Ref/ldap-Phpdoc专题

ldap_8859_to_t61

Translate 8859 characters to t61 characters

说明

stringfalse ldap_8859_to_t61 ( string $value )

Translate ISO-8859 characters to t61 characters.

This function is useful if you have to talk to a legacy LDAPv2 server.

参数

value
The text to be translated.

返回值

Return the t61 translation of value, 或者在失败时返回 false.

参见

ldap_t61_to_8859

ldap_add_ext

Add entries to LDAP directory

说明

resourcefalse ldap_add_ext ( resource $ldap , string $dn , array $entry [, arraynull $controls = null ] )

Does the same thing as ldap_add but returns the LDAP result resource to be parsed with ldap_parse_result.

参数

See ldap_add

返回值

Returns an LDAP result identifier or false on error.

更新日志

版本	说明
8.0.0	`controls` is nullable now; previously, it defaulted to [].

注释

Note: 此函数可安全用于二进制对象。

参见

ldap_add
ldap_parse_result

ldap_add

Add entries to LDAP directory

说明

bool ldap_add ( resource $ldap , string $dn , array $entry [, arraynull $controls = null ] )

Add entries in the LDAP directory.

参数

ldap
An LDAP link identifier, returned by ldap_connect.

dn
The distinguished name of an LDAP entity.

entry
An array that specifies the information about the entry. The values in the entries are indexed by individual attributes. In case of multiple values for an attribute, they are indexed using integers starting with 0.

<?php
$entry["attribute1"] = "value";
$entry["attribute2"][0] = "value1";
$entry["attribute2"][1] = "value2";
?>

controls
Array of LDAP Controls to send with the request.

返回值

成功时返回 true，或者在失败时返回 false。

更新日志

版本	说明
8.0.0	`controls` is nullable now; previously, it defaulted to [].
7.3	Support for `controls` added

范例

示例 #1 Complete example with authenticated bind

<?php
$ds = ldap_connect("localhost");  // assuming the LDAP server is on this host

if ($ds) {
    // bind with appropriate dn to give update access
    $r = ldap_bind($ds, "cn=root, o=My Company, c=US", "secret");

    // prepare data
    $info["cn"] = "John Jones";
    $info["sn"] = "Jones";
    $info["objectclass"] = "person";

    // add data to directory
    $r = ldap_add($ds, "cn=John Jones, o=My Company, c=US", $info);

    ldap_close($ds);
} else {
    echo "Unable to connect to LDAP server";
}
?>

注释

Note: 此函数可安全用于二进制对象。

参见

ldap_add_ext
ldap_delete

ldap_bind_ext

Bind to LDAP directory

说明

resourcefalse ldap_bind_ext ( resource $ldap [, stringnull $dn = null [, stringnull $password = null [, arraynull $controls = null ]]] )

Does the same thing as ldap_bind but returns the LDAP result resource to be parsed with ldap_parse_result.

参数

See ldap_bind

返回值

Returns an LDAP result identifier or false on error.

更新日志

版本	说明
8.0.0	`controls` is nullable now; previously, it defaulted to [].

参见

ldap_bind
ldap_parse_result

ldap_bind

绑定 LDAP 目录

说明

bool ldap_bind ( resource $link_identifier [, string $bind_rdn = null [, string $bind_password = null ]] )

使用指定的 RDN 和密码绑定到 LDAP 目录。

参数

link_identifier
通过 ldap_connect 连接之后返回的 LDAP 连接标识。

bind_rdn

bind_password

如果没有指定 bind_rdn 和 bind_password ，将会以匿名身份绑定。

返回值

成功时返回 true，或者在失败时返回 false。

范例

示例 #1 使用 LDAP Bind

<?php

// using ldap bind
$ldaprdn  = 'uname';     // ldap rdn or dn
$ldappass = 'password';  // associated password

// connect to ldap server
$ldapconn = ldap_connect("ldap.example.com")
    or die("Could not connect to LDAP server.");

if ($ldapconn) {

    // binding to ldap server
    $ldapbind = ldap_bind($ldapconn, $ldaprdn, $ldappass);

    // verify binding
    if ($ldapbind) {
        echo "LDAP bind successful...";
    } else {
        echo "LDAP bind failed...";
    }

}

?>

示例 #2 Using LDAP Bind Anonymously

<?php

//using ldap bind anonymously

// connect to ldap server
$ldapconn = ldap_connect("ldap.example.com")
    or die("Could not connect to LDAP server.");

if ($ldapconn) {

    // binding anonymously
    $ldapbind = ldap_bind($ldapconn);

    if ($ldapbind) {
        echo "LDAP bind anonymous successful...";
    } else {
        echo "LDAP bind anonymous failed...";
    }

}

?>

参见

ldap_unbind

ldap_close

别名 ldap_unbind

说明

此函数是该函数的别名： ldap_unbind.

ldap_compare

Compare value of attribute found in entry specified with DN

说明

boolint ldap_compare ( resource $ldap , string $dn , string $attribute , string $value [, arraynull $controls = null ] )

Compare value of attribute with value of same attribute in an LDAP directory entry.

