2007-01-04 04:52:42 +00:00
|
|
|
|
<?php
|
2008-06-07 15:41:25 +00:00
|
|
|
|
|
2007-01-04 04:52:42 +00:00
|
|
|
|
/**
|
|
|
|
|
|
* @author Martin Dougiamas
|
2010-07-25 22:36:15 +00:00
|
|
|
|
* @author Jerome GUTIERREZ
|
2010-08-18 22:07:00 +00:00
|
|
|
|
* @author I<EFBFBD>aki Arenaza
|
2007-01-04 04:52:42 +00:00
|
|
|
|
* @license http://www.gnu.org/copyleft/gpl.html GNU Public License
|
|
|
|
|
|
* @package moodle multiauth
|
|
|
|
|
|
*
|
|
|
|
|
|
* Authentication Plugin: CAS Authentication
|
|
|
|
|
|
*
|
|
|
|
|
|
* Authentication using CAS (Central Authentication Server).
|
|
|
|
|
|
*
|
|
|
|
|
|
* 2006-08-28 File created.
|
|
|
|
|
|
*/
|
2010-07-25 22:36:15 +00:00
|
|
|
|
|
2007-02-20 17:03:36 +00:00
|
|
|
|
if (!defined('MOODLE_INTERNAL')) {
|
|
|
|
|
|
die('Direct access to this script is forbidden.'); /// It must be included from a Moodle page
|
|
|
|
|
|
}
|
2010-07-25 22:36:15 +00:00
|
|
|
|
|
|
|
|
|
|
require_once($CFG->dirroot.'/auth/ldap/auth.php');
|
2007-05-21 07:11:12 +00:00
|
|
|
|
require_once($CFG->dirroot.'/auth/cas/CAS/CAS.php');
|
2010-07-25 22:36:15 +00:00
|
|
|
|
|
2007-01-04 04:52:42 +00:00
|
|
|
|
/**
|
|
|
|
|
|
* CAS authentication plugin.
|
|
|
|
|
|
*/
|
2010-07-25 22:36:15 +00:00
|
|
|
|
class auth_plugin_cas extends auth_plugin_ldap {
|
|
|
|
|
|
|
2007-01-04 04:52:42 +00:00
|
|
|
|
/**
|
|
|
|
|
|
* Constructor.
|
|
|
|
|
|
*/
|
|
|
|
|
|
function auth_plugin_cas() {
|
2007-03-22 12:27:52 +00:00
|
|
|
|
$this->authtype = 'cas';
|
2010-07-25 22:36:15 +00:00
|
|
|
|
$this->roleauth = 'auth_cas';
|
|
|
|
|
|
$this->errorlogtag = '[AUTH CAS] ';
|
|
|
|
|
|
$this->init_plugin($this->authtype);
|
2007-01-04 04:52:42 +00:00
|
|
|
|
}
|
2009-11-23 21:50:40 +00:00
|
|
|
|
|
|
|
|
|
|
function prevent_local_passwords() {
|
|
|
|
|
|
return true;
|
|
|
|
|
|
}
|
|
|
|
|
|
|
2007-01-04 04:52:42 +00:00
|
|
|
|
/**
|
2010-07-25 22:36:15 +00:00
|
|
|
|
* Authenticates user against CAS
|
2007-01-04 04:52:42 +00:00
|
|
|
|
* Returns true if the username and password work and false if they are
|
|
|
|
|
|
* wrong or don't exist.
|
|
|
|
|
|
*
|
2010-07-25 22:36:15 +00:00
|
|
|
|
* @param string $username The username (with system magic quotes)
|
|
|
|
|
|
* @param string $password The password (with system magic quotes)
|
2007-02-20 17:03:36 +00:00
|
|
|
|
* @return bool Authentication success or failure.
|
2007-01-04 04:52:42 +00:00
|
|
|
|
*/
|
|
|
|
|
|
function user_login ($username, $password) {
|
2009-12-16 22:14:17 +00:00
|
|
|
|
$this->connectCAS();
|
2012-01-21 13:34:14 +01:00
|
|
|
|
return phpCAS::isAuthenticated() && (trim(textlib::strtolower(phpCAS::getUser())) == $username);
|
2007-01-04 04:52:42 +00:00
|
|
|
|
}
|
2010-07-25 22:36:15 +00:00
|
|
|
|
|
2007-01-04 04:52:42 +00:00
|
|
|
|
/**
|
|
|
|
|
|
* Returns true if this authentication plugin is 'internal'.
