Ref/ldap-Phpdoc专题
ldap_8859_to_t61
Translate 8859 characters to t61 characters
说明
string<span
class="type">false <span
class="methodname">ldap_8859_to_t61 ( <span
class="methodparam">string $value
)
Translate ISO-8859 characters to t61 characters.
This function is useful if you have to talk to a legacy LDAPv2 server.
参数
value
The text to be translated.
返回值
Return the t61 translation of value
, 或者在失败时返回 false
.
参见
- ldap_t61_to_8859
ldap_add_ext
Add entries to LDAP directory
说明
resource<span
class="type">false <span
class="methodname">ldap_add_ext ( <span
class="methodparam">resource $ldap
,
string $dn
, array
$entry
[, <span
class="type">arraynull
$controls
= null
] )
Does the same thing as ldap_add but returns the LDAP result resource to be parsed with <span class="function">ldap_parse_result.
参数
See ldap_add
返回值
Returns an LDAP result identifier or false
on error.
更新日志
版本 | 说明 |
---|---|
8.0.0 | controls is nullable now; previously, it defaulted to []. |
注释
Note: 此函数可安全用于二进制对象。
参见
- ldap_add
- ldap_parse_result
ldap_add
Add entries to LDAP directory
说明
bool ldap_add
( resource
$ldap
, <span
class="type">string $dn
, <span
class="methodparam">array $entry
[,
<span
class="type">arraynull
$controls
= null
] )
Add entries in the LDAP directory.
参数
ldap
An LDAP link identifier, returned by <span
class="function">ldap_connect.
dn
The distinguished name of an LDAP entity.
entry
An array that specifies the information about the entry. The values in
the entries are indexed by individual attributes. In case of multiple
values for an attribute, they are indexed using integers starting
with 0.
<?php
$entry["attribute1"] = "value";
$entry["attribute2"][0] = "value1";
$entry["attribute2"][1] = "value2";
?>
controls
Array of LDAP Controls to
send with the request.
返回值
成功时返回 true
, 或者在失败时返回 false
。
更新日志
版本 | 说明 |
---|---|
8.0.0 | controls is nullable now; previously, it defaulted to []. |
7.3 | Support for controls added |
范例
示例 #1 Complete example with authenticated bind
<?php
$ds = ldap_connect("localhost"); // assuming the LDAP server is on this host
if ($ds) {
// bind with appropriate dn to give update access
$r = ldap_bind($ds, "cn=root, o=My Company, c=US", "secret");
// prepare data
$info["cn"] = "John Jones";
$info["sn"] = "Jones";
$info["objectclass"] = "person";
// add data to directory
$r = ldap_add($ds, "cn=John Jones, o=My Company, c=US", $info);
ldap_close($ds);
} else {
echo "Unable to connect to LDAP server";
}
?>
注释
Note: 此函数可安全用于二进制对象。
参见
- ldap_add_ext
- ldap_delete
ldap_bind_ext
Bind to LDAP directory
说明
resource<span
class="type">false <span
class="methodname">ldap_bind_ext ( <span
class="methodparam">resource $ldap
[, <span
class="type">stringnull
$dn
= null
[, <span
class="methodparam"><span
class="type">stringnull
$password
= null
[,
<span
class="type">arraynull
$controls
= null
]]]
)
Does the same thing as ldap_bind but returns the LDAP result resource to be parsed with <span class="function">ldap_parse_result.
参数
See ldap_bind
返回值
Returns an LDAP result identifier or false
on error.
更新日志
版本 | 说明 |
---|---|
8.0.0 | controls is nullable now; previously, it defaulted to []. |
参见
- ldap_bind
- ldap_parse_result
ldap_bind
绑定 LDAP 目录
说明
bool <span
class="methodname">ldap_bind ( <span
class="type">resource $link_identifier
[, <span
class="methodparam">string $bind_rdn
<span
class="initializer"> = null
[, <span
class="methodparam">string
$bind_password
= null
]] )
使用指定的 RDN 和密码绑定到 LDAP 目录。
参数
link_identifier
通过 ldap_connect 连接之后返回的 LDAP
连接标识。
bind_rdn
bind_password
如果没有指定 bind_rdn
和 bind_password
,将会以匿名身份绑定。
返回值
成功时返回 true
, 或者在失败时返回 false
。
范例
示例 #1 使用 LDAP Bind
<?php
// using ldap bind
$ldaprdn = 'uname'; // ldap rdn or dn
$ldappass = 'password'; // associated password
// connect to ldap server
$ldapconn = ldap_connect("ldap.example.com")
or die("Could not connect to LDAP server.");
if ($ldapconn) {
// binding to ldap server
$ldapbind = ldap_bind($ldapconn, $ldaprdn, $ldappass);
// verify binding
if ($ldapbind) {
echo "LDAP bind successful...";
} else {
echo "LDAP bind failed...";
}
}
?>
示例 #2 Using LDAP Bind Anonymously
<?php
//using ldap bind anonymously
// connect to ldap server
$ldapconn = ldap_connect("ldap.example.com")
or die("Could not connect to LDAP server.");
if ($ldapconn) {
// binding anonymously
$ldapbind = ldap_bind($ldapconn);
if ($ldapbind) {
echo "LDAP bind anonymous successful...";
} else {
echo "LDAP bind anonymous failed...";
}
}
?>
参见
- ldap_unbind
ldap_close
别名 ldap_unbind
说明
此函数是该函数的别名: ldap_unbind.
ldap_compare
Compare value of attribute found in entry specified with DN
说明
bool<span
class="type">int <span
class="methodname">ldap_compare ( <span
class="methodparam">resource $ldap
,
string $dn
, string
$attribute
, <span
class="type">string $value
[, <span
class="methodparam"><span
class="type">arraynull
$controls
= null
] )
Compare value
of attribute
with value of same attribute in an LDAP
directory entry.
参数
ldap
An LDAP link identifier, returned by <span
class="function">ldap_connect.
dn
The distinguished name of an LDAP entity.
attribute
The attribute name.
value
The compared value.
controls
Array of LDAP Controls to
send with the request.
返回值
Returns true
if value
matches otherwise returns false
.
Returns -1 on error.
更新日志
版本 | 说明 |
---|---|
8.0.0 | controls is nullable now; previously, it defaulted to []. |
7.3 | Support for controls added |
范例
The following example demonstrates how to check whether or not given password matches the one defined in DN specified entry.
示例 #1 Complete example of password check
<?php
$ds=ldap_connect("localhost"); // assuming the LDAP server is on this host
if ($ds) {
// bind
if (ldap_bind($ds)) {
// prepare data
$dn = "cn=Matti Meikku, ou=My Unit, o=My Company, c=FI";
$value = "secretpassword";
$attr = "password";
// compare value
$r=ldap_compare($ds, $dn, $attr, $value);
if ($r === -1) {
echo "Error: " . ldap_error($ds);
} elseif ($r === true) {
echo "Password correct.";
} elseif ($r === false) {
echo "Wrong guess! Password incorrect.";
}
} else {
echo "Unable to bind to LDAP server.";
}
ldap_close($ds);
} else {
echo "Unable to connect to LDAP server.";
}
?>
注释
Warning
ldap_compare can NOT be used to compare BINARY values!
ldap_connect
Connect to an LDAP server
说明
resource<span
class="type">false <span
class="methodname">ldap_connect ([ <span
class="methodparam"><span
class="type">stringnull
$uri
= null
] )
Warning
The following signature is still supported for backwards compatibility (except for using named parameters), but is considered deprecated and should not be used anymore!
resource<span
class="type">false <span
class="methodname">ldap_connect ([ <span
class="methodparam">string $host
<span
class="initializer"> = null
[, <span
class="methodparam">int $port
<span
class="initializer"> = 389 ]] )
Creates an LDAP link identifier and checks whether the given uri
is
plausible.
Note: This function does not open a connection. It checks whether the given parameters are plausible and can be used to open a connection as soon as one is needed.
参数
uri
A full LDAP URI of the form ldap://hostname:port or
ldaps://hostname:port for SSL encryption.
You can also provide multiple LDAP-URIs separated by a space as one string
Note that hostname:port is not a supported LDAP URI as the schema is missing.
host
The hostname to connect to.
port
The port to connect to.
返回值
Returns a positive LDAP link identifier when the provided LDAP URI seems
plausible. It's a syntactic check of the provided parameter but the
server(s) will not be contacted! If the syntactic check fails it returns
false
. ldap_connect will otherwise
return a resource as it does not actually
connect but just initializes the connecting parameters. The actual
connect happens with the next calls to ldap_* funcs, usually with
ldap_bind.
If no argument is specified then the link identifier of the already opened link will be returned.
范例
示例 #1 Example of connecting to LDAP server.
<?php
// LDAP variables
$ldapuri = "ldap://ldap.example.com:389"; // your ldap-uri
// Connecting to LDAP
$ldapconn = ldap_connect($ldapuri)
or die("That LDAP-URI was not parseable");
?>
示例 #2 Example of connecting securely to LDAP server.