参数

ldap
An LDAP link identifier, returned by ldap_connect.

dn
The distinguished name of an LDAP entity.

attribute
The attribute name.

value
The compared value.

controls
Array of LDAP Controls to send with the request.

返回值

Returns true if value matches otherwise returns false. Returns -1 on error.

更新日志

版本	说明
8.0.0	`controls` is nullable now; previously, it defaulted to [].
7.3	Support for `controls` added

范例

The following example demonstrates how to check whether or not given password matches the one defined in DN specified entry.

示例 #1 Complete example of password check

<?php

$ds=ldap_connect("localhost");  // assuming the LDAP server is on this host

if ($ds) {

    // bind
    if (ldap_bind($ds)) {

        // prepare data
        $dn = "cn=Matti Meikku, ou=My Unit, o=My Company, c=FI";
        $value = "secretpassword";
        $attr = "password";

        // compare value
        $r=ldap_compare($ds, $dn, $attr, $value);

        if ($r === -1) {
            echo "Error: " . ldap_error($ds);
        } elseif ($r === true) {
            echo "Password correct.";
        } elseif ($r === false) {
            echo "Wrong guess! Password incorrect.";
        }

    } else {
        echo "Unable to bind to LDAP server.";
    }

    ldap_close($ds);

} else {
    echo "Unable to connect to LDAP server.";
}
?>

注释

Warning

ldap_compare can NOT be used to compare BINARY values!

ldap_connect

Connect to an LDAP server

说明

resourcefalse ldap_connect ([ stringnull $uri = null ] )

Warning

The following signature is still supported for backwards compatibility (except for using named parameters), but is considered deprecated and should not be used anymore!

resourcefalse ldap_connect ([ string $host = null [, int $port = 389 ]] )

Creates an LDAP link identifier and checks whether the given uri is plausible.

Note: This function does not open a connection. It checks whether the given parameters are plausible and can be used to open a connection as soon as one is needed.

参数

uri
A full LDAP URI of the form ldap://hostname:port or ldaps://hostname:port for SSL encryption.

You can also provide multiple LDAP-URIs separated by a space as one string

Note that hostname:port is not a supported LDAP URI as the schema is missing.

host
The hostname to connect to.

port
The port to connect to.

返回值

Returns a positive LDAP link identifier when the provided LDAP URI seems plausible. It's a syntactic check of the provided parameter but the server(s) will not be contacted! If the syntactic check fails it returns false. ldap_connect will otherwise return a resource as it does not actually connect but just initializes the connecting parameters. The actual connect happens with the next calls to ldap_* funcs, usually with ldap_bind.

If no argument is specified then the link identifier of the already opened link will be returned.

范例

示例 #1 Example of connecting to LDAP server.

<?php

// LDAP variables
$ldapuri = "ldap://ldap.example.com:389";  // your ldap-uri

// Connecting to LDAP
$ldapconn = ldap_connect($ldapuri)
          or die("That LDAP-URI was not parseable");

?>

示例 #2 Example of connecting securely to LDAP server.

<?php

// make sure your host is the correct one
// that you issued your secure certificate to
$ldaphost = "ldaps://ldap.example.com/";

// Connecting to LDAP
$ldapconn = ldap_connect($ldaphost)
          or die("That LDAP-URI was not parseable");

?>

参见

ldap_bind

ldap_control_paged_result_response

Retrieve the LDAP pagination cookie

Warning

This function has been DEPRECATED as of PHP 7.4.0, and REMOVED as of PHP 8.0.0. Instead the controls parameter of ldap_search should be used. See also LDAP Controls for details.

说明

bool ldap_control_paged_result_response ( resource $link , resource $result [, string &$cookie [, int &$estimated ]] )

Retrieve the pagination information send by the server.

参数

link
An LDAP link identifier, returned by ldap_connect.

result

cookie
An opaque structure sent by the server.

estimated
The estimated number of entries to retrieve.

返回值

成功时返回 true，或者在失败时返回 false。

更新日志

版本	说明
7.4.0	This function has been deprecated.