|
|
|
|
|
|
*
|
2007-02-20 17:03:36 +00:00
|
|
|
|
* @return bool
|
2007-01-04 04:52:42 +00:00
|
|
|
|
*/
|
|
|
|
|
|
function is_internal() {
|
|
|
|
|
|
return false;
|
|
|
|
|
|
}
|
2010-07-25 22:36:15 +00:00
|
|
|
|
|
2007-01-04 04:52:42 +00:00
|
|
|
|
/**
|
|
|
|
|
|
* Returns true if this authentication plugin can change the user's
|
|
|
|
|
|
* password.
|
|
|
|
|
|
*
|
2007-02-20 17:03:36 +00:00
|
|
|
|
* @return bool
|
2007-01-04 04:52:42 +00:00
|
|
|
|
*/
|
|
|
|
|
|
function can_change_password() {
|
2007-05-04 08:06:40 +00:00
|
|
|
|
return false;
|
2007-01-04 04:52:42 +00:00
|
|
|
|
}
|
2010-07-25 22:36:15 +00:00
|
|
|
|
|
2007-05-04 08:06:40 +00:00
|
|
|
|
/**
|
2010-07-25 22:36:15 +00:00
|
|
|
|
* Authentication choice (CAS or other)
|
|
|
|
|
|
* Redirection to the CAS form or to login/index.php
|
2007-05-04 08:06:40 +00:00
|
|
|
|
* for other authentication
|
|
|
|
|
|
*/
|
2007-03-28 08:28:02 +00:00
|
|
|
|
function loginpage_hook() {
|
2010-07-25 22:36:15 +00:00
|
|
|
|
global $frm;
|
|
|
|
|
|
global $CFG;
|
|
|
|
|
|
global $SESSION, $OUTPUT, $PAGE;
|
2007-07-23 11:37:21 +00:00
|
|
|
|
|
2010-07-25 22:36:15 +00:00
|
|
|
|
$site = get_site();
|
|
|
|
|
|
$CASform = get_string('CASform', 'auth_cas');
|
|
|
|
|
|
$username = optional_param('username', '', PARAM_RAW);
|
2007-07-23 11:37:21 +00:00
|
|
|
|
|
2010-07-25 22:36:15 +00:00
|
|
|
|
if (!empty($username)) {
|
|
|
|
|
|
if (isset($SESSION->wantsurl) && (strstr($SESSION->wantsurl, 'ticket') ||
|
|
|
|
|
|
strstr($SESSION->wantsurl, 'NOCAS'))) {
|
|
|
|
|
|
unset($SESSION->wantsurl);
|
|
|
|
|
|
}
|
|
|
|
|
|
return;
|
2007-03-22 12:27:52 +00:00
|
|
|
|
}
|
2007-07-23 11:37:21 +00:00
|
|
|
|
|
2010-07-25 22:36:15 +00:00
|
|
|
|
// Return if CAS enabled and settings not specified yet
|
|
|
|
|
|
if (empty($this->config->hostname)) {
|
|
|
|
|
|
return;
|
|
|
|
|
|
}
|
2007-09-11 07:54:55 +00:00
|
|
|
|
|
2010-07-25 22:36:15 +00:00
|
|
|
|
// Connection to CAS server
|
|
|
|
|
|
$this->connectCAS();
|
2009-12-16 22:14:17 +00:00
|
|
|
|
|
2010-07-25 22:36:15 +00:00
|
|
|
|
if (phpCAS::checkAuthentication()) {
|
|
|
|
|
|
$frm->username = phpCAS::getUser();
|
|
|
|
|
|
$frm->password = 'passwdCas';
|
|
|
|
|
|
return;
|
|
|
|
|
|
}
|
2009-12-16 22:14:17 +00:00
|
|
|
|
|
2010-07-25 22:36:15 +00:00
|
|
|
|
if (isset($_GET['loginguest']) && ($_GET['loginguest'] == true)) {
|
|
|
|
|
|
$frm->username = 'guest';
|
|
|
|
|
|
$frm->password = 'guest';
