LimeSurvey API - Master branch

AuthLDAP extends AuthPluginBase
in package

Table of Contents

Constants

ERROR_ALREADY_EXISTING_USER  = 120
ERROR_AUTH_METHOD_INVALID  = 30
ERROR_INVALID_EMAIL  = 110
ERROR_IP_LOCKED_OUT  = 98
ERROR_LDAP_CONNECTION  = 130
ERROR_LDAP_MODE  = 135
ERROR_LDAP_NO_BIND  = 160
ERROR_LDAP_NO_EMAIL  = 140
ERROR_LDAP_NO_FULLNAME  = 150
ERROR_LDAP_NO_SEARCH_RESULT  = 170
ERROR_NONE  = 0
These constants reflect the error codes to be used by the identity, they are copied from LSUserIdentity and CBaseUserIdentity for easier access.
ERROR_NOT_ADDED  = 5
ERROR_PASSWORD_INVALID  = 20
ERROR_UNKNOWN_HANDLER  = 99
ERROR_UNKNOWN_IDENTITY  = 100
ERROR_USERNAME_INVALID  = 10
LDAP_INVALID_PASSWORD_TEXT  = "INVALID_PASSWORD-LDAP_USER"

Properties

$allowedPublicMethods  : mixed
$_password  : mixed
$_username  : mixed
$autoCreate  : bool
Can we autocreate users? For the moment this is disabled, will be moved to a setting when we have more robust user creation system.
$description  : mixed
$name  : mixed
$settings  : mixed
$storage  : mixed

Methods

afterLoginFormSubmit()  : null
Set username and password by post request
beforeActivate()  : void
Check availability of LDAP Apache Module
beforeHasPermission()  : void
Validation of AuthPermission (for super-admin only)
beforeLogin()  : mixed
createNewUser()  : void
Create a LDAP user
getAuthMethodName()  : string
Returns the authentication method's name
getGlobalBasePermissions()  : void
Add AuthLDAP Permission to global Permission
getPluginSettings()  : array<string|int, mixed>
Modified getPluginSettings since we have a select box that autosubmits and we only want to show the relevant options.
init()  : mixed
newLoginForm()  : mixed
newUserSession()  : mixed
remoteControlLogin()  : null
Set username and password by event
setAuthFailure()  : AuthPluginBase
Set authentication result to failure.
setAuthPlugin()  : AuthPluginBase
Set this plugin to handle the authentication
setAuthSuccess()  : AuthPluginBase
Set authentication result to success for the given user object.
getPassword()  : string|null
Get the password (if set)
getUserName()  : string|null
Get the username (if set)
setPassword()  : AuthPluginBase
Set the password to use for authentication
setUsername()  : AuthPluginBase
Set the username to use for authentication
createConnection()  : array<string|int, mixed>|Connection
Create LDAP connection and return it In case of error : return an array with errorCode
ldapCreateNewUser()  : null|int
Create a LDAP user

Constants

ERROR_ALREADY_EXISTING_USER

public mixed ERROR_ALREADY_EXISTING_USER = 120

ERROR_AUTH_METHOD_INVALID

public mixed ERROR_AUTH_METHOD_INVALID = 30

ERROR_LDAP_NO_FULLNAME

public mixed ERROR_LDAP_NO_FULLNAME = 150

ERROR_LDAP_NO_SEARCH_RESULT

public mixed ERROR_LDAP_NO_SEARCH_RESULT = 170

ERROR_NONE

These constants reflect the error codes to be used by the identity, they are copied from LSUserIdentity and CBaseUserIdentity for easier access.

public mixed ERROR_NONE = 0

ERROR_UNKNOWN_IDENTITY

public mixed ERROR_UNKNOWN_IDENTITY = 100

LDAP_INVALID_PASSWORD_TEXT

public mixed LDAP_INVALID_PASSWORD_TEXT = "INVALID_PASSWORD-LDAP_USER"

Properties

$allowedPublicMethods

public mixed $allowedPublicMethods = array()
Tags
inheritdoc

this plugin didn't have any public method

$autoCreate

Can we autocreate users? For the moment this is disabled, will be moved to a setting when we have more robust user creation system.

protected bool $autoCreate = \false

$description

protected static mixed $description = 'Core: LDAP authentication'

$name

protected static mixed $name = 'LDAP'

