASSettings::SYNC_LDAP:
                 // TODO: handle multiple ldap configurations
                 ilLDAPServer::toggleDataSource(AUTH_CAS, true);
                 break;
         }
         ilUtil::sendSuccess($this->lng->txt('settings_saved'), true);
         $this->ctrl->redirect($this, 'settings');
     }
     $form->setValuesByPost();
     ilUtil::sendFailure($this->lng->txt('err_ceck_input'));
     $this->tpl->setContent($form->getHTML());
 }
Пример #13
0
 /**
  * Save
  *
  * @access public
  * 
  */
 public function save()
 {
     $this->settings->setActive((int) $_POST['active']);
     $this->settings->setName(ilUtil::stripSlashes($_POST['name']));
     $this->settings->setPort(ilUtil::stripSlashes($_POST['port']));
     $this->settings->setSecret(ilUtil::stripSlashes($_POST['secret']));
     $this->settings->setServerString(ilUtil::stripSlashes($_POST['servers']));
     $this->settings->setDefaultRole((int) $_POST['role']);
     $this->settings->enableAccountMigration((int) $_POST['migration']);
     $this->settings->setCharset((int) $_POST['charset']);
     $this->settings->enableCreation((int) $_POST['sync'] == ilRadiusSettings::SYNC_RADIUS ? true : false);
     if (!$this->settings->validateRequired()) {
         ilUtil::sendFailure($this->lng->txt("fill_out_all_required_fields"));
         $this->settings();
         return false;
     }
     if (!$this->settings->validatePort()) {
         ilUtil::sendFailure($this->lng->txt("err_invalid_port"));
         $this->settings();
         return false;
     }
     if (!$this->settings->validateServers()) {
         ilUtil::sendFailure($this->lng->txt("err_invalid_server"));
         $this->settings();
         return false;
     }
     include_once './Services/LDAP/classes/class.ilLDAPServer.php';
     switch ((int) $_POST['sync']) {
         case ilRadiusSettings::SYNC_DISABLED:
             ilLDAPServer::toggleDataSource(AUTH_RADIUS, false);
             break;
         case ilRadiusSettings::SYNC_RADIUS:
             ilLDAPServer::toggleDataSource(AUTH_RADIUS, false);
             break;
         case ilRadiusSettings::SYNC_LDAP:
             // TODO: handle multiple ldap configurations
             ilLDAPServer::toggleDataSource(AUTH_RADIUS, true);
             break;
     }
     $this->settings->save();
     ilUtil::sendSuccess($this->lng->txt('settings_saved'));
     $this->settings();
     return true;
 }
 /**
  * @param      $a_username
  * @param      $password
  * @param bool $isChallengeResponse
  * @return bool|void
  * @throws ilLDAPQueryException
  */
 function fetchData($a_username, $password, $isChallengeResponse = false)
 {
     /**
      * @var $ilDB      ilDB
      * @var $ilSetting ilSetting
      * @var $rbacadmin ilRbacAdmin
      */
     global $ilDB, $ilSetting, $rbacadmin;
     $settings = new ilSetting('apache_auth');
     if (!$settings->get('apache_enable_auth')) {
         return false;
     }
     if (!$settings->get('apache_auth_indicator_name') || !$settings->get('apache_auth_indicator_value')) {
         return false;
     }
     if (!ilUtil::isLogin($a_username)) {
         return false;
     }
     if ($a_username == 'anonymous' && $password == 'anonymous') {
         $query = 'SELECT * FROM usr_data WHERE login = %s';
         $qres = $ilDB->queryF($query, array('text'), array($a_username));
         $userRow = $ilDB->fetchAssoc($qres);
         if (is_array($userRow) && $userRow['usr_id']) {
             // user as a local account...