|
|
|
|
|
|
return;
|
|
|
|
|
|
}
|
2010-04-18 12:08:43 +00:00
|
|
|
|
|
2010-07-25 22:36:15 +00:00
|
|
|
|
if ($this->config->multiauth) {
|
|
|
|
|
|
$authCAS = optional_param('authCAS', '', PARAM_RAW);
|
|
|
|
|
|
if ($authCAS == 'NOCAS') {
|
|
|
|
|
|
return;
|
|
|
|
|
|
}
|
2009-12-16 22:14:17 +00:00
|
|
|
|
|
2010-07-25 22:36:15 +00:00
|
|
|
|
// Show authentication form for multi-authentication
|
|
|
|
|
|
// test pgtIou parameter for proxy mode (https connection
|
|
|
|
|
|
// in background from CAS server to the php server)
|
|
|
|
|
|
if ($authCAS != 'CAS' && !isset($_GET['pgtIou'])) {
|
|
|
|
|
|
$PAGE->set_url('/auth/cas/auth.php');
|
|
|
|
|
|
$PAGE->navbar->add($CASform);
|
|
|
|
|
|
$PAGE->set_title("$site->fullname: $CASform");
|
|
|
|
|
|
$PAGE->set_heading($site->fullname);
|
|
|
|
|
|
echo $OUTPUT->header();
|
|
|
|
|
|
include($CFG->dirroot.'/auth/cas/cas_form.html');
|
|
|
|
|
|
echo $OUTPUT->footer();
|
|
|
|
|
|
exit();
|
|
|
|
|
|
}
|
|
|
|
|
|
}
|
2009-12-16 22:14:17 +00:00
|
|
|
|
|
2010-07-25 22:36:15 +00:00
|
|
|
|
// Force CAS authentication (if needed).
|
|
|
|
|
|
if (!phpCAS::isAuthenticated()) {
|
|
|
|
|
|
phpCAS::setLang($this->config->language);
|
|
|
|
|
|
phpCAS::forceAuthentication();
|
|
|
|
|
|
}
|
|
|
|
|
|
}
|
2007-08-17 11:18:58 +00:00
|
|
|
|
|
2007-05-04 08:06:40 +00:00
|
|
|
|
/**
|
2010-07-25 22:36:15 +00:00
|
|
|
|
* Logout from the CAS
|
2007-05-04 08:06:40 +00:00
|
|
|
|
*
|
|
|
|
|
|
*/
|
2007-03-28 08:28:02 +00:00
|
|
|
|
function prelogout_hook() {
|
|
|
|
|
|
global $CFG;
|
2010-07-25 22:36:15 +00:00
|
|
|
|
|
|
|
|
|
|
if ($this->config->logoutcas) {
|
2009-12-16 22:14:17 +00:00
|
|
|
|
$backurl = $CFG->wwwroot;
|
2010-07-25 22:36:15 +00:00
|
|
|
|
$this->connectCAS();
|
2010-04-18 12:08:43 +00:00
|
|
|
|
phpCAS::logoutWithURL($backurl);
|
2010-07-25 22:36:15 +00:00
|
|
|
|
}
|
2007-03-28 08:28:02 +00:00
|
|
|
|
}
|
2010-07-25 22:36:15 +00:00
|
|
|
|
|
2007-05-04 08:06:40 +00:00
|
|
|
|
/**
|
2010-07-25 22:36:15 +00:00
|
|
|
|
* Connect to the CAS (clientcas connection or proxycas connection)
|
2007-05-04 08:06:40 +00:00
|
|
|
|
*
|
|
|
|
|
|
*/
|
|
|
|
|
|
function connectCAS() {
|
2010-07-25 22:36:15 +00:00
|
|
|
|
global $PHPCAS_CLIENT;
|
2009-12-16 22:14:17 +00:00
|
|
|
|
|
2010-07-25 22:36:15 +00:00
|
|
|
|
if (!is_object($PHPCAS_CLIENT)) {
|
|
|
|
|
|
// Make sure phpCAS doesn't try to start a new PHP session when connecting to the CAS server.