参见

ldap_control_paged_result
» RFC2696 : LDAP Control Extension for Simple Paged Results Manipulation

ldap_control_paged_result

Send LDAP pagination control

Warning

说明

bool ldap_control_paged_result ( resource $link , int $pagesize [, bool $iscritical = false [, string $cookie = "" ]] )

Enable LDAP pagination by sending the pagination control (page size, cookie...).

参数

link
An LDAP link identifier, returned by ldap_connect.

pagesize
The number of entries by page.

iscritical
Indicates whether the pagination is critical or not. If true and if the server doesn't support pagination, the search will return no result.

cookie
An opaque structure sent by the server (ldap_control_paged_result_response).

返回值

成功时返回 true，或者在失败时返回 false。

更新日志

版本	说明
7.4.0	This function has been deprecated.

范例

The example below show the retrieval of the first page of a search paginated with one entry by page.

示例 #1 LDAP pagination

<?php
     // $ds is a valid link identifier (see ldap_connect)
     ldap_set_option($ds, LDAP_OPT_PROTOCOL_VERSION, 3);

     $dn        = 'ou=example,dc=org';
     $filter    = '(|(sn=Doe*)(givenname=John*))';
     $justthese = array('ou', 'sn', 'givenname', 'mail');

     // enable pagination with a page size of 1.
     ldap_control_paged_result($ds, 1);

     $sr = ldap_search($ds, $dn, $filter, $justthese);

     $info = ldap_get_entries($ds, $sr);

     echo $info['count'] . ' entries returned' . PHP_EOL;

The example below show the retrieval of all the result paginated with 100 entries by page.

示例 #2 LDAP pagination

<?php
     // $ds is a valid link identifier (see ldap_connect)
     ldap_set_option($ds, LDAP_OPT_PROTOCOL_VERSION, 3);

     $dn        = 'ou=example,dc=org';
     $filter    = '(|(sn=Doe*)(givenname=John*))';
     $justthese = array('ou', 'sn', 'givenname', 'mail');

     // enable pagination with a page size of 100.
     $pageSize = 100;

     $cookie = '';
     do {
         ldap_control_paged_result($ds, $pageSize, true, $cookie);

         $result  = ldap_search($ds, $dn, $filter, $justthese);
         $entries = ldap_get_entries($ds, $result);

         foreach ($entries as $e) {
             echo $e['dn'] . PHP_EOL;
         }

         ldap_control_paged_result_response($ds, $result, $cookie);

     } while($cookie !== null && $cookie != '');

注释

Note:

Pagination control is a LDAPv3 protocol feature.

参见

ldap_control_paged_result_response
» RFC2696 : LDAP Control Extension for Simple Paged Results Manipulation

ldap_count_entries

Count the number of entries in a search

说明

int ldap_count_entries ( resource $ldap , resource $result )

Returns the number of entries stored in the result of previous search operations.

参数

ldap
An LDAP link identifier, returned by ldap_connect.

result
The internal LDAP result.

返回值

Returns number of entries in the result or false on error.

范例

示例 #1 ldap-count-entries example

Retrieve number of entries in the result.

// $ds is a valid link identifier (see ldap_connect)

     $dn        = 'ou=example,dc=org';
     $filter    = '(|(sn=Doe*)(givenname=John*))';
     $justthese = array('ou', 'sn', 'givenname', 'mail');

     $sr = ldap_search($ds, $dn, $filter, $justthese);

     var_dump(ldap_count_entries($ds, $sr));

以上例程的输出类似于：

     int(1)

ldap_delete_ext

Delete an entry from a directory

说明

resourcefalse ldap_delete_ext ( resource $ldap , string $dn [, arraynull $controls = null ] )

Does the same thing as ldap_delete but returns the LDAP result resource to be parsed with ldap_parse_result.

参数

See ldap_delete

返回值

Returns an LDAP result identifier or false on error.

更新日志

版本	说明
8.0.0	`controls` is nullable now; previously, it defaulted to [].

参见

ldap_delete
ldap_parse_result

ldap_delete

Delete an entry from a directory

说明

bool ldap_delete ( resource $ldap , string $dn [, arraynull $controls = null ] )

Deletes a particular entry in LDAP directory.

参数

ldap
An LDAP link identifier, returned by ldap_connect.

dn
The distinguished name of an LDAP entity.

controls
Array of LDAP Controls to send with the request.