<?php
// make sure your host is the correct one
// that you issued your secure certificate to
$ldaphost = "ldaps://ldap.example.com/";
// Connecting to LDAP
$ldapconn = ldap_connect($ldaphost)
or die("That LDAP-URI was not parseable");
?>
参见
- ldap_bind
ldap_control_paged_result_response
Retrieve the LDAP pagination cookie
Warning
This function has been DEPRECATED as of PHP 7.4.0, and REMOVED as of
PHP 8.0.0. Instead the controls
parameter of <span
class="function">ldap_search should be used. See also
LDAP Controls for
details.
说明
bool <span
class="methodname">ldap_control_paged_result_response ( <span
class="methodparam">resource $link
,
resource
$result
[, <span
class="type">string &$cookie
[, <span
class="methodparam">int &$estimated
]] )
Retrieve the pagination information send by the server.
参数
link
An LDAP link identifier, returned by <span
class="function">ldap_connect.
result
cookie
An opaque structure sent by the server.
estimated
The estimated number of entries to retrieve.
返回值
成功时返回 true
, 或者在失败时返回 false
。
更新日志
版本 | 说明 |
---|---|
7.4.0 | This function has been deprecated. |
参见
- ldap_control_paged_result
- » RFC2696 : LDAP Control Extension for Simple Paged Results Manipulation
ldap_control_paged_result
Send LDAP pagination control
Warning
This function has been DEPRECATED as of PHP 7.4.0, and REMOVED as of
PHP 8.0.0. Instead the controls
parameter of <span
class="function">ldap_search should be used. See also
LDAP Controls for
details.
说明
bool <span
class="methodname">ldap_control_paged_result ( <span
class="methodparam">resource $link
,
int
$pagesize
[, <span
class="type">bool $iscritical
=
false
[, <span
class="type">string $cookie
=
"" ]] )
Enable LDAP pagination by sending the pagination control (page size, cookie...).
参数
link
An LDAP link identifier, returned by <span
class="function">ldap_connect.
pagesize
The number of entries by page.
iscritical
Indicates whether the pagination is critical or not. If true and if the
server doesn't support pagination, the search will return no result.
cookie
An opaque structure sent by the server (<span
class="function">ldap_control_paged_result_response).
返回值
成功时返回 true
, 或者在失败时返回 false
。
更新日志
版本 | 说明 |
---|---|
7.4.0 | This function has been deprecated. |
范例
The example below show the retrieval of the first page of a search paginated with one entry by page.
示例 #1 LDAP pagination
<?php
// $ds is a valid link identifier (see ldap_connect)
ldap_set_option($ds, LDAP_OPT_PROTOCOL_VERSION, 3);
$dn = 'ou=example,dc=org';
$filter = '(|(sn=Doe*)(givenname=John*))';
$justthese = array('ou', 'sn', 'givenname', 'mail');
// enable pagination with a page size of 1.
ldap_control_paged_result($ds, 1);
$sr = ldap_search($ds, $dn, $filter, $justthese);
$info = ldap_get_entries($ds, $sr);
echo $info['count'] . ' entries returned' . PHP_EOL;
The example below show the retrieval of all the result paginated with 100 entries by page.
示例 #2 LDAP pagination
<?php
// $ds is a valid link identifier (see ldap_connect)
ldap_set_option($ds, LDAP_OPT_PROTOCOL_VERSION, 3);
$dn = 'ou=example,dc=org';
$filter = '(|(sn=Doe*)(givenname=John*))';
$justthese = array('ou', 'sn', 'givenname', 'mail');
// enable pagination with a page size of 100.
$pageSize = 100;
$cookie = '';
do {
ldap_control_paged_result($ds, $pageSize, true, $cookie);
$result = ldap_search($ds, $dn, $filter, $justthese);
$entries = ldap_get_entries($ds, $result);
foreach ($entries as $e) {
echo $e['dn'] . PHP_EOL;
}
ldap_control_paged_result_response($ds, $result, $cookie);
} while($cookie !== null && $cookie != '');
注释
Note:
Pagination control is a LDAPv3 protocol feature.
参见
- ldap_control_paged_result_response
- » RFC2696 : LDAP Control Extension for Simple Paged Results Manipulation
ldap_count_entries
Count the number of entries in a search
说明
int <span
class="methodname">ldap_count_entries ( <span
class="methodparam">resource $ldap
,
resource
$result
)
Returns the number of entries stored in the result of previous search operations.
参数
ldap
An LDAP link identifier, returned by <span
class="function">ldap_connect.
result
The internal LDAP result.
返回值
Returns number of entries in the result or false
on error.
范例
示例 #1 ldap-count-entries example
Retrieve number of entries in the result.
// $ds is a valid link identifier (see ldap_connect)
$dn = 'ou=example,dc=org';
$filter = '(|(sn=Doe*)(givenname=John*))';
$justthese = array('ou', 'sn', 'givenname', 'mail');
$sr = ldap_search($ds, $dn, $filter, $justthese);
var_dump(ldap_count_entries($ds, $sr));
以上例程的输出类似于:
int(1)
ldap_delete_ext
Delete an entry from a directory
说明
resource<span
class="type">false <span
class="methodname">ldap_delete_ext ( <span
class="methodparam">resource $ldap
,
string $dn
[, <span
class="type">arraynull
$controls
= null
] )
Does the same thing as ldap_delete but returns the LDAP result resource to be parsed with <span class="function">ldap_parse_result.
参数
See ldap_delete
返回值
Returns an LDAP result identifier or false
on error.
更新日志
版本 | 说明 |
---|---|
8.0.0 | controls is nullable now; previously, it defaulted to []. |
参见
- ldap_delete
- ldap_parse_result
ldap_delete
Delete an entry from a directory
说明
bool <span
class="methodname">ldap_delete ( <span
class="type">resource $ldap
, <span
class="methodparam">string $dn
[,
<span
class="type">arraynull
$controls
= null
] )
Deletes a particular entry in LDAP directory.
参数
ldap
An LDAP link identifier, returned by <span
class="function">ldap_connect.
dn
The distinguished name of an LDAP entity.
controls
Array of LDAP Controls to
send with the request.
返回值
成功时返回 true
, 或者在失败时返回 false
。
更新日志
版本 | 说明 |
---|---|
8.0.0 | controls is nullable now; previously, it defaulted to []. |
7.3 | Support for controls added |
参见
- ldap_delete_ext
- ldap_add
ldap_dn2ufn
Convert DN to User Friendly Naming format
说明
string<span
class="type">false <span
class="methodname">ldap_dn2ufn ( <span
class="type">string $dn
)
Turns the specified dn
, into a more user-friendly form, stripping off
type names.
参数
dn
The distinguished name of an LDAP entity.
返回值
Returns the user friendly name, 或者在失败时返回 false
.
ldap_err2str
Convert LDAP error number into string error message
说明
string <span
class="methodname">ldap_err2str ( <span
class="methodparam">int $errno
)
Returns the string error message explaining the error number errno
.
While LDAP errno numbers are standardized, different libraries return
different or even localized textual error messages. Never check for a
specific error message text, but always use an error number to check.
参数
errno
The error number.
返回值
Returns the error message, as a string.
范例
示例 #1 Enumerating all LDAP error messages
<?php
for ($i=0; $i<100; $i++) {
printf("Error $i: %s<br />\n", ldap_err2str($i));
}
?>
参见
- ldap_errno
- ldap_error
ldap_errno
Return the LDAP error number of the last LDAP command
说明
int <span
class="methodname">ldap_errno ( <span
class="type">resource $ldap
)
Returns the standardized error number returned by the last LDAP command. This number can be converted into a textual error message using <span class="function">ldap_err2str.
参数
ldap
An LDAP link identifier, returned by <span
class="function">ldap_connect.
返回值
Return the LDAP error number of the last LDAP command for this link.
范例
Unless you lower your warning level in your php.ini
sufficiently or
prefix your LDAP commands with @ (at) characters to suppress warning
output, the errors generated will also show up in your HTML output.
示例 #1 Generating and catching an error
<?php
// This example contains an error, which we will catch.
$ld = ldap_connect("localhost");
$bind = ldap_bind($ld);
// syntax error in filter expression (errno 87),
// must be "objectclass=*" to work.
$res = @ldap_search($ld, "o=Myorg, c=DE", "objectclass");
if (!$res) {
echo "LDAP-Errno: " . ldap_errno($ld) . "<br />\n";
echo "LDAP-Error: " . ldap_error($ld) . "<br />\n";
die("Argh!<br />\n");
}
$info = ldap_get_entries($ld, $res);
echo $info["count"] . " matching entries.<br />\n";
?>
参见
- ldap_err2str
- ldap_error
ldap_error
Return the LDAP error message of the last LDAP command
说明
string <span
class="methodname">ldap_error ( <span
class="type">resource $ldap
)
Returns the string error message explaining the error generated by the
last LDAP command for the given ldap
. While LDAP errno numbers are
standardized, different libraries return different or even localized
textual error messages. Never check for a specific error message text,
but always use an error number to check.
Unless you lower your warning level in your php.ini
sufficiently or
prefix your LDAP commands with @ (at) characters to suppress warning
output, the errors generated will also show up in your HTML output.
参数
ldap
An LDAP link identifier, returned by <span
class="function">ldap_connect.
返回值
Returns string error message.