             // fetch logindata
             $this->activeUser = $userRow['login'];
             foreach ($userRow as $key => $value) {
                 if ($key == $this->options['passwordcol'] || $key == $this->options['usernamecol']) {
                     continue;
                 }
                 // Use reference to the auth object if exists
                 // This is because the auth session variable can change so a static call to setAuthData does not make sense
                 $this->_auth_obj->setAuthData($key, $value);
             }
             $this->_auth_obj->setAuth($userRow['login']);
             return true;
         }
         return false;
     }
     if (!$_SESSION['login_invalid'] && in_array($_SERVER[$settings->get('apache_auth_indicator_name')], array_filter(array_map('trim', str_getcsv($settings->get('apache_auth_indicator_value')))))) {
         // we have a valid apache auth
         $list = array($ilSetting->get('auth_mode'));
         // Respect the auth method sequence
         include_once './Services/Authentication/classes/class.ilAuthModeDetermination.php';
         $det = ilAuthModeDetermination::_getInstance();
         if (!$det->isManualSelection() && $det->getCountActiveAuthModes() > 1) {
             $list = array();
             foreach (ilAuthModeDetermination::_getInstance()->getAuthModeSequence() as $auth_mode) {
                 $list[] = $auth_mode;
             }
         }
         foreach ($list as $auth_mode) {
             if (AUTH_LDAP == $auth_mode) {
                 // if no local user has been found AND ldap lookup is enabled
                 if ($settings->get('apache_enable_ldap')) {
                     include_once 'Services/LDAP/classes/class.ilLDAPServer.php';
                     $this->server = new ilLDAPServer(ilLDAPServer::_getFirstActiveServer());
                     $this->server->doConnectionCheck();
                     $config = $this->server->toPearAuthArray();
                     $query = new ilLDAPQuery($this->server);
                     $query->bind();
                     $ldapUser = $query->fetchUser($a_username);
                     if ($ldapUser && $ldapUser[$a_username] && $ldapUser[$a_username][$config['userattr']] == $a_username) {
                         $ldapUser[$a_username]['ilInternalAccount'] = ilObjUser::_checkExternalAuthAccount("ldap", $a_username);
                         $user_data = $ldapUser[$a_username];
                         //array_change_key_case($a_auth->getAuthData(),CASE_LOWER);
                         if ($this->server->enabledSyncOnLogin()) {
                             if (!$user_data['ilInternalAccount'] && $this->server->isAccountMigrationEnabled() && !self::$force_creation) {
                                 $this->_auth_obj->logout();
                                 $_SESSION['tmp_auth_mode'] = 'ldap';
                                 $_SESSION['tmp_external_account'] = $a_username;
                                 $_SESSION['tmp_pass'] = $_POST['password'];
                                 include_once './Services/LDAP/classes/class.ilLDAPRoleAssignmentRules.php';
                                 $roles = ilLDAPRoleAssignmentRules::getAssignmentsForCreation($a_username, $user_data);
                                 $_SESSION['tmp_roles'] = array();
                                 foreach ($roles as $info) {
                                     if ($info['action'] == ilLDAPRoleAssignmentRules::ROLE_ACTION_ASSIGN) {
                                         $_SESSION['tmp_roles'][] = $info['id'];
                                     }
                                 }
                                 ilUtil::redirect('ilias.php?baseClass=ilStartUpGUI&cmdClass=ilstartupgui&cmd=showAccountMigration');
                             }
                             if ($this->updateRequired($a_username)) {
                                 $this->initLDAPAttributeToUser();
                                 $this->ldap_attr_to_user->setUserData($ldapUser);
                                 $this->ldap_attr_to_user->refresh();
                                 $user_data['ilInternalAccount'] = ilObjUser::_checkExternalAuthAccount("ldap", $a_username);
                             } else {
                                 // User exists and no update required
                                 $user_data['ilInternalAccount'] = ilObjUser::_checkExternalAuthAccount("ldap", $a_username);
                             }
                         }
                         if ($user_data['ilInternalAccount']) {
                             $this->_auth_obj->setAuth($user_data['ilInternalAccount']);
                             $this->_auth_obj->username = $user_data['ilInternalAccount'];
                             return true;
                         }
                     }
                 }
             } else {
                 if (AUTH_APACHE != $auth_mode && $settings->get('apache_enable_local')) {
                     $condition = '';
                     if ($ilSetting->get("auth_mode") && $ilSetting->get("auth_mode") == 'ldap') {
                         $condition = " AND auth_mode != " . $ilDB->quote('default', 'text') . " ";
                     }
                     $query = "SELECT * FROM usr_data WHERE login = %s AND auth_mode != %s {$condition}";
                     $qres = $ilDB->queryF($query, array('text', 'text'), array($a_username, 'ldap'));
                     $userRow = $ilDB->fetchAssoc($qres);
                     if (is_array($userRow) && $userRow['usr_id']) {
                         // user as a local account...