返回值

成功时返回 true，或者在失败时返回 false。

更新日志

版本	说明
8.0.0	`controls` is nullable now; previously, it defaulted to [].
7.3	Support for `controls` added

参见

ldap_delete_ext
ldap_add

ldap_dn2ufn

Convert DN to User Friendly Naming format

说明

stringfalse ldap_dn2ufn ( string $dn )

Turns the specified dn, into a more user-friendly form, stripping off type names.

参数

dn
The distinguished name of an LDAP entity.

返回值

Returns the user friendly name, 或者在失败时返回 false.

ldap_err2str

Convert LDAP error number into string error message

说明

string ldap_err2str ( int $errno )

Returns the string error message explaining the error number errno. While LDAP errno numbers are standardized, different libraries return different or even localized textual error messages. Never check for a specific error message text, but always use an error number to check.

参数

errno
The error number.

返回值

Returns the error message, as a string.

范例

示例 #1 Enumerating all LDAP error messages

<?php
  for ($i=0; $i<100; $i++) {
    printf("Error $i: %s<br />\n", ldap_err2str($i));
  }
?>

参见

ldap_errno
ldap_error

ldap_errno

Return the LDAP error number of the last LDAP command

说明

int ldap_errno ( resource $ldap )

Returns the standardized error number returned by the last LDAP command. This number can be converted into a textual error message using ldap_err2str.

参数

ldap
An LDAP link identifier, returned by ldap_connect.

返回值

Return the LDAP error number of the last LDAP command for this link.

范例

Unless you lower your warning level in your php.ini sufficiently or prefix your LDAP commands with @ (at) characters to suppress warning output, the errors generated will also show up in your HTML output.

示例 #1 Generating and catching an error

<?php
// This example contains an error, which we will catch.
$ld = ldap_connect("localhost");
$bind = ldap_bind($ld);
// syntax error in filter expression (errno 87),
// must be "objectclass=*" to work.
$res =  @ldap_search($ld, "o=Myorg, c=DE", "objectclass");
if (!$res) {
    echo "LDAP-Errno: " . ldap_errno($ld) . "<br />\n";
    echo "LDAP-Error: " . ldap_error($ld) . "<br />\n";
    die("Argh!<br />\n");
}
$info = ldap_get_entries($ld, $res);
echo $info["count"] . " matching entries.<br />\n";
?>

参见

ldap_err2str
ldap_error

ldap_error

Return the LDAP error message of the last LDAP command

说明

string ldap_error ( resource $ldap )

Returns the string error message explaining the error generated by the last LDAP command for the given ldap. While LDAP errno numbers are standardized, different libraries return different or even localized textual error messages. Never check for a specific error message text, but always use an error number to check.

参数

ldap
An LDAP link identifier, returned by ldap_connect.

返回值

Returns string error message.

参见

ldap_err2str
ldap_errno

ldap_escape

Escape a string for use in an LDAP filter or DN

说明

string ldap_escape ( string $value [, string $ignore = "" [, int $flags = 0 ]] )

Escapes value for use in the context implied by flags.

参数

value
The value to escape.

ignore
Characters to ignore when escaping.

flags
The context the escaped string will be used in: LDAP_ESCAPE_FILTER for filters to be used with ldap_search, or LDAP_ESCAPE_DN for DNs. If neither flag is passed, all chars are escaped.

返回值

Returns the escaped string.

范例

When building an LDAP filter, you should use ldap_escape with LDAP_ESCAPE_FILTER flag.

示例 #1 Searching for an email address

<?php
// $ds is a valid link identifier for a directory server

// $mail is an email address provided by the user in a form

$base   = "o=My Company, c=US";
$filter = "(mail=".ldap_escape($mail, "", LDAP_ESCAPE_FILTER).")";

$sr = ldap_search($ds, $base, $filter, array("sn", "givenname", "mail"));

$info = ldap_get_entries($ds, $sr);

echo $info["count"]." entries returned\n";
?>

ldap_exop_passwd

PASSWD extended operation helper

说明

stringbool ldap_exop_passwd ( resource $ldap [, string $user = "" [, string $old_password = "" [, string $new_password = "" [, array &$controls = null ]]]] )

Performs a PASSWD extended operation.

参数

ldap
An LDAP link identifier, returned by ldap_connect.

user
dn of the user to change the password of.

old_password
The old password of this user. May be ommited depending of server configuration.

new_password
The new password for this user. May be omitted or empty to have a generated password.

controls
If provided, a password policy request control is send with the request and this is filled with an array of LDAP Controls returned with the request.

返回值

Returns the generated password if new_password is empty or omitted. Otherwise returns true on success and false on failure.