|
|
|
|
|
|
if ($this->config->proxycas) {
|
|
|
|
|
|
phpCAS::proxy($this->config->casversion, $this->config->hostname, (int) $this->config->port, $this->config->baseuri, false);
|
|
|
|
|
|
} else {
|
|
|
|
|
|
phpCAS::client($this->config->casversion, $this->config->hostname, (int) $this->config->port, $this->config->baseuri, false);
|
|
|
|
|
|
}
|
|
|
|
|
|
}
|
2009-12-16 22:14:17 +00:00
|
|
|
|
|
2010-11-18 00:12:23 +00:00
|
|
|
|
if($this->config->certificate_check && $this->config->certificate_path){
|
|
|
|
|
|
phpCAS::setCasServerCACert($this->config->certificate_path);
|
|
|
|
|
|
}else{
|
|
|
|
|
|
// Don't try to validate the server SSL credentials
|
|
|
|
|
|
phpCAS::setNoCasServerValidation();
|
|
|
|
|
|
}
|
2007-05-04 08:06:40 +00:00
|
|
|
|
}
|
2010-07-25 22:36:15 +00:00
|
|
|
|
|
2007-01-04 04:52:42 +00:00
|
|
|
|
/**
|
|
|
|
|
|
* Prints a form for configuring this authentication plugin.
|
|
|
|
|
|
*
|
|
|
|
|
|
* This function is called from admin/auth.php, and outputs a full page with
|
|
|
|
|
|
* a form for configuring this plugin.
|
|
|
|
|
|
*
|
|
|
|
|
|
* @param array $page An object containing all the data for this page.
|
|
|
|
|
|
*/
|
2007-02-20 17:03:36 +00:00
|
|
|
|
function config_form($config, $err, $user_fields) {
|
2010-07-25 22:36:15 +00:00
|
|
|
|
global $CFG, $OUTPUT;
|
2010-01-14 18:54:12 +00:00
|
|
|
|
|
2010-07-25 22:55:45 +00:00
|
|
|
|
if (!function_exists('ldap_connect')) { // Is php-ldap really there?
|
|
|
|
|
|
echo $OUTPUT->notification(get_string('auth_ldap_noextension', 'auth_ldap'));
|
|
|
|
|
|
|
|
|
|
|
|
// Don't return here, like we do in auth/ldap. We cas use CAS without LDAP.
|
|
|
|
|
|
// So just warn the user (done above) and define the LDAP constants we use
|
|
|
|
|
|
// in config.html, to silence the warnings.
|
|
|
|
|
|
if (!defined('LDAP_DEREF_NEVER')) {
|
|
|
|
|
|
define ('LDAP_DEREF_NEVER', 0);
|
|
|
|
|
|
}
|
|
|
|
|
|
if (!defined('LDAP_DEREF_ALWAYS')) {
|
|
|
|
|
|
define ('LDAP_DEREF_ALWAYS', 3);
|
|
|
|
|
|
}
|
|
|
|
|
|
}
|
|
|
|
|
|
|
2010-07-25 22:36:15 +00:00
|
|
|
|
include($CFG->dirroot.'/auth/cas/config.html');
|
2007-01-04 04:52:42 +00:00
|
|
|
|
}
|
2010-07-25 22:36:15 +00:00
|
|
|
|
|
2010-11-18 00:57:06 +00:00
|
|
|
|
/**
|
|
|
|
|
|
* A chance to validate form data, and last chance to
|
|
|
|
|
|
* do stuff before it is inserted in config_plugin
|
|
|
|
|
|
* @param object object with submitted configuration settings (without system magic quotes)
|
|
|
|
|
|
* @param array $err array of error messages
|
|
|
|
|
|
*/
|
|
|
|
|
|
function validate_form(&$form, &$err) {
|
|
|
|
|
|
$certificate_path = trim($form->certificate_path);
|
|
|
|
|
|
if ($form->certificate_check && empty($certificate_path)) {
|
|
|
|
|
|
$err['certificate_path'] = get_string('auth_cas_certificate_path_empty', 'auth_cas');
|
|
|
|
|
|
}
|
|
|
|
|
|
}
|
|
|
|
|
|
|
2007-01-04 04:52:42 +00:00
|
|
|
|
/**
|
2007-02-21 21:42:10 +00:00
|
|
|
|
* Returns the URL for changing the user's pw, or empty if the default can
|
2007-01-04 04:52:42 +00:00
|
|
|
|
* be used.
