PHP Function LDAP_Error Part 2

In the first part of this article series on LDAP, I gave a crash course in PHP’s support for LDAP, demonstrating how to create and query an LDAP directory server for user information. This second article looks at the php function ldap_error, which allows you to trap and handle errors in your PHP-LDAP scripts.

Functions are a powerful tool in any programming language, and PHP is no exception. They allow you to write code that is modular and reusable. Whether they come from the standard PHP distribution or from additional extensions compiled with PHP, they are an important part of the language.

PHP functions are named with the keyword function followed by the name of the function and closed parenthesis. The function code is defined inside the parentheses, and any variables or other pieces of data that are used in the function must be declared before the function is called. Functions are a way to break up complex and repetitive code into smaller, more manageable chunks.

The ldap_error function returns an error message (in text form) explaining the LDAP errno number that was returned by ldap_bind. This is useful, because some software checks only the errno return value without seeing if the bind was successfully executed. For example, when you try to bind to an LDAP server using a password but the connection is rejected by the LDAP library, you will get the errno 87 message. This is a common security vulnerability that can be easily exploited by hackers using Burpsuite or other similar tools.

Andreas Behr - CTO of DesertCoderz
You are a developer and looking for Shopware projects?
Apply Now!

ldap_error example


    public function bind(string $dn = null, #[\SensitiveParameter] string $password = null)     {
        if (!$this->connection) {
            $this->connect();
        }

        if (false === @ldap_bind($this->connection, $dn$password)) {
            $error = ldap_error($this->connection);
            switch (ldap_errno($this->connection)) {
                case self::LDAP_INVALID_CREDENTIALS:
                    throw new InvalidCredentialsException($error);
                case self::LDAP_TIMEOUT:
                    throw new ConnectionTimeoutException($error);
                case self::LDAP_ALREADY_EXISTS:
                    throw new AlreadyExistsException($error);
            }
            throw new ConnectionException($error);
        }

        
 {
    }

    /** * @return $this */
    public function add(Entry $entry)
    {
        $con = $this->getConnectionResource();

        if (!@ldap_add($con$entry->getDn()$entry->getAttributes())) {
            throw new LdapException(sprintf('Could not add entry "%s": ', $entry->getDn()).ldap_error($con)ldap_errno($con));
        }

        return $this;
    }

    /** * @return $this */
    public function update(Entry $entry)
    {
        $con = $this->getConnectionResource();

        
$con = $this->connection->getResource();

        if (!isset($this->results)) {
            return;
        }

        foreach ($this->results as $result) {
            if (false === $result || null === $result) {
                continue;
            }
            if (!ldap_free_result($result)) {
                throw new LdapException('Could not free results: '.ldap_error($con));
            }
        }
    }

    public function execute(): CollectionInterface
    {
        if (!isset($this->results)) {
            // If the connection is not bound, throw an exception. Users should use an explicit bind call first.             if (!$this->connection->isBound()) {
                throw new NotBoundException('Query execution is not possible without binding the connection first.');
            }

            
return $this->entries ??= iterator_to_array($this->getIterator(), false);
    }

    public function count(): int
    {
        $con = $this->connection->getResource();
        $searches = $this->search->getResources();
        $count = 0;
        foreach ($searches as $search) {
            $searchCount = ldap_count_entries($con$search);
            if (false === $searchCount) {
                throw new LdapException('Error while retrieving entry count: '.ldap_error($con));
            }
            $count += $searchCount;
        }

        return $count;
    }

    public function getIterator(): \Traversable
    {
        if (0 === $this->count()) {
            return;
        }
Home | Imprint | This part of the site doesn't use cookies.