参见
- ldap_err2str
- ldap_errno
ldap_escape
Escape a string for use in an LDAP filter or DN
说明
string <span
class="methodname">ldap_escape ( <span
class="type">string $value
[, <span
class="methodparam">string $ignore
<span
class="initializer"> = "" [, <span
class="methodparam">int $flags
<span
class="initializer"> = 0 ]] )
Escapes value
for use in the context implied by flags
.
参数
value
The value to escape.
ignore
Characters to ignore when escaping.
flags
The context the escaped string will be used in: LDAP_ESCAPE_FILTER
for filters to be used with ldap_search,
or LDAP_ESCAPE_DN
for DNs. If neither flag is passed, all chars
are escaped.
返回值
Returns the escaped string.
范例
When building an LDAP filter, you should use ldap_escape with LDAP_ESCAPE_FILTER flag.
示例 #1 Searching for an email address
<?php
// $ds is a valid link identifier for a directory server
// $mail is an email address provided by the user in a form
$base = "o=My Company, c=US";
$filter = "(mail=".ldap_escape($mail, "", LDAP_ESCAPE_FILTER).")";
$sr = ldap_search($ds, $base, $filter, array("sn", "givenname", "mail"));
$info = ldap_get_entries($ds, $sr);
echo $info["count"]." entries returned\n";
?>
ldap_exop_passwd
PASSWD extended operation helper
说明
string<span
class="type">bool <span
class="methodname">ldap_exop_passwd ( <span
class="methodparam">resource $ldap
[, string
$user
= "" [, <span
class="methodparam">string
$old_password
= "" [, <span
class="methodparam">string
$new_password
= "" [, <span
class="methodparam">array &$controls
<span
class="initializer"> = null
]]]] )
Performs a PASSWD extended operation.
参数
ldap
An LDAP link identifier, returned by <span
class="function">ldap_connect.
user
dn of the user to change the password of.
old_password
The old password of this user. May be ommited depending of server
configuration.
new_password
The new password for this user. May be omitted or empty to have a
generated password.
controls
If provided, a password policy request control is send with the request
and this is filled with an array of
LDAP Controls returned
with the request.
返回值
Returns the generated password if new_password
is empty or omitted.
Otherwise returns true
on success and false
on failure.
更新日志
版本 | 说明 |
---|---|
8.0.0 | controls is nullable now; previously, it defaulted to []. |
7.3 | Support for controls added |
范例
示例 #1 PASSWD extended operation
<?php
$ds = ldap_connect("localhost"); // assuming the LDAP server is on this host
if ($ds) {
// bind with appropriate dn to give update access
$bind = ldap_bind($ds, "cn=root, o=My Company, c=US", "secret");
if (!$bind) {
echo "Unable to bind to LDAP server";
exit;
}
// use PASSWD EXOP to change the user password for a generated one
$genpw = ldap_exop_passwd($ds, "cn=root, o=My Company, c=US", "secret");
if ($genpw) {
// use the generated password to bind
$bind = ldap_bind($ds, "cn=root, o=My Company, c=US", $genpw);
}
// set the password back to "secret"
ldap_exop_passwd($ds, "cn=root, o=My Company, c=US", $genpw, "secret");
ldap_close($ds);
} else {
echo "Unable to connect to LDAP server";
}
?>
参见
- ldap_exop
- ldap_parse_exop
ldap_exop_refresh
Refresh extended operation helper
说明
int<span
class="type">false <span
class="methodname">ldap_exop_refresh ( <span
class="methodparam">resource $ldap
,
string $dn
, int $ttl
)
Performs a Refresh extended operation and returns the data.
参数
ldap
An LDAP link identifier, returned by <span
class="function">ldap_connect.
dn
dn of the entry to refresh.
ttl
Time in seconds (between 1 and 31557600) that the client requests that
the entry exists in the directory before being automatically removed.
返回值
From RFC: The responseTtl field is the time in seconds which the server
chooses to have as the time-to-live field for that entry. It must not be
any smaller than that which the client requested, and it may be larger.
However, to allow servers to maintain a relatively accurate directory,
and to prevent clients from abusing the dynamic extensions, servers are
permitted to shorten a client-requested time-to-live value, down to a
minimum of 86400 seconds (one day). false
will be returned on
error.
参见
- ldap_exop
ldap_exop_whoami
WHOAMI extended operation helper
说明
string<span
class="type">bool <span
class="methodname">ldap_exop_whoami ( <span
class="methodparam">resource $ldap
)
Performs a WHOAMI extended operation and returns the data.
参数
ldap
An LDAP link identifier, returned by <span
class="function">ldap_connect.
返回值
The data returned by the server, or false
on error.
参见
- ldap_exop
ldap_exop
Performs an extended operation
说明
mixed <span
class="methodname">ldap_exop ( <span
class="type">resource $link
, <span
class="methodparam">string $reqoid
[, string
$reqdata
= null
[,
array
$serverctrls
= null
[,
string
&$retdata
[, <span
class="type">string &$retoid
]]]] )
Performs an extended operation on the specified link
with reqoid
the
OID of the operation and reqdata
the data.
参数
link
An LDAP link identifier, returned by <span
class="function">ldap_connect.
reqoid
The extended operation request OID. You may use one of
LDAP_EXOP_START_TLS
, LDAP_EXOP_MODIFY_PASSWD
,
LDAP_EXOP_REFRESH
, LDAP_EXOP_WHO_AM_I
, LDAP_EXOP_TURN
,
or a string with the OID of the operation you want to send.
reqdata
The extended operation request data. May be NULL for some operations
like LDAP_EXOP_WHO_AM_I
, may also need to be BER encoded.
serverctrls
Array of LDAP Controls to
send with the request.
retdata
Will be filled with the extended operation response data if provided. If
not provided you may use ldap_parse_exop on the result object later to
get this data.
retoid
Will be filled with the response OID if provided, usually equal to the
request OID.
返回值
When used with retdata
, returns true
on success or false
on error. When used without retdata
, returns a result identifier or
false
on error.
更新日志
版本 | 说明 |
---|---|
7.3 | Support for serverctrls added |
范例
示例 #1 Whoami extended operation
<?php
$ds = ldap_connect("localhost"); // assuming the LDAP server is on this host
if ($ds) {
// bind with appropriate dn to give update access
$bind = ldap_bind($ds, "cn=root, o=My Company, c=US", "secret");
if (!$bind) {
echo "Unable to bind to LDAP server";
exit;
}
// Call WHOAMI EXOP
$r = ldap_exop($ds, LDAP_EXOP_WHO_AM_I);
// Parse the result object
ldap_parse_exop($ds, $r, $retdata);
// Output: string(31) "dn:cn=root, o=My Company, c=US"
var_dump($retdata);
// Same thing using $retdata parameter
$success = ldap_exop($ds, LDAP_EXOP_WHO_AM_I, NULL, NULL, $retdata, $retoid);
if ($success) {
var_dump($retdata);
}
ldap_close($ds);
} else {
echo "Unable to connect to LDAP server";
}
?>
参见
- ldap_parse_result
- ldap_parse_exop
- ldap_exop_whoami
- ldap_exop_refresh
- ldap_exop_passwd
ldap_explode_dn
Splits DN into its component parts
说明
array<span
class="type">false <span
class="methodname">ldap_explode_dn ( <span
class="methodparam">string $dn
,
int
$with_attrib
)
Splits the DN returned by ldap_get_dn and breaks it up into its component parts. Each part is known as Relative Distinguished Name, or RDN.
参数
dn
The distinguished name of an LDAP entity.
with_attrib
Used to request if the RDNs are returned with only values or their
attributes as well. To get RDNs with the attributes (i.e. in
attribute=value format) set with_attrib
to 0 and to get only values
set it to 1.
返回值
Returns an array of all DN components, 或者在失败时返回 false
. The
first element in the array has count key and represents the number of
returned values, next elements are numerically indexed DN components.
ldap_first_attribute
Return first attribute
说明
string<span
class="type">false <span
class="methodname">ldap_first_attribute ( <span
class="methodparam">resource $ldap
,
resource
$entry
)
Gets the first attribute in the given entry. Remaining attributes are retrieved by calling ldap_next_attribute successively.
Similar to reading entries, attributes are also read one by one from a particular entry.
参数
ldap
An LDAP link identifier, returned by <span
class="function">ldap_connect.
entry
ber_identifier
ber_identifier
is the identifier to internal memory location pointer.
It is passed by reference. The same ber_identifier
is passed to <span
class="function">ldap_next_attribute , which modifies that
pointer.
Note:
This parameter is no longer used as this is now handled automatically by PHP. For backwards compatibility PHP will not throw an error if this parameter is passed.
返回值
Returns the first attribute in the entry on success and false
on
error.
参见
- ldap_next_attribute
- ldap_get_attributes
ldap_first_entry
Return first result id
说明
resource<span
class="type">false <span
class="methodname">ldap_first_entry ( <span
class="methodparam">resource $ldap
,
resource
$result
)
Returns the entry identifier for first entry in the result. This entry identifier is then supplied to <span class="function">ldap_next_entry routine to get successive entries from the result.
Entries in the LDAP result are read sequentially using the <span class="function">ldap_first_entry and <span class="function">ldap_next_entry functions.
参数
ldap
An LDAP link identifier, returned by <span
class="function">ldap_connect.
result
返回值
Returns the result entry identifier for the first entry on success and
false
on error.