$settings

protected mixed $settings = array('server' => array('type' => 'string', 'label' => 'LDAP server', 'help' => 'e.g. ldap://ldap.example.com or ldaps://ldap.example.com'), 'ldapport' => array('type' => 'string', 'label' => 'Port number', 'help' => 'Default when omitted is 389'), 'ldapversion' => array('type' => 'select', 'label' => 'LDAP version', 'options' => array('2' => 'LDAPv2', '3' => 'LDAPv3'), 'default' => '2', 'submitonchange' => \true), 'ldapoptreferrals' => array('type' => 'boolean', 'label' => 'Select true if referrals must be followed (use false for ActiveDirectory)', 'default' => '0'), 'ldaptls' => array('type' => 'boolean', 'help' => 'Check to enable Start-TLS encryption, when using LDAPv3', 'label' => 'Enable Start-TLS', 'default' => '0'), 'ldapmode' => array('type' => 'select', 'label' => 'Select how to perform authentication.', 'options' => array("simplebind" => "Simple bind", "searchandbind" => "Search and bind"), 'default' => "simplebind", 'submitonchange' => \true), 'userprefix' => array('type' => 'string', 'label' => 'Username prefix', 'help' => 'e.g. cn= or uid='), 'domainsuffix' => array('type' => 'string', 'label' => 'Username suffix', 'help' => 'e.g. @mydomain.com or remaining part of ldap query'), 'searchuserattribute' => array('type' => 'string', 'label' => 'Attribute to compare to the given login can be uid, cn, mail, ...'), 'usersearchbase' => array('type' => 'string', 'label' => 'Base DN for the user search operation. Multiple bases may be separated by a semicolon (;)'), 'extrauserfilter' => array('type' => 'string', 'label' => 'Optional extra LDAP filter to be ANDed to the basic (searchuserattribute=username) filter. Don\'t forget the outmost enclosing parentheses'), 'binddn' => array('type' => 'string', 'label' => 'Optional DN of the LDAP account used to search for the end-user\'s DN. An anonymous bind is performed if empty.'), 'bindpwd' => array('type' => 'password', 'label' => 'Password of the LDAP account used to search for the end-user\'s DN if previoulsy set.'), 'mailattribute' => array('type' => 'string', 'label' => 'LDAP attribute of email address'), 'fullnameattribute' => array('type' => 'string', 'label' => 'LDAP attribute of full name'), 'is_default' => array('type' => 'checkbox', 'label' => 'Check to make default authentication method'), 'autocreate' => array('type' => 'checkbox', 'label' => 'Automatically create user if it exists in LDAP server'), 'automaticsurveycreation' => array('type' => 'checkbox', 'label' => 'Grant survey creation permission to automatically created users'), 'groupsearchbase' => array('type' => 'string', 'label' => 'Optional base DN for group restriction', 'help' => 'E.g., ou=Groups,dc=example,dc=com'), 'groupsearchfilter' => array('type' => 'string', 'label' => 'Optional filter for group restriction', 'help' => 'Required if group search base set. E.g. (&(cn=limesurvey)(memberUid=$username)) or (&(cn=limesurvey)(member=$userdn))'), 'allowInitialUser' => array('type' => 'checkbox', 'label' => 'Allow initial user to login via LDAP'))

$storage

protected mixed $storage = 'DbStorage'

Methods

afterLoginFormSubmit()

Set username and password by post request

public afterLoginFormSubmit() : null
Return values
null

beforeActivate()

Check availability of LDAP Apache Module

public beforeActivate() : void

beforeHasPermission()

Validation of AuthPermission (for super-admin only)

public beforeHasPermission() : void

beforeLogin()

public beforeLogin() : mixed

createNewUser()

Create a LDAP user

public createNewUser() : void

getAuthMethodName()

Returns the authentication method's name

public static getAuthMethodName() : string
Return values
string

getGlobalBasePermissions()

Add AuthLDAP Permission to global Permission

public getGlobalBasePermissions() : void

getPluginSettings()

Modified getPluginSettings since we have a select box that autosubmits and we only want to show the relevant options.

public getPluginSettings([bool $getValues = true ]) : array<string|int, mixed>
Parameters
$getValues : bool = true
Return values
array<string|int, mixed>

newLoginForm()

public newLoginForm() : mixed

newUserSession()

public newUserSession() : mixed

remoteControlLogin()

Set username and password by event

public remoteControlLogin() : null
Return values
null

setAuthFailure()

Set authentication result to failure.

public setAuthFailure([int $code = self::ERROR_UNKNOWN_IDENTITY ][, string $message = '' ][, PluginEvent $event = null ]) : AuthPluginBase
Parameters
$code : int = self::ERROR_UNKNOWN_IDENTITY

Any of the constants defined in this class

$message : string = ''

An optional message to return about the failure

$event : PluginEvent = null
Return values
AuthPluginBase

getPassword()

Get the password (if set)

protected getPassword() : string|null
Return values
string|null

getUserName()

Get the username (if set)

protected getUserName() : string|null
Return values
string|null

createConnection()

Create LDAP connection and return it In case of error : return an array with errorCode

private createConnection() : array<string|int, mixed>|Connection
Return values
array<string|int, mixed>|Connection

, array if error.

ldapCreateNewUser()

Create a LDAP user

private ldapCreateNewUser(Event $oEvent, string $new_user[, string $password = null ]) : null|int
Parameters
$oEvent : Event

Either CreateNewUser event or dummy event.

$new_user : string
$password : string = null
Return values
null|int

New user ID


        

        
    




    

    

                                

                

                                
    

        On this page

        
    


                

                            

            

    

        

            
Search results