|
|
|
|
|
|
*
|
2010-08-18 22:07:00 +00:00
|
|
|
|
* @return moodle_url
|
2007-01-04 04:52:42 +00:00
|
|
|
|
*/
|
|
|
|
|
|
function change_password_url() {
|
2010-08-18 22:07:00 +00:00
|
|
|
|
return null;
|
2007-01-04 04:52:42 +00:00
|
|
|
|
}
|
2010-07-25 22:36:15 +00:00
|
|
|
|
|
2007-01-04 04:52:42 +00:00
|
|
|
|
/**
|
|
|
|
|
|
* Processes and stores configuration data for this authentication plugin.
|
|
|
|
|
|
*/
|
|
|
|
|
|
function process_config($config) {
|
2010-07-25 22:36:15 +00:00
|
|
|
|
|
2007-05-04 08:06:40 +00:00
|
|
|
|
// CAS settings
|
2010-07-25 22:36:15 +00:00
|
|
|
|
if (!isset($config->hostname)) {
|
2007-01-04 04:52:42 +00:00
|
|
|
|
$config->hostname = '';
|
2010-07-25 22:36:15 +00:00
|
|
|
|
}
|
|
|
|
|
|
if (!isset($config->port)) {
|
2007-01-04 04:52:42 +00:00
|
|
|
|
$config->port = '';
|
2010-07-25 22:36:15 +00:00
|
|
|
|
}
|
|
|
|
|
|
if (!isset($config->casversion)) {
|
2007-01-04 04:52:42 +00:00
|
|
|
|
$config->casversion = '';
|
2010-07-25 22:36:15 +00:00
|
|
|
|
}
|
|
|
|
|
|
if (!isset($config->baseuri)) {
|
2007-01-04 04:52:42 +00:00
|
|
|
|
$config->baseuri = '';
|
2010-07-25 22:36:15 +00:00
|
|
|
|
}
|
|
|
|
|
|
if (!isset($config->language)) {
|
2007-01-04 04:52:42 +00:00
|
|
|
|
$config->language = '';
|
2010-07-25 22:36:15 +00:00
|
|
|
|
}
|
|
|
|
|
|
if (!isset($config->proxycas)) {
|
2007-05-04 08:06:40 +00:00
|
|
|
|
$config->proxycas = '';
|
|
|
|
|
|
}
|
2010-07-25 22:36:15 +00:00
|
|
|
|
if (!isset($config->logoutcas)) {
|
|
|
|
|
|
$config->logoutcas = '';
|
2007-05-04 08:06:40 +00:00
|
|
|
|
}
|
2010-07-25 22:36:15 +00:00
|
|
|
|
if (!isset($config->multiauth)) {
|
|
|
|
|
|
$config->multiauth = '';
|
2007-05-04 08:06:40 +00:00
|
|
|
|
}
|
2010-11-18 00:12:23 +00:00
|
|
|
|
if (!isset($config->certificate_check)) {
|
|
|
|
|
|
$config->certificate_check = '';
|
|
|
|
|
|
}
|
|
|
|
|
|
if (!isset($config->certificate_path)) {
|
|
|
|
|
|
$config->certificate_path = '';
|
|
|
|
|
|
}
|
2007-06-28 09:35:32 +00:00
|
|
|
|
|
2010-07-25 22:36:15 +00:00
|
|
|
|
// LDAP settings
|
|
|
|
|
|
if (!isset($config->host_url)) {
|
|
|
|
|
|
$config->host_url = '';
|
2007-05-04 08:06:40 +00:00
|
|
|
|
}
|
2010-07-25 22:36:15 +00:00
|
|
|
|
if (empty($config->ldapencoding)) {
|
|
|
|
|
|
$config->ldapencoding = 'utf-8';
|
2007-05-04 08:06:40 +00:00
|
|
|
|
}
|
2010-07-25 22:36:15 +00:00
|
|
|
|
if (!isset($config->contexts)) {
|
|
|
|
|
|
$config->contexts = '';
|
2007-05-04 08:06:40 +00:00
|
|
|
|
}
|
2010-07-25 22:36:15 +00:00
|
|
|
|
if (!isset($config->user_type)) {
|
|
|
|
|
|
$config->user_type = 'default';
|
2009-02-15 15:03:33 +00:00
|
|
|
|
}
|
2010-07-25 22:36:15 +00:00
|
|
|
|
if (!isset($config->user_attribute)) {
|
|
|
|
|
|
$config->user_attribute = '';
|
2007-05-04 08:06:40 +00:00
|
|
|
|
}
|
2010-07-25 22:36:15 +00:00