参见
- ldap_get_entries
ldap_first_reference
Return first reference
说明
resource<span
class="type">false <span
class="methodname">ldap_first_reference ( <span
class="methodparam">resource $ldap
,
resource
$result
)
Warning
本函数还未编写文档,仅有参数列表。
ldap_free_result
Free result memory
说明
bool <span
class="methodname">ldap_free_result ( <span
class="methodparam">resource $ldap
)
Frees up the memory allocated internally to store the result. All result memory will be automatically freed when the script terminates.
Typically all the memory allocated for the LDAP result gets freed at the end of the script. In case the script is making successive searches which return large result sets, <span class="function">ldap_free_result could be called to keep the runtime memory usage by the script low.
参数
ldap
返回值
成功时返回 true
, 或者在失败时返回 false
。
ldap_get_attributes
Get attributes from a search result entry
说明
array <span
class="methodname">ldap_get_attributes ( <span
class="methodparam">resource $ldap
,
resource
$entry
)
Reads attributes and values from an entry in the search result.
Having located a specific entry in the directory, you can find out what information is held for that entry by using this call. You would use this call for an application which "browses" directory entries and/or where you do not know the structure of the directory entries. In many applications you will be searching for a specific attribute such as an email address or a surname, and won't care what other data is held.
return_value["count"] = number of attributes in the entry
return_value[0] = first attribute
return_value[n] = nth attribute
return_value["attribute"]["count"] = number of values for attribute
return_value["attribute"][0] = first value of the attribute
return_value["attribute"][i] = (i+1)th value of the attribute
参数
ldap
An LDAP link identifier, returned by <span
class="function">ldap_connect.
entry
返回值
Returns a complete entry information in a multi-dimensional array on
success and false
on error.
范例
示例 #1 Show the list of attributes held for a particular directory entry
<?php
// $ds is the link identifier for the directory
// $sr is a valid search result from a prior call to
// one of the ldap directory search calls
$entry = ldap_first_entry($ds, $sr);
$attrs = ldap_get_attributes($ds, $entry);
echo $attrs["count"] . " attributes held for this entry:<p>";
for ($i=0; $i < $attrs["count"]; $i++) {
echo $attrs[$i] . "<br />";
}
?>
参见
- ldap_first_attribute
- ldap_next_attribute
ldap_get_dn
Get the DN of a result entry
说明
string<span
class="type">false <span
class="methodname">ldap_get_dn ( <span
class="methodparam">resource $ldap
,
resource
$entry
)
Finds out the DN of an entry in the result.
参数
ldap
An LDAP link identifier, returned by <span
class="function">ldap_connect.
entry
返回值
Returns the DN of the result entry and false
on error.
ldap_get_entries
Get all result entries
说明
array<span
class="type">false <span
class="methodname">ldap_get_entries ( <span
class="methodparam">resource $ldap
,
resource
$result
)
Reads multiple entries from the given result, and then reading the attributes and multiple values.
参数
ldap
An LDAP link identifier, returned by <span
class="function">ldap_connect.
result
返回值
Returns a complete result information in a multi-dimensional array on
success and false
on error.
The structure of the array is as follows. The attribute index is converted to lowercase. (Attributes are case-insensitive for directory servers, but not when used as array indices.)
return_value["count"] = number of entries in the result
return_value[0] : refers to the details of first entry
return_value[i]["dn"] = DN of the ith entry in the result
return_value[i]["count"] = number of attributes in ith entry
return_value[i][j] = NAME of the jth attribute in the ith entry in the result
return_value[i]["attribute"]["count"] = number of values for
attribute in ith entry
return_value[i]["attribute"][j] = jth value of attribute in ith entry
参见
- ldap_first_entry
- ldap_next_entry
ldap_get_option
Get the current value for given option
说明
bool <span
class="methodname">ldap_get_option ( <span
class="methodparam">resource $ldap
,
int $option
[, <span
class="type">arraystring<span
class="type">int &$value
=
null
] )
Sets value
to the value of the specified option.
参数
ldap
An LDAP link identifier, returned by <span
class="function">ldap_connect.
option
The parameter option
can be one of:
Option | Type | since |
---|---|---|
LDAP_OPT_DEREF |
int | |
LDAP_OPT_SIZELIMIT |
int | |
LDAP_OPT_TIMELIMIT |
int | |
LDAP_OPT_NETWORK_TIMEOUT |
int | |
LDAP_OPT_PROTOCOL_VERSION |
int | |
LDAP_OPT_ERROR_NUMBER |
int | |
LDAP_OPT_DIAGNOSTIC_MESSAGE |
int | |
LDAP_OPT_REFERRALS |
int | |
LDAP_OPT_RESTART |
int | |
LDAP_OPT_HOST_NAME |
string | |
LDAP_OPT_ERROR_STRING |
string | |
LDAP_OPT_MATCHED_DN |
string | |
LDAP_OPT_SERVER_CONTROLS |
array | |
LDAP_OPT_CLIENT_CONTROLS |
array | |
LDAP_OPT_X_KEEPALIVE_IDLE |
int | 7.1 |
LDAP_OPT_X_KEEPALIVE_PROBES |
int | 7.1 |
LDAP_OPT_X_KEEPALIVE_INTERVAL |
int | 7.1 |
LDAP_OPT_X_TLS_CACERTDIR |
string | 7.1 |
LDAP_OPT_X_TLS_CACERTFILE |
string | 7.1 |
LDAP_OPT_X_TLS_CERTFILE |
string | 7.1 |
LDAP_OPT_X_TLS_CIPHER_SUITE |
string | 7.1 |
LDAP_OPT_X_TLS_CRLCHECK |
int | 7.1 |
LDAP_OPT_X_TLS_CRL_NONE |
int | 7.1 |
LDAP_OPT_X_TLS_CRL_PEER |
int | 7.1 |
LDAP_OPT_X_TLS_CRL_ALL |
int | 7.1 |
LDAP_OPT_X_TLS_CRLFILE |
string | 7.1 |
LDAP_OPT_X_TLS_DHFILE |
string | 7.1 |
LDAP_OPT_X_TLS_KEYILE |
string | 7.1 |
LDAP_OPT_X_TLS_PACKAGE |
string | 7.1 |
LDAP_OPT_X_TLS_PROTOCOL_MIN |
int | 7.1 |
LDAP_OPT_X_TLS_RANDOM_FILE |
string | 7.1 |
LDAP_OPT_X_TLS_REQUIRE_CERT |
int |
value
This will be set to the option value.
返回值
成功时返回 true
, 或者在失败时返回 false
。
范例
示例 #1 Check protocol version
<?php
// $ds is a valid link identifier for a directory server
if (ldap_get_option($ds, LDAP_OPT_PROTOCOL_VERSION, $version)) {
echo "Using protocol version $version\n";
} else {
echo "Unable to determine protocol version\n";
}
?>
注释
Note:
This function is only available when using OpenLDAP 2.x.x OR Netscape Directory SDK x.x.
参见
- ldap_set_option
ldap_get_values_len
Get all binary values from a result entry
说明
array<span
class="type">false <span
class="methodname">ldap_get_values_len ( <span
class="methodparam">resource $ldap
,
resource
$entry
, <span
class="type">string $attribute
)
Reads all the values of the attribute in the entry in the result.
This function is used exactly like <span class="function">ldap_get_values except that it handles binary data and not string data.
参数
ldap
An LDAP link identifier, returned by <span
class="function">ldap_connect.
entry
attribute
返回值
Returns an array of values for the attribute on success and false
on error. Individual values are accessed by integer index in the array.
The first index is 0. The number of values can be found by indexing
"count" in the resultant array.
参见
- ldap_get_values
ldap_get_values
Get all values from a result entry
说明
array<span
class="type">false <span
class="methodname">ldap_get_values ( <span
class="methodparam">resource $ldap
,
resource
$entry
, <span
class="type">string $attribute
)
Reads all the values of the attribute in the entry in the result.
This call needs a entry
, so needs to be preceded by one of the ldap
search calls and one of the calls to get an individual entry.
You application will either be hard coded to look for certain attributes (such as "surname" or "mail") or you will have to use the <span class="function">ldap_get_attributes call to work out what attributes exist for a given entry.
参数
ldap
An LDAP link identifier, returned by <span
class="function">ldap_connect.
entry
attribute
返回值
Returns an array of values for the attribute on success and false
on error. The number of values can be found by indexing "count" in the
resultant array. Individual values are accessed by integer index in the
array. The first index is 0.
LDAP allows more than one entry for an attribute, so it can, for example, store a number of email addresses for one person's directory entry all labeled with the attribute "mail"
return_value["count"] = number of values for attribute
return_value[0] = first value of attribute
return_value[i] = ith value of attribute
范例
示例 #1 List all values of the "mail" attribute for a directory entry
<?php
// $ds is a valid link identifier for a directory server
// $sr is a valid search result from a prior call to
// one of the ldap directory search calls
// $entry is a valid entry identifier from a prior call to
// one of the calls that returns a directory entry
$values = ldap_get_values($ds, $entry, "mail");
echo $values["count"] . " email addresses for this entry.<br />";
for ($i=0; $i < $values["count"]; $i++) {
echo $values[$i] . "<br />";
}
?>
参见
- ldap_get_values_len
ldap_list
Single-level search
说明
resource<span
class="type">arrayfalse <span
class="methodname">ldap_list ( <span
class="type">resource<span
class="type">array $ldap
, <span
class="methodparam"><span
class="type">arraystring
$base
, <span
class="type">arraystring
$filter
[, <span
class="type">array $attributes
=
[] [, <span
class="type">int $attributes_only
=
0 [, <span
class="type">int $sizelimit
=
-1 [, <span
class="type">int $timelimit
=
-1 [, <span
class="type">int $deref
=
LDAP_DEREF_NEVER
[, <span
class="type">array<span
class="type">null $controls
=
null
]]]]]] )
Performs the search for a specified filter
on the directory with the
scope LDAP_SCOPE_ONELEVEL
.