                         // fetch logindata
                         $this->activeUser = $userRow['login'];
                         foreach ($userRow as $key => $value) {
                             if ($key == $this->options['passwordcol'] || $key == $this->options['usernamecol']) {
                                 continue;
                             }
                             // Use reference to the auth object if exists
                             // This is because the auth session variable can change so a static call to setAuthData does not make sense
                             $this->_auth_obj->setAuthData($key, $value);
                         }
                         $this->_auth_obj->setAuth($userRow['login']);
                         return true;
                     }
                 }
             }
         }
         if ($settings->get('apache_enable_local') && $settings->get('apache_local_autocreate')) {
             if ($_GET['r']) {
                 $_SESSION['profile_complete_redirect'] = $_GET['r'];
             }
             $user = new ilObjUser();
             $user->setLogin($a_username);
             $user->setExternalAccount($a_username);
             $user->setProfileIncomplete(true);
             $user->create();
             $user->setAuthMode('apache');
             // set a timestamp for last_password_change
             // this ts is needed by ilSecuritySettings
             $user->setLastPasswordChangeTS(time());
             $user->setTimeLimitUnlimited(1);
             $user->setActive(1);
             //insert user data in table user_data
             $user->saveAsNew();
             $user->writePrefs();
             $rbacadmin->assignUser($settings->get('apache_default_role', 4), $user->getId(), true);
             return true;
         }
     } else {
         if (defined('IL_CERT_SSO') && IL_CERT_SSO) {
             define('APACHE_ERRORCODE', AUTH_APACHE_FAILED);
         }
     }
     return false;
 }
 /**
  * Init LDAP server
  * @param int $a_server_id
  */
 protected function initServer($a_auth_mode, $a_server_id)
 {
     $this->authmode = $a_auth_mode;
     $this->server = ilLDAPServer::getInstanceByServerId($a_server_id);
 }
 function fetchData($a_username, $password, $isChallengeResponse = false)
 {
     //var_dump(func_get_args());
     //var_dump($_SERVER);
     global $lng;
     $settings = new ilSetting('apache_auth');
     if (!$settings->get('apache_enable_auth')) {
         return false;
     }
     if (!$settings->get('apache_auth_indicator_name') || !$settings->get('apache_auth_indicator_value')) {
         return false;
     }
     if (!ilUtil::isLogin($a_username)) {
         return false;
     }
     if ($a_username == 'anonymous' && $password == 'anonymous') {
         global $ilDB;
         $query = 'SELECT * FROM usr_data WHERE login = %s';
         $qres = $ilDB->queryF($query, array('text'), array($a_username));
         $userRow = $ilDB->fetchAssoc($qres);
         if (is_array($userRow) && $userRow['usr_id']) {
             // user as a local account...
             // fetch logindata
             $this->activeUser = $userRow['login'];
             foreach ($userRow as $key => $value) {
                 if ($key == $this->options['passwordcol'] || $key == $this->options['usernamecol']) {
                     continue;
                 }
                 // Use reference to the auth object if exists
                 // This is because the auth session variable can change so a static call to setAuthData does not make sense
                 $this->_auth_obj->setAuthData($key, $value);
             }
             //var_dump($userRow);
             $this->_auth_obj->setAuth($userRow['login']);
             return true;
         }
         return false;
     }
     if (!$_SESSION['login_invalid'] && $_SERVER[$settings->get('apache_auth_indicator_name')] == $settings->get('apache_auth_indicator_value')) {
         // we have a valid apache auth
         global $ilDB;
         if ($settings->get('apache_enable_local')) {
             $query = 'SELECT * FROM usr_data WHERE login = %s OR (auth_mode = %s AND ext_account = %s)';
             $qres = $ilDB->queryF($query, array('text', 'text', 'text'), array($a_username, 'apache', $a_username));
             $userRow = $ilDB->fetchAssoc($qres);
             if (is_array($userRow) && $userRow['usr_id']) {
                 // user as a local account...