|
|
|
|
if (!isset($config->search_sub)) {
|
|
|
|
|
|
$config->search_sub = '';
|
2007-05-04 08:06:40 +00:00
|
|
|
|
}
|
2010-07-25 22:36:15 +00:00
|
|
|
|
if (!isset($config->opt_deref)) {
|
|
|
|
|
|
$config->opt_deref = LDAP_DEREF_NEVER;
|
2007-05-04 08:06:40 +00:00
|
|
|
|
}
|
2010-07-25 22:36:15 +00:00
|
|
|
|
if (!isset($config->bind_dn)) {
|
|
|
|
|
|
$config->bind_dn = '';
|
2007-05-04 08:06:40 +00:00
|
|
|
|
}
|
2010-07-25 22:36:15 +00:00
|
|
|
|
if (!isset($config->bind_pw)) {
|
|
|
|
|
|
$config->bind_pw = '';
|
2007-05-04 08:06:40 +00:00
|
|
|
|
}
|
2010-07-26 15:24:50 +00:00
|
|
|
|
if (!isset($config->ldap_version)) {
|
|
|
|
|
|
$config->ldap_version = '3';
|
2007-05-04 08:06:40 +00:00
|
|
|
|
}
|
2010-07-25 22:36:15 +00:00
|
|
|
|
if (!isset($config->objectclass)) {
|
|
|
|
|
|
$config->objectclass = '';
|
2007-05-04 08:06:40 +00:00
|
|
|
|
}
|
2010-07-25 22:36:15 +00:00
|
|
|
|
if (!isset($config->memberattribute)) {
|
|
|
|
|
|
$config->memberattribute = '';
|
2007-05-04 08:06:40 +00:00
|
|
|
|
}
|
2008-06-07 15:41:25 +00:00
|
|
|
|
|
2010-07-25 22:36:15 +00:00
|
|
|
|
if (!isset($config->memberattribute_isdn)) {
|
|
|
|
|
|
$config->memberattribute_isdn = '';
|
2007-05-04 08:06:40 +00:00
|
|
|
|
}
|
2010-07-25 22:36:15 +00:00
|
|
|
|
if (!isset($config->attrcreators)) {
|
|
|
|
|
|
$config->attrcreators = '';
|
2007-05-04 08:06:40 +00:00
|
|
|
|
}
|
2010-07-25 22:36:15 +00:00
|
|
|
|
if (!isset($config->groupecreators)) {
|
|
|
|
|
|
$config->groupecreators = '';
|
2007-05-04 08:06:40 +00:00
|
|
|
|
}
|
2010-07-25 22:36:15 +00:00
|
|
|
|
if (!isset($config->removeuser)) {
|
|
|
|
|
|
$config->removeuser = AUTH_REMOVEUSER_KEEP;
|
2007-05-04 08:06:40 +00:00
|
|
|
|
}
|
2008-06-07 15:41:25 +00:00
|
|
|
|
|
2010-07-25 22:36:15 +00:00
|
|
|
|
// save CAS settings
|
|
|
|
|
|
set_config('hostname', trim($config->hostname), $this->pluginconfig);
|
|
|
|
|
|
set_config('port', trim($config->port), $this->pluginconfig);
|
|
|
|
|
|
set_config('casversion', $config->casversion, $this->pluginconfig);
|
|
|
|
|
|
set_config('baseuri', trim($config->baseuri), $this->pluginconfig);
|
|
|
|
|
|
set_config('language', $config->language, $this->pluginconfig);
|
|
|
|
|
|
set_config('proxycas', $config->proxycas, $this->pluginconfig);
|
|
|
|
|
|
set_config('logoutcas', $config->logoutcas, $this->pluginconfig);
|
|
|
|
|
|
set_config('multiauth', $config->multiauth, $this->pluginconfig);
|
2010-11-18 00:12:23 +00:00
|
|
|
|
set_config('certificate_check', $config->certificate_check, $this->pluginconfig);
|
|
|
|
|
|
set_config('certificate_path', $config->certificate_path, $this->pluginconfig);
|
2008-06-07 15:41:25 +00:00
|
|
|
|
|
2010-07-25 22:36:15 +00:00
|
|
|
|
// save LDAP settings
|
|
|
|
|
|
set_config('host_url', trim($config->host_url), $this->pluginconfig);
