PHP and LDAP - Adding New Attributes to an Existing LDAP Entry

In the first article in this series on PHP and LDAP, I introduced you to the basics of using LDAP to query an LDAP directory server for user information. You learned about the steps involved in a complete LDAP session, together with how to use a variety of PHP functions to perform that search. We also looked at some error-handling techniques that can help you avoid crashing your scripts during this process.

In this article, we'll take a closer look at the php function ldap_add, which adds new attributes to an existing LDAP entry. Before we start, let's make sure you have a good understanding of the LDAP architecture. LDAP stands for Lightweight Directory Access Protocol, and it's the foundation of Microsoft Active Directory (AD) and other LDAP-based directory services. It's a special kind of database that stores data in a tree structure, similar to how files are organised on your hard drive. The top of the tree is called "the world", for example, and then you'll find subdirectories like countries, which can then be divided into more specific categories such as organisations or people. Each level in the LDAP architecture has its own naming conventions and attributes. For example, a person's name is stored in the attribute called cn, and that name might be written as cn=Susan.

Adding a new LDAP attribute is easy, as you can see from the code below. The ldap_add() function takes two arguments: an LDAPConnection instance, returned by ldap_connect(), and an associative array listing the attirbute values you wish to add.