                 // fetch logindata
                 $this->activeUser = $userRow['login'];
                 foreach ($userRow as $key => $value) {
                     if ($key == $this->options['passwordcol'] || $key == $this->options['usernamecol']) {
                         continue;
                     }
                     // Use reference to the auth object if exists
                     // This is because the auth session variable can change so a static call to setAuthData does not make sense
                     $this->_auth_obj->setAuthData($key, $value);
                 }
                 //var_dump($userRow);
                 $this->_auth_obj->setAuth($userRow['login']);
                 return true;
             }
         }
         // if no local user has been found AND ldap lookup is enabled
         if ($settings->get('apache_enable_ldap')) {
             include_once 'Services/LDAP/classes/class.ilLDAPServer.php';
             $this->server = new ilLDAPServer(ilLDAPServer::_getFirstActiveServer());
             $this->server->doConnectionCheck();
             $config = $this->server->toPearAuthArray();
             $query = new ilLDAPQuery($this->server);
             $ldapUser = $query->fetchUser($a_username);
             if ($ldapUser && $ldapUser[$a_username] && $ldapUser[$a_username][$config['userattr']] == $a_username) {
                 $ldapUser[$a_username]['ilInternalAccount'] = ilObjUser::_checkExternalAuthAccount("apache", $a_username);
                 $user_data = $ldapUser[$a_username];
                 //array_change_key_case($a_auth->getAuthData(),CASE_LOWER);
                 if ($this->server->enabledSyncOnLogin()) {
                     if (!$user_data['ilInternalAccount'] && $this->server->isAccountMigrationEnabled() && !self::$force_creation) {
                         $this->_auth_obj->logout();
                         $_SESSION['tmp_auth_mode'] = 'apache';
                         $_SESSION['tmp_external_account'] = $a_username;
                         $_SESSION['tmp_pass'] = $_POST['password'];
                         include_once './Services/LDAP/classes/class.ilLDAPRoleAssignmentRules.php';
                         $roles = ilLDAPRoleAssignmentRules::getAssignmentsForCreation($a_username, $user_data);
                         $_SESSION['tmp_roles'] = array();
                         foreach ($roles as $info) {
                             if ($info['action'] == ilLDAPRoleAssignmentRules::ROLE_ACTION_ASSIGN) {
                                 $_SESSION['tmp_roles'][] = $info['id'];
                             }
                         }
                         ilUtil::redirect('ilias.php?baseClass=ilStartUpGUI&cmdClass=ilstartupgui&cmd=showAccountMigration');
                         exit;
                     }
                     if ($this->updateRequired($a_username)) {
                         $this->initLDAPAttributeToUser();
                         $this->ldap_attr_to_user->setUserData($ldapUser);
                         $this->ldap_attr_to_user->refresh();
                         $user_data['ilInternalAccount'] = ilObjUser::_checkExternalAuthAccount("apache", $a_username);
                     } else {
                         // User exists and no update required
                         $user_data['ilInternalAccount'] = ilObjUser::_checkExternalAuthAccount("apache", $a_username);
                     }
                 }
                 if ($user_data['ilInternalAccount']) {
                     $this->_auth_obj->setAuth($user_data['ilInternalAccount']);
                     return true;
                 }
             }
         }
         if ($settings->get('apache_enable_local') && $settings->get('apache_local_autocreate')) {
             // no local user, no ldap match or ldap not activated
             //				if (!self::$force_creation)
             //				{
             //					$_SESSION['tmp_auth_mode'] = 'apache';
             //					$_SESSION['tmp_external_account'] = $a_username;
             //					$_SESSION['tmp_pass'] = $_POST['password'];
             //ilUtil::redirect('https://lernwelt.janposselt.de/ilias.php?baseClass=ilStartUpGUI&cmdClass=ilstartupgui&cmd=showAccountMigration');
             //				}
             //				else
             //				{
             global $ilIliasIniFile;
             if ($_GET['r']) {
                 $_SESSION['profile_complete_redirect'] = $_GET['r'];
             }
             $user = new ilObjUser();
             $user->setLogin($a_username);
             $user->setExternalAccount($a_username);
             $user->setProfileIncomplete(true);
             $user->create();
             $user->setAuthMode('apache');
             // set a timestamp for last_password_change
             // this ts is needed by ilSecuritySettings
             $user->setLastPasswordChangeTS(time());
