LDAP PHP

LDAP is an acronym for Lightweight Directory Access Protocol. It is a universal method of storing directory information and is a partial implementation of the X.500 standard. LDAP was first described in RFC 1777 and RFC 1778. Through TCP/IP, clients can access a centralized address book containing contact information, public encryption keys, and similar information. Many servers are live on the Internet. Dante, a nonprofit organization, maintains a list of LDAP servers organized by country.

The functions in this section require either compiling LDAP support into the PHP module, or loading an extension module with dl. At the time of this writing, no extension existed for Windows. You can find a suitable LDAP library at the University of Michigan site stated above. The LDAP module is the result of collaboration by Amitay Isaacs, Rasmus Lerdorf, Gerrit Thomson, and Eric Warnke.

boolean ldap_add(integer link, string dn, array entry)
The ldap_add function adds entries to the specified DN at the object level. The entry argument is an array of the attribute values. If an attribute can have multiple values, the array element should be an array itself. See the mail attribute in the example below. If you wish to add attributes at the attribute level, use ldap_mod_add.

<?
//connect to LDAP server
if(!($ldap=ldap_connect("ldap.php.net")))
{
die("Could not connect to LDAP server!");
}
//set login DN
$dn="cn=root, dc=php, dc=net";
//attempt to bind to DN using password
if(!ldap_bind($ldap, $dn, ""))
{
die("Unable to bind to `$dn'!");
}
// create entry
$entry["cn"]="John";
$entry["sn"]="Smith";
$entry["mail"][0]="jsmith123@hotmail.com";
$entry["mail"][1]="smith@bigfoot.com";
$entry["objectclass"]="person";
$entry["telephonenumber"] = "123-123-1234";
$entry["mobile"] = "123-123-1235";
$entry["pager"] = "123-123-1236";
$entry["o"] = "ACME Web Design";
$entry["title"] = "Vice President";
$entry["department"] = "Technology";
//create new entry's DN
$dn = "cn=John Smith, dc=php, dc=net";
//add entry
if(ldap_add($ldap, $dn, $entry))
{
print("Entry Added! ");
}
else
{
print("Add failed!");
}
//close connection
ldap_close($ldap);
?>

boolean ldap_bind(integer link, string dn, string password)
Use ldap_bind to bind to a directory. Use the optional dn and password arguments to identify yourself. Servers typically require authentication for any commands that change the contents of the directory.

boolean ldap_close(integer link)
The ldap_close function closes the connection to the directory server

integer ldap_connect(string host, integer port)
The ldap_connect function returns an LDAP connection identifier, or FALSE when there is an error. Both arguments are optional. With no arguments, ldap_connect returns the identifier of the current open connection. If the port argument is omitted, port 389 is assumed.

integer ldap_count_entries(integer link, integer result)
The ldap_count_entries function returns the number of entries in the specified result set. The result argument is a result identifier returned by ldap_read.

boolean ldap_delete(integer link, string dn)
The ldap_delete function removes an entry from the directory.

<?
// connect to LDAP server
if(!($ldap=ldap_connect("ldap.php.net")))
{
die("Unable to connect to LDAP server!");
}
//set login DN
$dn="cn=root, dc=php, dc=net";
//attempt to bind to DN using password
if(!ldap_bind($ldap, $dn, "secret"))
{
die("Unable to bind to `$dn'!");
}
//delete entry from directory
$dn="cn=John Smith, dc=clearink, dc=com";
if(ldap_delete($ldap, $dn))
{
print("Entry Deleted! ");
}
else
{
print("Delete failed! ");
}
//close connection
ldap_close($ldap);
?>

string ldap_dn2ufn(string dn)
The ldap_dn2ufn translates a DN into a more user-friendly form, with type specifiers stripped.

<?
$dn = "cn=John Smith, dc=php, dc=net";
print(ldap_dn2ufn($dn));
?>

integer ldap_errno(integer link)
The ldap_errno function returns the error number for the last error on a connection.

string ldap_error(integer link)
The ldap_error function returns a description of the last error on a connection.

string ldap_err2str(integer error)
Use ldap_err2str to convert an error number to a textual description.

array ldap_explode_dn(string dn, boolean attributes)
The ldap_explode_dn function splits a DN returned by ldap_get_dn into an array. Each element is a Relative Distinguished Name, or RDN. The array contains an element indexed by count that is the number of RDNs. The attributes argument specifies whether values are returned with their attribute codes.