LDAP_SCOPE_ONELEVEL
means that the search should only return
information that is at the level immediately below the base
given in
the call. (Equivalent to typing "ls" and getting a list of files and
folders in the current working directory.)
参数
ldap
An LDAP link identifier, returned by <span
class="function">ldap_connect.
base
The base DN for the directory.
filter
attributes
An array of the required attributes, e.g. array("mail", "sn", "cn").
Note that the "dn" is always returned irrespective of which attributes
types are requested.
Using this parameter is much more efficient than the default action (which is to return all attributes and their associated values). The use of this parameter should therefore be considered good practice.
attributes_only
Should be set to 1 if only attribute types are wanted. If set to 0 both
attributes types and attribute values are fetched which is the default
behaviour.
sizelimit
Enables you to limit the count of entries fetched. Setting this to 0
means no limit.
Note:
This parameter can NOT override server-side preset sizelimit. You can set it lower though.
Some directory server hosts will be configured to return no more than a preset number of entries. If this occurs, the server will indicate that it has only returned a partial results set. This also occurs if you use this parameter to limit the count of fetched entries.
timelimit
Sets the number of seconds how long is spend on the search. Setting this
to 0 means no limit.
Note:
This parameter can NOT override server-side preset timelimit. You can set it lower though.
deref
Specifies how aliases should be handled during the search. It can be one
of the following:
-
LDAP_DEREF_NEVER
- (default) aliases are never dereferenced. -
LDAP_DEREF_SEARCHING
- aliases should be dereferenced during the search but not when locating the base object of the search. -
LDAP_DEREF_FINDING
- aliases should be dereferenced when locating the base object but not during the search. -
LDAP_DEREF_ALWAYS
- aliases should be dereferenced always.
controls
Array of LDAP Controls to
send with the request.
返回值
Returns a search result identifier or false
on error.
更新日志
版本 | 说明 |
---|---|
8.0.0 | controls is nullable now; previously, it defaulted to []. |
7.3 | Support for controls added |
范例
示例 #1 Produce a list of all organizational units of an organization
<?php
// $ds is a valid link identifier for a directory server
$basedn = "o=My Company, c=US";
$justthese = array("ou");
$sr = ldap_list($ds, $basedn, "ou=*", $justthese);
$info = ldap_get_entries($ds, $sr);
for ($i=0; $i < $info["count"]; $i++) {
echo $info[$i]["ou"][0];
}
?>
参见
- ldap_search
ldap_mod_add_ext
Add attribute values to current attributes
说明
resource<span
class="type">false <span
class="methodname">ldap_mod_add_ext ( <span
class="methodparam">resource $ldap
,
string $dn
, array
$entry
[, <span
class="type">arraynull
$controls
= null
] )
Does the same thing as ldap_mod_add but returns the LDAP result resource to be parsed with <span class="function">ldap_parse_result.
参数
See ldap_mod_add
返回值
Returns an LDAP result identifier or false
on error.
更新日志
版本 | 说明 |
---|---|
8.0.0 | controls is nullable now; previously, it defaulted to []. |
7.3 | Support for controls added |
参见
- ldap_mod_add
- ldap_parse_result
ldap_mod_add
Add attribute values to current attributes
说明
bool <span
class="methodname">ldap_mod_add ( <span
class="methodparam">resource $ldap
,
string $dn
, array
$entry
[, <span
class="type">arraynull
$controls
= null
] )
Adds one or more attribute values to the specified dn
. To add a whole
new object see ldap_add function.
参数
ldap
An LDAP link identifier, returned by <span
class="function">ldap_connect.
dn
The distinguished name of an LDAP entity.
entry
An associative array listing the attirbute values to add. If an
attribute was not existing yet it will be added. If an attribute is
existing you can only add values to it if it supports multiple values.
controls
Array of LDAP Controls to
send with the request.
返回值
成功时返回 true
, 或者在失败时返回 false
。
更新日志
版本 | 说明 |
---|---|
8.0.0 | controls is nullable now; previously, it defaulted to []. |
7.3 | Support for controls added |
注释
Note: 此函数可安全用于二进制对象。
参见
- ldap_mod_add_ext
- ldap_mod_del
- ldap_mod_replace
- ldap_modify_batch
ldap_mod_del_ext
Delete attribute values from current attributes
说明
resource<span
class="type">false <span
class="methodname">ldap_mod_del_ext ( <span
class="methodparam">resource $ldap
,
string $dn
, array
$entry
[, <span
class="type">arraynull
$controls
= null
] )
Does the same thing as ldap_mod_del but returns the LDAP result resource to be parsed with <span class="function">ldap_parse_result.
参数
See ldap_mod_del
更新日志
版本 | 说明 |
---|---|
8.0.0 | controls is nullable now; previously, it defaulted to []. |
7.3 | Support for controls added |
返回值
Returns an LDAP result identifier or false
on error.
参见
- ldap_mod_del
- ldap_parse_result
ldap_mod_del
Delete attribute values from current attributes
说明
bool <span
class="methodname">ldap_mod_del ( <span
class="methodparam">resource $ldap
,
string $dn
, array
$entry
[, <span
class="type">arraynull
$controls
= null
] )
Removes one or more attribute values from the specified dn
. Object
deletions are done by the ldap_delete
function.
参数
ldap
An LDAP link identifier, returned by <span
class="function">ldap_connect.
dn
The distinguished name of an LDAP entity.
entry
controls
Array of LDAP Controls to
send with the request.
返回值
成功时返回 true
, 或者在失败时返回 false
。
更新日志
版本 | 说明 |
---|---|
8.0.0 | controls is nullable now; previously, it defaulted to []. |
7.3 | Support for controls added |
参见
- ldap_mod_del_ext
- ldap_mod_add
- ldap_mod_replace
- ldap_modify_batch
ldap_mod_replace_ext
Replace attribute values with new ones
说明
resource<span
class="type">false <span
class="methodname">ldap_mod_replace_ext ( <span
class="methodparam">resource $ldap
,
string $dn
, array
$entry
[, <span
class="type">arraynull
$controls
= null
] )
Does the same thing as ldap_mod_replace but returns the LDAP result resource to be parsed with <span class="function">ldap_parse_result.
参数
See ldap_mod_replace
返回值
Returns an LDAP result identifier or false
on error.
更新日志
版本 | 说明 |
---|---|
8.0.0 | controls is nullable now; previously, it defaulted to []. |
7.3 | Support for controls added |
参见
- ldap_mod_replace
- ldap_parse_result
ldap_mod_replace
Replace attribute values with new ones
说明
bool <span
class="methodname">ldap_mod_replace ( <span
class="methodparam">resource $ldap
,
string $dn
, array
$entry
[, <span
class="type">arraynull
$controls
= null
] )
Replaces one or more attributes from the specified dn
. It may also add
or remove attributes.
参数
ldap
An LDAP link identifier, returned by <span
class="function">ldap_connect.
dn
The distinguished name of an LDAP entity.
entry
An associative array listing the attributes to replace. Sending an empty
array as value will remove the attribute, while sending an attribute not
existing yet on this entry will add it.
controls
Array of LDAP Controls to
send with the request.
返回值
成功时返回 true
, 或者在失败时返回 false
。
更新日志
版本 | 说明 |
---|---|
8.0.0 | controls is nullable now; previously, it defaulted to []. |
7.3 | Support for controls added |
注释
Note: 此函数可安全用于二进制对象。
参见
- ldap_mod_replace_ext
- ldap_mod_del
- ldap_mod_add
- ldap_modify_batch
ldap_modify_batch
Batch and execute modifications on an LDAP entry
说明
bool <span
class="methodname">ldap_modify_batch ( <span
class="methodparam">resource $ldap
,
string $dn
, array
$modifications_info
[, <span
class="type">array<span
class="type">null $controls
=
null
] )
Modifies an existing entry in the LDAP directory. Allows detailed specification of the modifications to perform.
参数
ldap
An LDAP link identifier, returned by <span
class="function">ldap_connect.
dn
The distinguished name of an LDAP entity.
modifications_info
An array that specifies the modifications to make. Each entry in this
array is an associative array with two or three keys: attrib maps to
the name of the attribute to modify, modtype maps to the type of
modification to perform, and (depending on the type of modification)
values maps to an array of attribute values relevant to the
modification.
Possible values for modtype include:
LDAP_MODIFY_BATCH_ADD
Each value specified through values is added (as an additional value)
to the attribute named by attrib.