更新日志

版本	说明
8.0.0	`controls` is nullable now; previously, it defaulted to [].
7.3	Support for `controls` added

范例

示例 #1 PASSWD extended operation

<?php
$ds = ldap_connect("localhost");  // assuming the LDAP server is on this host

if ($ds) {
    // bind with appropriate dn to give update access
    $bind = ldap_bind($ds, "cn=root, o=My Company, c=US", "secret");
    if (!$bind) {
      echo "Unable to bind to LDAP server";
      exit;
    }

    // use PASSWD EXOP to change the user password for a generated one
    $genpw = ldap_exop_passwd($ds, "cn=root, o=My Company, c=US", "secret");
    if ($genpw) {
      // use the generated password to bind
      $bind = ldap_bind($ds, "cn=root, o=My Company, c=US", $genpw);
    }

    // set the password back to "secret"
    ldap_exop_passwd($ds, "cn=root, o=My Company, c=US", $genpw, "secret");

    ldap_close($ds);
} else {
    echo "Unable to connect to LDAP server";
}
?>

参见

ldap_exop
ldap_parse_exop

ldap_exop_refresh

Refresh extended operation helper

说明

intfalse ldap_exop_refresh ( resource $ldap , string $dn , int $ttl )

Performs a Refresh extended operation and returns the data.

参数

ldap
An LDAP link identifier, returned by ldap_connect.

dn
dn of the entry to refresh.

ttl
Time in seconds (between 1 and 31557600) that the client requests that the entry exists in the directory before being automatically removed.

返回值

From RFC: The responseTtl field is the time in seconds which the server chooses to have as the time-to-live field for that entry. It must not be any smaller than that which the client requested, and it may be larger. However, to allow servers to maintain a relatively accurate directory, and to prevent clients from abusing the dynamic extensions, servers are permitted to shorten a client-requested time-to-live value, down to a minimum of 86400 seconds (one day). false will be returned on error.

参见

ldap_exop

ldap_exop_whoami

WHOAMI extended operation helper

说明

stringbool ldap_exop_whoami ( resource $ldap )

Performs a WHOAMI extended operation and returns the data.

参数

ldap
An LDAP link identifier, returned by ldap_connect.

返回值

The data returned by the server, or false on error.

参见

ldap_exop

ldap_exop

Performs an extended operation

说明

mixed ldap_exop ( resource $link , string $reqoid [, string $reqdata = null [, array $serverctrls = null [, string &$retdata [, string &$retoid ]]]] )

Performs an extended operation on the specified link with reqoid the OID of the operation and reqdata the data.

参数

link
An LDAP link identifier, returned by ldap_connect.

reqoid
The extended operation request OID. You may use one of LDAP_EXOP_START_TLS, LDAP_EXOP_MODIFY_PASSWD, LDAP_EXOP_REFRESH, LDAP_EXOP_WHO_AM_I, LDAP_EXOP_TURN, or a string with the OID of the operation you want to send.

reqdata
The extended operation request data. May be NULL for some operations like LDAP_EXOP_WHO_AM_I, may also need to be BER encoded.

serverctrls
Array of LDAP Controls to send with the request.

retdata
Will be filled with the extended operation response data if provided. If not provided you may use ldap_parse_exop on the result object later to get this data.

retoid
Will be filled with the response OID if provided, usually equal to the request OID.

返回值

When used with retdata, returns true on success or false on error. When used without retdata, returns a result identifier or false on error.

更新日志

版本	说明
7.3	Support for `serverctrls` added

范例

示例 #1 Whoami extended operation

<?php
$ds = ldap_connect("localhost");  // assuming the LDAP server is on this host

if ($ds) {
    // bind with appropriate dn to give update access
    $bind = ldap_bind($ds, "cn=root, o=My Company, c=US", "secret");
    if (!$bind) {
      echo "Unable to bind to LDAP server";
      exit;
    }

    // Call WHOAMI EXOP
    $r = ldap_exop($ds, LDAP_EXOP_WHO_AM_I);

    // Parse the result object
    ldap_parse_exop($ds, $r, $retdata);
    // Output: string(31) "dn:cn=root, o=My Company, c=US"
    var_dump($retdata);

    // Same thing using $retdata parameter
    $success = ldap_exop($ds, LDAP_EXOP_WHO_AM_I, NULL, NULL, $retdata, $retoid);
    if ($success) {
      var_dump($retdata);
    }

    ldap_close($ds);
} else {
    echo "Unable to connect to LDAP server";
}
?>

参见

ldap_parse_result
ldap_parse_exop
ldap_exop_whoami
ldap_exop_refresh
ldap_exop_passwd

ldap_explode_dn

Splits DN into its component parts

说明

arrayfalse ldap_explode_dn ( string $dn , int $with_attrib )

Splits the DN returned by ldap_get_dn and breaks it up into its component parts. Each part is known as Relative Distinguished Name, or RDN.