             $user->setTimeLimitUnlimited(1);
             $user->setActive(1);
             //insert user data in table user_data
             $user->saveAsNew();
             $user->writePrefs();
             global $rbacadmin;
             $rbacadmin->assignUser($settings->get('apache_default_role', 4), $user->getId(), true);
             return true;
             //				}
         }
     } else {
         if (defined('IL_CERT_SSO') && IL_CERT_SSO) {
             define('APACHE_ERRORCODE', AUTH_APACHE_FAILED);
         }
     }
     return false;
 }
Пример #17
0
 public static function _getFirstServer()
 {
     $servers = ilLDAPServer::_getServerList();
     if (count($servers)) {
         return $servers[0];
     }
     return 0;
 }
 /**
  * Init login form
  */
 protected function initLoginForm()
 {
     global $rbacsystem, $lng, $ilSetting;
     include_once "./Services/Form/classes/class.ilPropertyFormGUI.php";
     $this->form = new ilPropertyFormGUI();
     $this->form->setFormAction($this->ctrl->getFormAction($this, 'saveLoginInfo'));
     $this->form->setTableWidth('80%');
     $this->form->setTitle($this->lng->txt('login_information'));
     $this->form->addCommandButton('saveLoginInfo', $this->lng->txt('save'));
     include_once 'Services/LDAP/classes/class.ilLDAPServer.php';
     include_once 'Services/Radius/classes/class.ilRadiusSettings.php';
     $rad_settings = ilRadiusSettings::_getInstance();
     if ($ldap_id = ilLDAPServer::_getFirstActiveServer() or $rad_settings->isActive()) {
         $select = new ilSelectInputGUI($this->lng->txt('default_auth_mode'), 'default_auth_mode');
         $select->setValue($ilSetting->get('default_auth_mode', AUTH_LOCAL));
         $select->setInfo($this->lng->txt('default_auth_mode_info'));
         $options[AUTH_LOCAL] = $this->lng->txt('auth_local');
         if ($ldap_id) {
             $options[AUTH_LDAP] = $this->lng->txt('auth_ldap');
         }
         if ($rad_settings->isActive()) {
             $options[AUTH_RADIUS] = $this->lng->txt('auth_radius');
         }
         $select->setOptions($options);
         $this->form->addItem($select);
     }
     if (!is_object($this->loginSettings)) {
         $this->loginSettings = new ilSetting("login_settings");
     }
     $login_settings = $this->loginSettings->getAll();
     $languages = $lng->getInstalledLanguages();
     $def_language = $lng->getDefaultLanguage();
     foreach ($this->setDefLangFirst($def_language, $languages) as $lang_key) {
         $add = "";
         if ($lang_key == $def_language) {
             $add = " (" . $lng->txt("default") . ")";
         }
         $textarea = new ilTextAreaInputGUI($lng->txt("meta_l_" . $lang_key) . $add, 'login_message_' . $lang_key);
         $textarea->setRows(10);
         $textarea->setValue($login_settings["login_message_" . $lang_key]);
         $textarea->setUseRte(true);
         $textarea->setRteTagSet("extended");
         $this->form->addItem($textarea);
         unset($login_settings["login_message_" . $lang_key]);
     }
     foreach ($login_settings as $key => $message) {
         $lang_key = substr($key, strrpos($key, "_") + 1, strlen($key) - strrpos($key, "_"));
         $textarea = new ilTextAreaInputGUI($lng->txt("meta_l_" . $lang_key) . $add, 'login_message_' . $lang_key);
         $textarea->setRows(10);
         $textarea->setValue($message);
         $textarea->setUseRte(true);
         $textarea->setRteTagSet("extended");
         if (!in_array($lang_key, $languages)) {
             $textarea->setAlert($lng->txt("not_installed"));
         }
         $this->form->addItem($textarea);
     }
 }
Пример #19
0
 /**
  * Check if an external account name is required.
  * That's the case if Radius,LDAP, CAS or SOAP is active
  *
  * @access public
  * @static
  *
  * @param
  */
 public static function _isExternalAccountEnabled()
 {
     global $ilSetting;
     if ($ilSetting->get("cas_active")) {
         return true;
     }
     if ($ilSetting->get("soap_auth_active")) {
         return true;
     }
     if ($ilSetting->get("shib_active")) {
         return true;
     }
     if ($ilSetting->get('radius_active')) {
         return true;
     }
     include_once 'Services/LDAP/classes/class.ilLDAPServer.php';
     if (count(ilLDAPServer::_getActiveServerList())) {
         return true;
     }
     include_once './Services/OpenId/classes/class.ilOpenIdSettings.php';
     if (ilOpenIdSettings::getInstance()->isActive()) {
         return true;
     }
     // begin-path auth_plugin
     foreach (self::getAuthPlugins() as $pl) {
         foreach ($pl->getAuthIds() as $auth_id) {
             if ($pl->isAuthActive($auth_id) and $pl->isExternalAccountNameRequired($auth_id)) {
                 return true;
             }
         }
     }
     // end-path auth_plugin
     return false;
 }