|
|
|
|
|
|
set_config('ldapencoding', trim($config->ldapencoding), $this->pluginconfig);
|
|
|
|
|
|
set_config('contexts', trim($config->contexts), $this->pluginconfig);
|
2012-01-21 13:34:14 +01:00
|
|
|
|
set_config('user_type', textlib::strtolower(trim($config->user_type)), $this->pluginconfig);
|
|
|
|
|
|
set_config('user_attribute', textlib::strtolower(trim($config->user_attribute)), $this->pluginconfig);
|
2010-07-25 22:36:15 +00:00
|
|
|
|
set_config('search_sub', $config->search_sub, $this->pluginconfig);
|
|
|
|
|
|
set_config('opt_deref', $config->opt_deref, $this->pluginconfig);
|
|
|
|
|
|
set_config('bind_dn', trim($config->bind_dn), $this->pluginconfig);
|
|
|
|
|
|
set_config('bind_pw', $config->bind_pw, $this->pluginconfig);
|
2010-07-26 15:24:50 +00:00
|
|
|
|
set_config('ldap_version', $config->ldap_version, $this->pluginconfig);
|
2010-07-25 22:36:15 +00:00
|
|
|
|
set_config('objectclass', trim($config->objectclass), $this->pluginconfig);
|
2012-01-21 13:34:14 +01:00
|
|
|
|
set_config('memberattribute', textlib::strtolower(trim($config->memberattribute)), $this->pluginconfig);
|
2010-07-25 22:36:15 +00:00
|
|
|
|
set_config('memberattribute_isdn', $config->memberattribute_isdn, $this->pluginconfig);
|
|
|
|
|
|
set_config('attrcreators', trim($config->attrcreators), $this->pluginconfig);
|
|
|
|
|
|
set_config('groupecreators', trim($config->groupecreators), $this->pluginconfig);
|
|
|
|
|
|
set_config('removeuser', $config->removeuser, $this->pluginconfig);
|
2008-06-07 15:41:25 +00:00
|
|
|
|
|
2007-05-04 08:06:40 +00:00
|
|
|
|
return true;
|
|
|
|
|
|
}
|
2008-06-07 15:41:25 +00:00
|
|
|
|
|
2007-05-04 08:06:40 +00:00
|
|
|
|
/**
|
|
|
|
|
|
* Returns true if user should be coursecreator.
|
|
|
|
|
|
*
|
|
|
|
|
|
* @param mixed $username username (without system magic quotes)
|
|
|
|
|
|
* @return boolean result
|
|
|
|
|
|
*/
|
|
|
|
|
|
function iscreator($username) {
|
2011-06-08 17:48:57 +02:00
|
|
|
|
if (empty($this->config->host_url) or (empty($this->config->attrcreators) && empty($this->config->groupecreators)) or empty($this->config->memberattribute)) {
|
2010-07-25 22:36:15 +00:00
|
|
|
|
return false;
|
2007-05-04 08:06:40 +00:00
|
|
|
|
}
|
2010-07-25 22:36:15 +00:00
|
|
|
|
|
2012-01-21 13:28:20 +01:00
|
|
|
|
$extusername = textlib::convert($username, 'utf-8', $this->config->ldapencoding);
|
2007-06-28 09:35:32 +00:00
|
|
|
|
|
2010-07-25 22:36:15 +00:00
|
|
|
|
// Test for group creator
|
|
|
|
|
|
if (!empty($this->config->groupecreators)) {
|
|
|
|
|
|
if ($this->config->memberattribute_isdn) {
|
|
|
|
|
|
if(!($userid = $this->ldap_find_userdn($ldapconnection, $extusername))) {
|
|
|
|
|
|
return false;
|
2007-05-04 08:06:40 +00:00
|
|
|
|
}
|
2010-07-25 22:36:15 +00:00
|
|
|
|
} else {
|
|
|
|
|
|