参数

dn
The distinguished name of an LDAP entity.

with_attrib
Used to request if the RDNs are returned with only values or their attributes as well. To get RDNs with the attributes (i.e. in attribute=value format) set with_attrib to 0 and to get only values set it to 1.

返回值

Returns an array of all DN components, 或者在失败时返回 false. The first element in the array has count key and represents the number of returned values, next elements are numerically indexed DN components.

ldap_first_attribute

Return first attribute

说明

stringfalse ldap_first_attribute ( resource $ldap , resource $entry )

Gets the first attribute in the given entry. Remaining attributes are retrieved by calling ldap_next_attribute successively.

Similar to reading entries, attributes are also read one by one from a particular entry.

参数

ldap
An LDAP link identifier, returned by ldap_connect.

entry

ber_identifier
ber_identifier is the identifier to internal memory location pointer. It is passed by reference. The same ber_identifier is passed to ldap_next_attribute , which modifies that pointer.

Note:

This parameter is no longer used as this is now handled automatically by PHP. For backwards compatibility PHP will not throw an error if this parameter is passed.

返回值

Returns the first attribute in the entry on success and false on error.

参见

ldap_next_attribute
ldap_get_attributes

ldap_first_entry

Return first result id

说明

resourcefalse ldap_first_entry ( resource $ldap , resource $result )

Returns the entry identifier for first entry in the result. This entry identifier is then supplied to ldap_next_entry routine to get successive entries from the result.

Entries in the LDAP result are read sequentially using the ldap_first_entry and ldap_next_entry functions.

参数

ldap
An LDAP link identifier, returned by ldap_connect.

result

返回值

Returns the result entry identifier for the first entry on success and false on error.

参见

ldap_get_entries

ldap_first_reference

Return first reference

说明

resourcefalse ldap_first_reference ( resource $ldap , resource $result )

Warning

本函数还未编写文档，仅有参数列表。

ldap_free_result

Free result memory

说明

bool ldap_free_result ( resource $ldap )

Frees up the memory allocated internally to store the result. All result memory will be automatically freed when the script terminates.

Typically all the memory allocated for the LDAP result gets freed at the end of the script. In case the script is making successive searches which return large result sets, ldap_free_result could be called to keep the runtime memory usage by the script low.

参数

ldap

返回值

成功时返回 true，或者在失败时返回 false。

ldap_get_attributes

Get attributes from a search result entry

说明

array ldap_get_attributes ( resource $ldap , resource $entry )

Reads attributes and values from an entry in the search result.

Having located a specific entry in the directory, you can find out what information is held for that entry by using this call. You would use this call for an application which "browses" directory entries and/or where you do not know the structure of the directory entries. In many applications you will be searching for a specific attribute such as an email address or a surname, and won't care what other data is held.

return_value["count"] = number of attributes in the entry
return_value[0] = first attribute
return_value[n] = nth attribute

return_value["attribute"]["count"] = number of values for attribute
return_value["attribute"][0] = first value of the attribute
return_value["attribute"][i] = (i+1)th value of the attribute

参数

ldap
An LDAP link identifier, returned by ldap_connect.

entry

返回值

Returns a complete entry information in a multi-dimensional array on success and false on error.

范例

示例 #1 Show the list of attributes held for a particular directory entry

<?php
// $ds is the link identifier for the directory

// $sr is a valid search result from a prior call to
// one of the ldap directory search calls

$entry = ldap_first_entry($ds, $sr);

$attrs = ldap_get_attributes($ds, $entry);

echo $attrs["count"] . " attributes held for this entry:<p>";

for ($i=0; $i < $attrs["count"]; $i++) {
    echo $attrs[$i] . "<br />";
}
?>

参见

ldap_first_attribute
ldap_next_attribute

ldap_get_dn

Get the DN of a result entry

说明

stringfalse ldap_get_dn ( resource $ldap , resource $entry )

Finds out the DN of an entry in the result.

参数

ldap
An LDAP link identifier, returned by ldap_connect.

entry

返回值

Returns the DN of the result entry and false on error.

ldap_get_entries

Get all result entries

说明

arrayfalse ldap_get_entries ( resource $ldap , resource $result )

Reads multiple entries from the given result, and then reading the attributes and multiple values.