<?
//set test DN
$dn = "cn=Leon Atkinson, o=Clear Ink, c=US";
$rdn = ldap_explode_dn($dn, FALSE);
for($index = 0; $index < $rdn["count"]; $index++)
{
print("$rdn[$index] <BR> ");
}
?>

string ldap_first_attribute(integer link, integer result, integer pointer)
The ldap_first_attribute function returns the first attribute for a given entry. The pointer argument must be passed as a reference. This variable stores a pointer in the list of attributes. The ldap_get_attributes function is probably more convenient.

integer ldap_first_entry(integer link, integer result)
The ldap_first_entry function returns an entry identifier for the first entry in the result set. This integer is used in the ldap_next_entry function. Use ldap_get_entries to retrieve all entries in an array.

boolean ldap_free_entry(integer entry)
The ldap_free_entry function frees memory associated with an entry. The entry identifier is obtained through either ldap_first_entry or ldap_next_entry.

boolean ldap_free_result(integer result)
Use ldap_free_result to clear any memory used for a result returned by ldap_read or ldap_search.

array ldap_get_attributes(integer link, integer result)
Use ldap_get_attributes to get a multidimensional array of all the attributes and their values for the specified result identifier. Attributes may be referenced by their names or by a number. The count element specifies the number of elements. Multivalue attributes have a count element as well, and each element is referenced by number. This function allows you to browse a directory, discovering attributes you may not have known existed.

string ldap_get_dn(integer ldap, integer result)
The ldap_get_dn function returns the DN for the specified result.

array ldap_get_entries(integer link, integer result)
The ldap_get_entries function returns a three-dimensional array containing every entry in the result set. An associative element, count, returns the number of entries in the array. Each entry is numbered from zero. Each entry has a count element and a dn element. The attributes for the entry may be referenced by name or by number. Each attribute has its own count element and a numbered set of values.

array ldap_get_values(integer link, integer entry, string attribute)
The ldap_get_values function returns an array of every value for a given attribute. The values will be treated as strings. Use ldap_get_values_len if you need to get binary data.

<?
//connect to LDAP server
if(!($ldap=ldap_connect("ldap.php.net")))
{
die("Could not connect to LDAP server!");
}
//set up search criteria
$dn = "cn=John Smith, dc=php, dc=net";
$filter = "sn=*";
$attributes = array("givenname", "sn", "mail");
//perform search
if(!($result = ldap_read($ldap, $dn, $filter,
$attributes)))
{
die("Nothing Found!");
}
$entry = ldap_first_entry($ldap, $result);
$values = ldap_get_values($ldap, $entry, "mail");
print($values["count"] . " Values:<OL> ");
for($index=0; $index < $values["count"]; $index++)
{
print("<LI>$values[$index] ");
}
print("</OL> ");
ldap_free_result($result);
?>

integer ldap_get_values_len(integer link, integer entry, string attribute)
This function operates identically to ldap_get_values, except that it works with binary entries.

integer ldap_list(integer link, string dn, string filter, array attributes)
The ldap_list function returns all objects at the level of the given DN. The attributes argument is optional. If given, it limits results to objects containing the specified attributes.

ldap_list

ldap_list

ldap_list

boolean ldap_mod_add(integer link, string dn, array entry)
The ldap_mod_add function adds attributes to a DN at the attribute level. Compare this to ldap_add, which adds attributes at the object level.

boolean ldap_mod_del(integer link, string dn, array entry)
Use ldap_mod_del to remove attributes from a DN at the attribute level. Compare this to ldap_delete, which removes attributes at the object level.

boolean ldap_mod_replace(integer link, string dn, array entry)
The ldap_mod_replace function replaces entries for a DN at the attribute level. Compare this to ldap_modify, which replaces attributes at the object level.

boolean ldap_modify(integer link, string dn, array entry)
The ldap_modify function modifies an entry. Otherwise, it behaves identically to ldap_add.

string ldap_next_attribute(integer link, integer entry, integer pointer)
The ldap_next_attribute function is used to traverse the list of attributes for an entry. The pointer argument is passed by reference.