LDAP_MODIFY_BATCH_REMOVE
Each value specified through values is removed from the attribute
named by attrib. Any value of the attribute not contained in the
values array will remain untouched.
LDAP_MODIFY_BATCH_REMOVE_ALL
All values are removed from the attribute named by attrib. A values
entry must not be provided.
LDAP_MODIFY_BATCH_REPLACE
All current values of the attribute named by attrib are replaced with
the values specified through values.
Note that any value for attrib must be a string, any value for values must be an array of strings, and any value for modtype must be one of the LDAP_MODIFY_BATCH_* constants listed above.
controls
Array of LDAP Controls to
send with the request.
返回值
成功时返回 true
, 或者在失败时返回 false
。
更新日志
版本 | 说明 |
---|---|
8.0.0 | controls is nullable now; previously, it defaulted to []. |
7.3 | Support for controls added |
范例
示例 #1 Add a telephone number to a contact
<?php
$dn = "cn=John Smith,ou=Wizards,dc=example,dc=com";
$modifs = [
[
"attrib" => "telephoneNumber",
"modtype" => LDAP_MODIFY_BATCH_ADD,
"values" => ["+1 555 555 1717"],
],
];
ldap_modify_batch($connection, $dn, $modifs);
?>
示例 #2 Rename a user
<?php
$dn = "cn=John Smith,ou=Wizards,dc=example,dc=com";
$modifs = [
[
"attrib" => "sn",
"modtype" => LDAP_MODIFY_BATCH_REPLACE,
"values" => ["Smith-Jones"],
],
[
"attrib" => "givenName",
"modtype" => LDAP_MODIFY_BATCH_REPLACE,
"values" => ["Jack"],
],
];
ldap_modify_batch($connection, $dn, $modifs);
ldap_rename($connection, $dn, "cn=Jack Smith-Jones", NULL, TRUE);
?>
示例 #3 Add two e-mail addresses to a user
<?php
$dn = "cn=Jack Smith-Jones,ou=Wizards,dc=example,dc=com";
$modifs = [
[
"attrib" => "mail",
"modtype" => LDAP_MODIFY_BATCH_ADD,
"values" => [
"[email protected]",
"[email protected]",
],
],
];
ldap_modify_batch($connection, $dn, $modifs);
?>
示例 #4 Change a user's password
<?php
$dn = "cn=Jack Smith-Jones,ou=Wizards,dc=example,dc=com";
$modifs = [
[
"attrib" => "userPassword",
"modtype" => LDAP_MODIFY_BATCH_REMOVE,
"values" => ["Tr0ub4dor&3"],
],
[
"attrib" => "userPassword",
"modtype" => LDAP_MODIFY_BATCH_ADD,
"values" => ["correct horse battery staple"],
],
];
ldap_modify_batch($connection, $dn, $modifs);
?>
示例 #5 Change a user's password (Active Directory)
<?php
function adifyPw($pw)
{
return iconv("UTF-8", "UTF-16LE", '"' . $pw . '"');
}
$dn = "cn=Jack Smith-Jones,ou=Wizards,dc=ad,dc=example,dc=com";
$modifs = [
[
"attrib" => "unicodePwd",
"modtype" => LDAP_MODIFY_BATCH_REMOVE,
"values" => [adifyPw("Tr0ub4dor&3")],
],
[
"attrib" => "unicodePwd",
"modtype" => LDAP_MODIFY_BATCH_ADD,
"values" => [adifyPw("correct horse battery staple")],
],
];
ldap_modify_batch($connection, $dn, $modifs);
ldap_modify
别名 ldap_mod_replace
说明
此函数是该函数的别名: ldap_mod_replace.
参见
- ldap_rename
ldap_next_attribute
Get the next attribute in result
说明
string<span
class="type">false <span
class="methodname">ldap_next_attribute ( <span
class="methodparam">resource $ldap
,
resource
$entry
)
Retrieves the attributes in an entry. The first call to <span
class="function">ldap_next_attribute is made with the entry
returned from ldap_first_attribute.
参数
ldap
An LDAP link identifier, returned by <span
class="function">ldap_connect.
entry
ber_identifier
The internal state of the pointer is maintained by this parameter.
Note:
This parameter is no longer used as this is now handled automatically by PHP. For backwards compatibility PHP will not throw an error if this parameter is passed.
返回值
Returns the next attribute in an entry on success and false
on
error.
参见
- ldap_get_attributes
ldap_next_entry
Get next result entry
说明
resource<span
class="type">false <span
class="methodname">ldap_next_entry ( <span
class="methodparam">resource $ldap
,
resource
$result
)
Retrieve the entries stored in the result. Successive calls to the <span
class="function">ldap_next_entry return entries one by one till
there are no more entries. The first call to <span
class="function">ldap_next_entry is made after the call to
ldap_first_entry with the result
as
returned from the ldap_first_entry.
参数
ldap
An LDAP link identifier, returned by <span
class="function">ldap_connect.
result
返回值
Returns entry identifier for the next entry in the result whose entries
are being read starting with <span
class="function">ldap_first_entry. If there are no more entries
in the result then it returns false
.
参见
- ldap_get_entries
ldap_next_reference
Get next reference
说明
resource<span
class="type">false <span
class="methodname">ldap_next_reference ( <span
class="methodparam">resource $ldap
,
resource
$entry
)
Warning
本函数还未编写文档,仅有参数列表。
ldap_parse_exop
Parse result object from an LDAP extended operation
说明
bool <span
class="methodname">ldap_parse_exop ( <span
class="methodparam">resource $ldap
,
resource
$result
[, <span
class="type">string &$response_data
=
null
[, <span
class="type">string &$response_oid
=
null
]] )
Parse LDAP extended operation data from result object result
参数
ldap
An LDAP link identifier, returned by <span
class="function">ldap_connect.
result
An LDAP result resource, returned by <span
class="function">ldap_exop.
response_data
Will be filled by the response data.
response_oid
Will be filled by the response OID.
返回值
成功时返回 true
, 或者在失败时返回 false
。
参见
- ldap_exop
ldap_parse_reference
Extract information from reference entry
说明
bool <span
class="methodname">ldap_parse_reference ( <span
class="methodparam">resource $ldap
,
resource
$entry
, <span
class="type">array &$referrals
)
Warning
本函数还未编写文档,仅有参数列表。
ldap_parse_result
Extract information from result
说明
bool <span
class="methodname">ldap_parse_result ( <span
class="methodparam">resource $ldap
,
resource
$result
, <span
class="type">int &$error_code
[, <span
class="methodparam">string &$matched_dn
<span
class="initializer"> = null
[, <span
class="methodparam">string
&$error_message
= null
[, array
&$referrals
= null
[,
array
&$controls
= null
]]]] )
Parses an LDAP search result.
参数
ldap
An LDAP link identifier, returned by <span
class="function">ldap_connect.
result_identifier
An LDAP result resource, returned by <span
class="function">ldap_list or <span
class="function">ldap_search.
error_code
A reference to a variable that will be set to the LDAP error code in the
result, or 0 if no error occurred.
matched_dn
A reference to a variable that will be set to a matched DN if one was
recognised within the request, otherwise it will be set to null
.
error_message
A reference to a variable that will be set to the LDAP error message in
the result, or an empty string if no error occurred.
referrals
A reference to a variable that will be set to an <span
class="type">array set to all of the referral strings in the
result, or an empty array if no referrals were returned.
controls
An array of LDAP Controls which have been sent
with the response.
返回值
成功时返回 true
, 或者在失败时返回 false
。
更新日志
版本 | 说明 |
---|---|
7.3 | Support for controls added |
范例
示例 #1 ldap_parse_result example
<?php
$result = ldap_search($link, "cn=userref,dc=my-domain,dc=com", "(cn=user*)");
$errcode = $dn = $errmsg = $refs = null;
if (ldap_parse_result($link, $result, $errcode, $dn, $errmsg, $refs)) {
// do something with $errcode, $dn, $errmsg and $refs
}
?>
ldap_read
Read an entry
说明
resource<span
class="type">arrayfalse <span
class="methodname">ldap_read ( <span
class="type">resource<span
class="type">array $ldap
, <span
class="methodparam"><span
class="type">arraystring
$base
, <span
class="type">arraystring
$filter
[, <span
class="type">array $attributes
=
[] [, <span
class="type">int $attributes_only
=
0 [, <span
class="type">int $sizelimit
=
-1 [, <span
class="type">int $timelimit
=
-1 [, <span
class="type">int $deref
=
LDAP_DEREF_NEVER
[, <span
class="type">array<span
class="type">null $controls
=
null
]]]]]] )
Performs the search for a specified filter
on the directory with the
scope LDAP_SCOPE_BASE
. So it is equivalent to reading an entry
from the directory.
参数
ldap
An LDAP link identifier, returned by <span
class="function">ldap_connect.
base
The base DN for the directory.
filter
An empty filter is not allowed. If you want to retrieve absolutely all
information for this entry, use a filter of objectClass=*. If you
know which entry types are used on the directory server, you might use
an appropriate filter such as objectClass=inetOrgPerson.
attributes
An array of the required attributes, e.g. array("mail", "sn", "cn").
Note that the "dn" is always returned irrespective of which attributes
types are requested.