参数

ldap
An LDAP link identifier, returned by ldap_connect.

result

返回值

Returns a complete result information in a multi-dimensional array on success and false on error.

The structure of the array is as follows. The attribute index is converted to lowercase. (Attributes are case-insensitive for directory servers, but not when used as array indices.)

return_value["count"] = number of entries in the result
return_value[0] : refers to the details of first entry

return_value[i]["dn"] =  DN of the ith entry in the result

return_value[i]["count"] = number of attributes in ith entry
return_value[i][j] = NAME of the jth attribute in the ith entry in the result

return_value[i]["attribute"]["count"] = number of values for
                                        attribute in ith entry
return_value[i]["attribute"][j] = jth value of attribute in ith entry

参见

ldap_first_entry
ldap_next_entry

ldap_get_option

Get the current value for given option

说明

bool ldap_get_option ( resource $ldap , int $option [, arraystringint &$value = null ] )

Sets value to the value of the specified option.

参数

ldap
An LDAP link identifier, returned by ldap_connect.

option
The parameter option can be one of:

Option	Type	since
`LDAP_OPT_DEREF`	int
`LDAP_OPT_SIZELIMIT`	int
`LDAP_OPT_TIMELIMIT`	int
`LDAP_OPT_NETWORK_TIMEOUT`	int
`LDAP_OPT_PROTOCOL_VERSION`	int
`LDAP_OPT_ERROR_NUMBER`	int
`LDAP_OPT_DIAGNOSTIC_MESSAGE`	int
`LDAP_OPT_REFERRALS`	int
`LDAP_OPT_RESTART`	int
`LDAP_OPT_HOST_NAME`	string
`LDAP_OPT_ERROR_STRING`	string
`LDAP_OPT_MATCHED_DN`	string
`LDAP_OPT_SERVER_CONTROLS`	array
`LDAP_OPT_CLIENT_CONTROLS`	array
`LDAP_OPT_X_KEEPALIVE_IDLE`	int	7.1
`LDAP_OPT_X_KEEPALIVE_PROBES`	int	7.1
`LDAP_OPT_X_KEEPALIVE_INTERVAL`	int	7.1
`LDAP_OPT_X_TLS_CACERTDIR`	string	7.1
`LDAP_OPT_X_TLS_CACERTFILE`	string	7.1
`LDAP_OPT_X_TLS_CERTFILE`	string	7.1
`LDAP_OPT_X_TLS_CIPHER_SUITE`	string	7.1
`LDAP_OPT_X_TLS_CRLCHECK`	int	7.1
`LDAP_OPT_X_TLS_CRL_NONE`	int	7.1
`LDAP_OPT_X_TLS_CRL_PEER`	int	7.1
`LDAP_OPT_X_TLS_CRL_ALL`	int	7.1
`LDAP_OPT_X_TLS_CRLFILE`	string	7.1
`LDAP_OPT_X_TLS_DHFILE`	string	7.1
`LDAP_OPT_X_TLS_KEYILE`	string	7.1
`LDAP_OPT_X_TLS_PACKAGE`	string	7.1
`LDAP_OPT_X_TLS_PROTOCOL_MIN`	int	7.1
`LDAP_OPT_X_TLS_RANDOM_FILE`	string	7.1
`LDAP_OPT_X_TLS_REQUIRE_CERT`	int

value
This will be set to the option value.

返回值

成功时返回 true，或者在失败时返回 false。

范例

示例 #1 Check protocol version

<?php
// $ds is a valid link identifier for a directory server
if (ldap_get_option($ds, LDAP_OPT_PROTOCOL_VERSION, $version)) {
    echo "Using protocol version $version\n";
} else {
    echo "Unable to determine protocol version\n";
}
?>

注释

Note:

This function is only available when using OpenLDAP 2.x.x OR Netscape Directory SDK x.x.

参见

ldap_set_option

ldap_get_values_len

Get all binary values from a result entry

说明

arrayfalse ldap_get_values_len ( resource $ldap , resource $entry , string $attribute )

Reads all the values of the attribute in the entry in the result.

This function is used exactly like ldap_get_values except that it handles binary data and not string data.

参数

ldap
An LDAP link identifier, returned by ldap_connect.

entry

attribute

返回值

Returns an array of values for the attribute on success and false on error. Individual values are accessed by integer index in the array. The first index is 0. The number of values can be found by indexing "count" in the resultant array.

参见

ldap_get_values

ldap_get_values

Get all values from a result entry

说明

arrayfalse ldap_get_values ( resource $ldap , resource $entry , string $attribute )

Reads all the values of the attribute in the entry in the result.