<?
//connect to LDAP server
if(!($ldap=ldap_connect("ldap.itd.umich.edu")))
{
die("Could not connect to LDAP server!");
}
// list organizations in the US
$dn = "o=University of Michigan, c=US";
$filter = "objectClass=*";
//perform search
if(!($result = ldap_list($ldap, $dn, $filter)))
{
die("Nothing Found!");
}
// get all attributes for first entry
$entry = ldap_first_entry($ldap, $result);
$attribute = ldap_first_attribute($ldap, $entry,
&$pointer);
while($attribute)
{
print("$attribute<BR> ");
$attribute = ldap_next_attribute($ldap,$entry,
&$pointer);
}
ldap_free_result($result);
?>

integer ldap_next_entry(integer link, integer entry)
The ldap_next_entry function returns the next entry in a result set. Use ldap_first_entry to get the first entry in a result set.

<?
//connect to LDAP server
if(!($ldap=ldap_connect("ldap.itd.umich.edu")))
{
die("Could not connect to LDAP server!");
}
// list organizations in the US
$dn = "o=University of Michigan, c=US";
$filter = "objectClass=*";
//perform search
if(!($result = ldap_list($ldap, $dn, $filter)))
{
die("Nothing Found!");
}
//get each entry
$entry = ldap_first_entry($ldap, $result);
do
{
//dump all attributes for each entry
$attribute = ldap_get_attributes($ldap,
$entry);
print("<PRE>");
var_dump($attribute);
print("</PRE> ");
print("<HR> ");
}
while($entry = ldap_next_entry($ldap, $entry));
ldap_free_result($result);
?>

integer ldap_read(integer link, string dn, string filter, array attributes)
The ldap_read function functions similarly to ldap_list and ldap_search. Arguments are used in the same manner, but ldap_read searches only in the base DN.

integer ldap_search(integer link, string dn, string filter, array attributes)
The ldap_search function behaves similarly to ldap_list and ldap_read. The difference is that it finds matches from the current directory down into every subtree. The attributes argument is optional and specifies a set of attributes that all matched entries must contain.

<?
/*
** Function: compareEntry
** This function compares two entries for
** the purpose of sorting.
*/
function compareEntry($left, $right)
{
$ln = strcmp($left["last"], $right["last"]);
if($ln == 0)
{
return(strcmp($left["first"],
$right["first"]));
}
else
{
return($ln);
}
}
//connect to LDAP server
if(!($ldap=ldap_connect("ldap.php.net")))
{
die("Could not connect to LDAP server!");
}
//set up search criteria
$dn = "dc=php, dc=net";
$filter = "sn=Atkinson";
$attributes = array("givenname", "sn");
//perform search
if(!($result = ldap_search($ldap, $dn, $filter,
$attributes)))
{
die("Nothing Found!");
}
//get all the entries
$entry = ldap_get_entries($ldap, $result);
print("There are " . $entry["count"] . "
people.<br> ");
//pull names out into array so we can sort them
for($i=0; $i < $entry["count"]; $i++)
{
//Note how we only use the first entry. This
//code assumes people only have one first
name,
//and one last name.
$person[$i]["first"] =
$entry[$i]["givenname"][0];
$person[$i]["last"] = $entry[$i]["sn"][0];
}
//sort by last name, then first name using
//compareEntry (defined above)
usort($person, "compareEntry");
//loop over each entry
for($i=0; $i < $entry["count"]; $i++)
{
print($person[$i]["first"] . " " .
$person[$i]["last"] . "<BR> ");
}
//free memory used by search
ldap_free_result($result);
?>

boolean ldap_unbind(integer link)
The ldap_unbind function is an alias for ldap_close.

« Previous Topics
Java
Imap
Gettext
Next Topics »
Semaphores
Shared Memory
Snmp

All rights reserved © 2018 Wisdom IT Services India Pvt. Ltd DMCA.com Protection Status

PHP Topics