Using this parameter is much more efficient than the default action (which is to return all attributes and their associated values). The use of this parameter should therefore be considered good practice.
attributes_only
Should be set to 1 if only attribute types are wanted. If set to 0 both
attributes types and attribute values are fetched which is the default
behaviour.
sizelimit
Enables you to limit the count of entries fetched. Setting this to 0
means no limit.
Note:
This parameter can NOT override server-side preset sizelimit. You can set it lower though.
Some directory server hosts will be configured to return no more than a preset number of entries. If this occurs, the server will indicate that it has only returned a partial results set. This also occurs if you use this parameter to limit the count of fetched entries.
timelimit
Sets the number of seconds how long is spend on the search. Setting this
to 0 means no limit.
Note:
This parameter can NOT override server-side preset timelimit. You can set it lower though.
deref
Specifies how aliases should be handled during the search. It can be one
of the following:
-
LDAP_DEREF_NEVER
- (default) aliases are never dereferenced. -
LDAP_DEREF_SEARCHING
- aliases should be dereferenced during the search but not when locating the base object of the search. -
LDAP_DEREF_FINDING
- aliases should be dereferenced when locating the base object but not during the search. -
LDAP_DEREF_ALWAYS
- aliases should be dereferenced always.
controls
Array of LDAP Controls to
send with the request.
返回值
Returns a search result identifier or false
on error.
更新日志
版本 | 说明 |
---|---|
8.0.0 | controls is nullable now; previously, it defaulted to []. |
4.0.5 | Parallel searches support was added. See ldap_search for details. |
7.3 | Support for controls added |
ldap_rename_ext
Modify the name of an entry
说明
resource<span
class="type">false <span
class="methodname">ldap_rename_ext ( <span
class="methodparam">resource $ldap
,
string $dn
, string
$new_rdn
, <span
class="type">string $new_parent
, <span
class="methodparam">bool
$delete_old_rdn
[, <span
class="type">array<span
class="type">null $controls
=
null
] )
Does the same thing as ldap_rename but returns the LDAP result resource to be parsed with <span class="function">ldap_parse_result.
参数
See ldap_rename
返回值
Returns an LDAP result identifier or false
on error.
更新日志
版本 | 说明 |
---|---|
8.0.0 | controls is nullable now; previously, it defaulted to []. |
7.3 | Support for controls added |
参见
- ldap_rename
- ldap_parse_result
ldap_rename
Modify the name of an entry
说明
bool <span
class="methodname">ldap_rename ( <span
class="type">resource $ldap
, <span
class="methodparam">string $dn
,
string
$new_rdn
, <span
class="type">string $new_parent
, <span
class="methodparam">bool
$delete_old_rdn
[, <span
class="type">array<span
class="type">null $controls
=
null
] )
The entry specified by dn
is renamed/moved.
参数
ldap
An LDAP link identifier, returned by <span
class="function">ldap_connect.
dn
The distinguished name of an LDAP entity.
new_rdn
The new RDN.
new_parent
The new parent/superior entry.
delete_old_rdn
If true
the old RDN value(s) is removed, else the old RDN value(s)
is retained as non-distinguished values of the entry.
controls
Array of LDAP Controls to
send with the request.
返回值
成功时返回 true
, 或者在失败时返回 false
。
更新日志
版本 | 说明 |
---|---|
8.0.0 | controls is nullable now; previously, it defaulted to []. |
7.3 | Support for controls added |
注释
Note:
This function currently only works with LDAPv3. You may have to use ldap_set_option prior to binding to use LDAPv3. This function is only available when using OpenLDAP 2.x.x OR Netscape Directory SDK x.x.
参见
- ldap_rename_ext
- ldap_modify
ldap_sasl_bind
Bind to LDAP directory using SASL
说明
bool <span
class="methodname">ldap_sasl_bind ( <span
class="methodparam">resource $ldap
[, <span
class="type">stringnull
$dn
= null
[, <span
class="methodparam"><span
class="type">stringnull
$password
= null
[,
<span
class="type">stringnull
$mech
= null
[, <span
class="methodparam"><span
class="type">stringnull
$realm
= null
[, <span
class="methodparam"><span
class="type">stringnull
$authc_id
= null
[,
<span
class="type">stringnull
$authz_id
= null
[,
<span
class="type">stringnull
$props
= null
]]]]]]] )
Warning
本函数还未编写文档,仅有参数列表。
返回值
成功时返回 true
, 或者在失败时返回 false
。
更新日志
版本 | 说明 |
---|---|
8.0.0 | dn , password , mech , realm , authc_id , authz_id and props are nullable now. |
注释
Note: Requirement
ldap_sasl_bind requires SASL support (sasl.h
). Be sure --with-ldap-sasl is used when configuring PHP otherwise this function will be undefined.
ldap_search
Search LDAP tree
说明
resource<span
class="type">arrayfalse <span
class="methodname">ldap_search ( <span
class="type">resource<span
class="type">array $ldap
, <span
class="methodparam"><span
class="type">arraystring
$base
, <span
class="type">arraystring
$filter
[, <span
class="type">array $attributes
=
[] [, <span
class="type">int $attributes_only
=
0 [, <span
class="type">int $sizelimit
=
-1 [, <span
class="type">int $timelimit
=
-1 [, <span
class="type">int $deref
=
LDAP_DEREF_NEVER
[, <span
class="type">array<span
class="type">null $controls
=
null
]]]]]] )
Performs the search for a specified filter on the directory with the
scope of LDAP_SCOPE_SUBTREE
. This is equivalent to searching the
entire directory.
From 4.0.5 on it's also possible to do parallel searches. To do this you
use an array of link identifiers, rather than a single identifier, as
the first argument. If you don't want the same base DN and the same
filter for all the searches, you can also use an array of base DNs
and/or an array of filters. Those arrays must be of the same size as the
link identifier array since the first entries of the arrays are used for
one search, the second entries are used for another, and so on. When
doing parallel searches an array of search result identifiers is
returned, except in case of error, then the entry corresponding to the
search will be false
. This is very much like the value normally
returned, except that a result identifier is always returned when a
search was made. There are some rare cases where the normal search
returns false
while the parallel search returns an identifier.
参数
ldap
An LDAP link identifier, returned by <span
class="function">ldap_connect.
base
The base DN for the directory.
filter
The search filter can be simple or advanced, using boolean operators in
the format described in the LDAP documentation (see the
» Netscape Directory SDK
or
» RFC4515
for full information on filters).
attributes
An array of the required attributes, e.g. array("mail", "sn", "cn").
Note that the "dn" is always returned irrespective of which attributes
types are requested.
Using this parameter is much more efficient than the default action (which is to return all attributes and their associated values). The use of this parameter should therefore be considered good practice.
attributes_only
Should be set to 1 if only attribute types are wanted. If set to 0 both
attributes types and attribute values are fetched which is the default
behaviour.
sizelimit
Enables you to limit the count of entries fetched. Setting this to 0
means no limit.
Note:
This parameter can NOT override server-side preset sizelimit. You can set it lower though.
Some directory server hosts will be configured to return no more than a preset number of entries. If this occurs, the server will indicate that it has only returned a partial results set. This also occurs if you use this parameter to limit the count of fetched entries.
timelimit
Sets the number of seconds how long is spend on the search. Setting this
to 0 means no limit.
Note:
This parameter can NOT override server-side preset timelimit. You can set it lower though.
deref
Specifies how aliases should be handled during the search. It can be one
of the following:
-
LDAP_DEREF_NEVER
- (default) aliases are never dereferenced. -
LDAP_DEREF_SEARCHING
- aliases should be dereferenced during the search but not when locating the base object of the search. -
LDAP_DEREF_FINDING
- aliases should be dereferenced when locating the base object but not during the search. -
LDAP_DEREF_ALWAYS
- aliases should be dereferenced always.
controls
Array of LDAP Controls to
send with the request.
返回值
Returns a search result identifier or false
on error.
更新日志
版本 | 说明 |
---|---|
8.0.0 | controls is nullable now; previously, it defaulted to []. |
7.3 | Support for controls added |
范例
The example below retrieves the organizational unit, surname, given name
and email address for all people in "My Company" where the surname or
given name contains the substring $person
. This example uses a boolean
filter to tell the server to look for information in more than one
attribute.
示例 #1 LDAP search
<?php
// $ds is a valid link identifier for a directory server
// $person is all or part of a person's name, eg "Jo"
$dn = "o=My Company, c=US";
$filter="(|(sn=$person*)(givenname=$person*))";
$justthese = array("ou", "sn", "givenname", "mail");
$sr=ldap_search($ds, $dn, $filter, $justthese);
$info = ldap_get_entries($ds, $sr);
echo $info["count"]." entries returned\n";
?>
ldap_set_option
Set the value of the given option
说明
bool <span
class="methodname">ldap_set_option ( <span
class="methodparam"><span
class="type">resourcenull
$ldap
, int
$option
, <span
class="type">arraystring<span
class="type">intbool
$value
)
Sets the value of the specified option to be value
.
