Using the LDAP Protocol in PHP

Just because you can access a restricted area doesn't mean that you have free reign over its contents. In fact, exactly what you can add, modify, and destroy is based on the furnishable credentials that you present to the directory server when you want to carry out its services. The LDAP protocol supplies the means to do so through functions like ldap_bind() and ldap_unbind(), which will provide a connection with the server once you've supplied the necessary credentials.

Several other php functions are required to communicate with an LDAP server; they are responsible for connecting, setting up configuration parameters, binding to, and closing the server. These are discussed in articles on the ldap_connect(), ldap_set_option(), and ldap_unbind() functions.

Once a connection has been established with the LDAP server, the ldap_get_option function can be used to read all of the values of an entry in the result. The ldap_get_option() function returns all of the attribute values as an array of elements, and you can retrieve individual values by indexing into the array.

Until PHP 7.3, the ldap_get_option() and ldap_set_option() functions did not support an optional parameter known as the LDAP Controls. This allows a value to be sent to the LDAP server with a query, which can tell it how to sort or treat a search result or what to return in a response. Now these php functions support the LDAP_OPT_SERVER_CONTROLS and LDAP_OPT_CLIENT_CONTROLS constants, which enable them to set and retrieve this type of information via the current LDAP session.

Andreas Behr - CTO of DesertCoderz
You are a developer and looking for Shopware projects?
Apply Now!

ldap_get_option example

// This is a workaround for a bit of a bug in the above invocation         // of ldap_control_paged_result. Instead of indicating to extldap that         // we no longer wish to page queries on this link, this invocation sets         // the LDAP_CONTROL_PAGEDRESULTS OID with a page size of 0. This isn't         // well defined by RFC 2696 if there is no cookie present, so some servers         // will interpret it differently and do the wrong thing. Forcefully remove         // the OID for now until a fix can make its way through the versions of PHP         // the we support.         //         // This is not supported in PHP < 7.2, so these versions will remain broken.         $ctl = [];
        ldap_get_option($con, \LDAP_OPT_SERVER_CONTROLS, $ctl);
        if (!empty($ctl)) {
            foreach ($ctl as $idx => $info) {
                if (static::PAGINATION_OID == $info['oid']) {
                    unset($ctl[$idx]);
                }
            }
            ldap_set_option($con, \LDAP_OPT_SERVER_CONTROLS, $ctl);
        }
    }

    /** * Sets LDAP pagination controls. */

        if (!@ldap_set_option($this->connection, ConnectionOptions::getOption($name)$value)) {
            throw new LdapException(sprintf('Could not set value "%s" for option "%s".', $value$name));
        }
    }

    /** * @return array|string|int|null */
    public function getOption(string $name)
    {
        if (!@ldap_get_option($this->connection, ConnectionOptions::getOption($name)$ret)) {
            throw new LdapException(sprintf('Could not retrieve value for option "%s".', $name));
        }

        return $ret;
    }

    /** * @return void */
    protected function configureOptions(OptionsResolver $resolver)
    {
        
Home | Imprint | This part of the site doesn't use cookies.