$userid = $extusername;
|
2007-05-04 08:06:40 +00:00
|
|
|
|
}
|
2010-07-25 22:36:15 +00:00
|
|
|
|
|
|
|
|
|
|
$group_dns = explode(';', $this->config->groupecreators);
|
|
|
|
|
|
if (ldap_isgroupmember($ldapconnection, $userid, $group_dns, $this->config->memberattribute)) {
|
|
|
|
|
|
return true;
|
2007-05-04 08:06:40 +00:00
|
|
|
|
}
|
|
|
|
|
|
}
|
2007-06-28 09:35:32 +00:00
|
|
|
|
|
2010-07-25 22:36:15 +00:00
|
|
|
|
// Build filter for attrcreator
|
|
|
|
|
|
if (!empty($this->config->attrcreators)) {
|
|
|
|
|
|
$attrs = explode(';', $this->config->attrcreators);
|
|
|
|
|
|
$filter = '(& ('.$this->config->user_attribute."=$username)(|";
|
|
|
|
|
|
foreach ($attrs as $attr){
|
|
|
|
|
|
if(strpos($attr, '=')) {
|
|
|
|
|
|
$filter .= "($attr)";
|
|
|
|
|
|
} else {
|
|
|
|
|
|
$filter .= '('.$this->config->memberattribute."=$attr)";
|
2007-05-04 08:06:40 +00:00
|
|
|
|
}
|
|
|
|
|
|
}
|
2010-07-25 22:36:15 +00:00
|
|
|
|
$filter .= '))';
|
2007-06-28 09:35:32 +00:00
|
|
|
|
|
2010-07-25 22:36:15 +00:00
|
|
|
|
// Search
|
|
|
|
|
|
$result = $this->ldap_get_userlist($filter);
|
|
|
|
|
|
if (count($result) != 0) {
|
|
|
|
|
|
return true;
|
2007-05-04 08:06:40 +00:00
|
|
|
|
}
|
|
|
|
|
|
}
|
2010-07-25 22:36:15 +00:00
|
|
|
|
|
|
|
|
|
|
return false;
|
2007-05-04 08:06:40 +00:00
|
|
|
|
}
|
2011-06-08 17:48:57 +02:00
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
|
* Reads user information from LDAP and returns it as array()
|
|
|
|
|
|
*
|
|
|
|
|
|
* If no LDAP servers are configured, user information has to be
|
|
|
|
|
|
* provided via other methods (CSV file, manually, etc.). Return
|
|
|
|
|
|
* an empty array so existing user info is not lost. Otherwise,
|
|
|
|
|
|
* calls parent class method to get user info.
|
|
|
|
|
|
*
|
|
|
|
|
|
* @param string $username username
|
|
|
|
|
|
* @return mixed array with no magic quotes or false on error
|
|
|
|
|
|
*/
|
|
|
|
|
|
function get_userinfo($username) {
|
|
|
|
|
|
if (empty($this->config->host_url)) {
|
|
|
|
|
|
return array();
|
|
|
|
|
|
}
|
|
|
|
|
|
return parent::get_userinfo($username);
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
|
* Syncronizes users from LDAP server to moodle user table.
|
|
|
|
|
|
*
|
|
|
|
|
|
* If no LDAP servers are configured, simply return. Otherwise,
|
|
|
|
|
|
* call parent class method to do the work.
|
|
|
|
|
|
*
|
|
|
|
|
|
* @param bool $do_updates will do pull in data updates from LDAP if relevant
|
|
|
|
|
|
* @return nothing
|
|
|
|
|
|
*/
|
|
|
|
|
|
function sync_users($do_updates=true) {
|
|
|
|
|
|
if (empty($this->config->host_url)) {
|
|
|
|
|
|
error_log('[AUTH CAS] '.get_string('noldapserver', 'auth_cas'));
|
|
|
|
|
|
return;
|
|
|
|
|
|
}
|
|
|
|
|
|
parent::sync_users($do_updates);
|
|
|
|
|
|
}
|
2007-01-04 04:52:42 +00:00
|
|
|
|
}
|