参数
ldap
An LDAP link identifier, returned by <span
class="function">ldap_connect.
option
The parameter option
can be one of:
Option | Type | Available since |
---|---|---|
LDAP_OPT_DEREF |
int | |
LDAP_OPT_SIZELIMIT |
int | |
LDAP_OPT_TIMELIMIT |
int | |
LDAP_OPT_NETWORK_TIMEOUT |
int | |
LDAP_OPT_PROTOCOL_VERSION |
int | |
LDAP_OPT_ERROR_NUMBER |
int | |
LDAP_OPT_REFERRALS |
bool | |
LDAP_OPT_RESTART |
bool | |
LDAP_OPT_HOST_NAME |
string | |
LDAP_OPT_ERROR_STRING |
string | |
LDAP_OPT_DIAGNOSTIC_MESSAGE |
string | |
LDAP_OPT_MATCHED_DN |
string | |
LDAP_OPT_SERVER_CONTROLS |
array | |
LDAP_OPT_CLIENT_CONTROLS |
array | |
LDAP_OPT_X_KEEPALIVE_IDLE |
int | PHP 7.1.0 |
LDAP_OPT_X_KEEPALIVE_PROBES |
int | PHP 7.1.0 |
LDAP_OPT_X_KEEPALIVE_INTERVAL |
int | PHP 7.1.0 |
LDAP_OPT_X_TLS_CACERTDIR |
string | PHP 7.1.0 |
LDAP_OPT_X_TLS_CACERTFILE |
string | PHP 7.1.0 |
LDAP_OPT_X_TLS_CERTFILE |
string | PHP 7.1.0 |
LDAP_OPT_X_TLS_CIPHER_SUITE |
string | PHP 7.1.0 |
LDAP_OPT_X_TLS_CRLCHECK |
int | PHP 7.1.0 |
LDAP_OPT_X_TLS_CRLFILE |
string | PHP 7.1.0 |
LDAP_OPT_X_TLS_DHFILE |
string | PHP 7.1.0 |
LDAP_OPT_X_TLS_KEYFILE |
string | PHP 7.1.0 |
LDAP_OPT_X_TLS_PROTOCOL_MIN |
int | PHP 7.1.0 |
LDAP_OPT_X_TLS_RANDOM_FILE |
string | PHP 7.1.0 |
LDAP_OPT_X_TLS_REQUIRE_CERT |
int | PHP 7.0.5 |
LDAP_OPT_SERVER_CONTROLS
and LDAP_OPT_CLIENT_CONTROLS
require a list of controls, this means that the value must be an array
of controls. A control consists of an oid identifying the control, an
optional value, and an optional flag for criticality. In PHP a
control is given by an array containing an element with the key oid
and string value, and two optional elements. The optional elements are
key value with string value and key iscritical with boolean value.
iscritical defaults to false
if not supplied. See
» draft-ietf-ldapext-ldap-c-api-xx.txt
for details. See also the second example below.
value
The new value for the specified option
.
返回值
成功时返回 true
, 或者在失败时返回 false
。
范例
示例 #1 Set protocol version
<?php
// $ds is a valid link identifier for a directory server
if (ldap_set_option($ds, LDAP_OPT_PROTOCOL_VERSION, 3)) {
echo "Using LDAPv3";
} else {
echo "Failed to set protocol version to 3";
}
?>
示例 #2 Set server controls
<?php
// $ds is a valid link identifier for a directory server
// control with no value
$ctrl1 = array("oid" => "1.2.752.58.10.1", "iscritical" => true);
// iscritical defaults to FALSE
$ctrl2 = array("oid" => "1.2.752.58.1.10", "value" => "magic");
// try to set both controls
if (!ldap_set_option($ds, LDAP_OPT_SERVER_CONTROLS, array($ctrl1, $ctrl2))) {
echo "Failed to set server controls";
}
?>
注释
Note:
This function is only available when using OpenLDAP 2.x.x OR Netscape Directory SDK x.x.
参见
- ldap_get_option
ldap_set_rebind_proc
Set a callback function to do re-binds on referral chasing
说明
bool <span
class="methodname">ldap_set_rebind_proc ( <span
class="methodparam">resource $ldap
,
<span
class="type">callablenull
$callback
)
Warning
本函数还未编写文档,仅有参数列表。
更新日志
版本 | 说明 |
---|---|
8.0.0 | callback is nullable now. |
ldap_sort
Sort LDAP result entries on the client side
说明
bool <span
class="methodname">ldap_sort ( <span
class="type">resource $link
, <span
class="methodparam">resource $result
, string
$sortfilter
)
Sort the result of a LDAP search, returned by <span class="function">ldap_search.
As this function sorts the returned values on the client side it is
possible that you might not get the expected results in case you reach
the sizelimit
either of the server or defined within <span
class="function">ldap_search.
Warning
本特性已自 PHP 7.0.0 起废弃。强烈建议不要使用本特性。
参数
link
An LDAP link identifier, returned by <span
class="function">ldap_connect.
result
An search result identifier, returned by <span
class="function">ldap_search.
sortfilter
The attribute to use as a key in the sort.
范例
Sorting the result of a search.
示例 #1 LDAP sort
<?php
// $ds is a valid link identifier (see ldap_connect)
$dn = 'ou=example,dc=org';
$filter = '(|(sn=Doe*)(givenname=John*))';
$justthese = array('ou', 'sn', 'givenname', 'mail');
$sr = ldap_search($ds, $dn, $filter, $justthese);
// Sort
ldap_sort($ds, $sr, 'sn');
// Retrieving the data
$info = ldap_get_entries($ds, $sr);
ldap_start_tls
Start TLS
说明
bool <span
class="methodname">ldap_start_tls ( <span
class="methodparam">resource $ldap
)
Warning
本函数还未编写文档,仅有参数列表。
ldap_t61_to_8859
Translate t61 characters to 8859 characters
说明
string<span
class="type">false <span
class="methodname">ldap_t61_to_8859 ( <span
class="methodparam">string $value
)
Warning
本函数还未编写文档,仅有参数列表。
ldap_unbind
Unbind from LDAP directory
说明
bool <span
class="methodname">ldap_unbind ( <span
class="type">resource $ldap
)
Unbinds from the LDAP directory.
参数
ldap
An LDAP link identifier, returned by <span
class="function">ldap_connect.
返回值
成功时返回 true
, 或者在失败时返回 false
。
参见
- ldap_bind
目录
- ldap_8859_to_t61 — Translate 8859 characters to t61 characters
- ldap_add_ext — Add entries to LDAP directory
- ldap_add — Add entries to LDAP directory
- ldap_bind_ext — Bind to LDAP directory
- ldap_bind — 绑定 LDAP 目录
- ldap_close — 别名 ldap_unbind
- ldap_compare — Compare value of attribute found in entry specified with DN
- ldap_connect — Connect to an LDAP server
- ldap_control_paged_result_response — Retrieve the LDAP pagination cookie
- ldap_control_paged_result — Send LDAP pagination control
- ldap_count_entries — Count the number of entries in a search
- ldap_delete_ext — Delete an entry from a directory
- ldap_delete — Delete an entry from a directory
- ldap_dn2ufn — Convert DN to User Friendly Naming format
- ldap_err2str — Convert LDAP error number into string error message
- ldap_errno — Return the LDAP error number of the last LDAP command
- ldap_error — Return the LDAP error message of the last LDAP command
- ldap_escape — Escape a string for use in an LDAP filter or DN
- ldap_exop_passwd — PASSWD extended operation helper
- ldap_exop_refresh — Refresh extended operation helper
- ldap_exop_whoami — WHOAMI extended operation helper
- ldap_exop — Performs an extended operation
- ldap_explode_dn — Splits DN into its component parts
- ldap_first_attribute — Return first attribute
- ldap_first_entry — Return first result id
- ldap_first_reference — Return first reference
- ldap_free_result — Free result memory
- ldap_get_attributes — Get attributes from a search result entry
- ldap_get_dn — Get the DN of a result entry
- ldap_get_entries — Get all result entries
- ldap_get_option — Get the current value for given option
- ldap_get_values_len — Get all binary values from a result entry
- ldap_get_values — Get all values from a result entry
- ldap_list — Single-level search
- ldap_mod_add_ext — Add attribute values to current attributes
- ldap_mod_add — Add attribute values to current attributes
- ldap_mod_del_ext — Delete attribute values from current attributes
- ldap_mod_del — Delete attribute values from current attributes
- ldap_mod_replace_ext — Replace attribute values with new ones
- ldap_mod_replace — Replace attribute values with new ones
- ldap_modify_batch — Batch and execute modifications on an LDAP entry
- ldap_modify — 别名 ldap_mod_replace
- ldap_next_attribute — Get the next attribute in result
- ldap_next_entry — Get next result entry
- ldap_next_reference — Get next reference
- ldap_parse_exop — Parse result object from an LDAP extended operation
- ldap_parse_reference — Extract information from reference entry
- ldap_parse_result — Extract information from result
- ldap_read — Read an entry
- ldap_rename_ext — Modify the name of an entry
- ldap_rename — Modify the name of an entry
- ldap_sasl_bind — Bind to LDAP directory using SASL
- ldap_search — Search LDAP tree
- ldap_set_option — Set the value of the given option
- ldap_set_rebind_proc — Set a callback function to do re-binds on referral chasing
- ldap_sort — Sort LDAP result entries on the client side
- ldap_start_tls — Start TLS
- ldap_t61_to_8859 — Translate t61 characters to 8859 characters
- ldap_unbind — Unbind from LDAP directory