This call needs a entry, so needs to be preceded by one of the ldap search calls and one of the calls to get an individual entry.

You application will either be hard coded to look for certain attributes (such as "surname" or "mail") or you will have to use the ldap_get_attributes call to work out what attributes exist for a given entry.

参数

ldap
An LDAP link identifier, returned by ldap_connect.

entry

attribute

返回值

Returns an array of values for the attribute on success and false on error. The number of values can be found by indexing "count" in the resultant array. Individual values are accessed by integer index in the array. The first index is 0.

LDAP allows more than one entry for an attribute, so it can, for example, store a number of email addresses for one person's directory entry all labeled with the attribute "mail"

    return_value["count"] = number of values for attribute
    return_value[0] = first value of attribute
    return_value[i] = ith value of attribute

范例

示例 #1 List all values of the "mail" attribute for a directory entry

<?php
// $ds is a valid link identifier for a directory server

// $sr is a valid search result from a prior call to
//     one of the ldap directory search calls

// $entry is a valid entry identifier from a prior call to
//        one of the calls that returns a directory entry

$values = ldap_get_values($ds, $entry, "mail");

echo $values["count"] . " email addresses for this entry.<br />";

for ($i=0; $i < $values["count"]; $i++) {
    echo $values[$i] . "<br />";
}
?>

参见

ldap_get_values_len

ldap_list

Single-level search

说明

resourcearrayfalse ldap_list ( resourcearray $ldap , arraystring $base , arraystring $filter [, array $attributes = [] [, int $attributes_only = 0 [, int $sizelimit = -1 [, int $timelimit = -1 [, int $deref = LDAP_DEREF_NEVER [, arraynull $controls = null ]]]]]] )

Performs the search for a specified filter on the directory with the scope LDAP_SCOPE_ONELEVEL.

LDAP_SCOPE_ONELEVEL means that the search should only return information that is at the level immediately below the base given in the call. (Equivalent to typing "ls" and getting a list of files and folders in the current working directory.)

参数

ldap
An LDAP link identifier, returned by ldap_connect.

base
The base DN for the directory.

filter

attributes
An array of the required attributes, e.g. array("mail", "sn", "cn"). Note that the "dn" is always returned irrespective of which attributes types are requested.

Using this parameter is much more efficient than the default action (which is to return all attributes and their associated values). The use of this parameter should therefore be considered good practice.

attributes_only
Should be set to 1 if only attribute types are wanted. If set to 0 both attributes types and attribute values are fetched which is the default behaviour.

sizelimit
Enables you to limit the count of entries fetched. Setting this to 0 means no limit.

Note:

This parameter can NOT override server-side preset sizelimit. You can set it lower though.

Some directory server hosts will be configured to return no more than a preset number of entries. If this occurs, the server will indicate that it has only returned a partial results set. This also occurs if you use this parameter to limit the count of fetched entries.

timelimit
Sets the number of seconds how long is spend on the search. Setting this to 0 means no limit.

Note:

This parameter can NOT override server-side preset timelimit. You can set it lower though.

deref
Specifies how aliases should be handled during the search. It can be one of the following:

LDAP_DEREF_NEVER - (default) aliases are never dereferenced.
LDAP_DEREF_SEARCHING - aliases should be dereferenced during the search but not when locating the base object of the search.
LDAP_DEREF_FINDING - aliases should be dereferenced when locating the base object but not during the search.
LDAP_DEREF_ALWAYS - aliases should be dereferenced always.

controls
Array of LDAP Controls to send with the request.

返回值

Returns a search result identifier or false on error.

更新日志

版本	说明
8.0.0	`controls` is nullable now; previously, it defaulted to [].
7.3	Support for `controls` added

范例

示例 #1 Produce a list of all organizational units of an organization

<?php
// $ds is a valid link identifier for a directory server

$basedn = "o=My Company, c=US";
$justthese = array("ou");

$sr = ldap_list($ds, $basedn, "ou=*", $justthese);

$info = ldap_get_entries($ds, $sr);

for ($i=0; $i < $info["count"]; $i++) {
    echo $info[$i]["ou"][0];
}
?>

参见

ldap_search

ldap_mod_add_ext

Add attribute values to current attributes

说明

resourcefalse ldap_mod_add_ext ( resource $ldap , string $dn , array $entry [, arraynull $controls = null ] )

Does the same thing as ldap_mod_add but returns the LDAP result resource to be parsed with ldap_parse_result.

参数

See ldap_mod_add

返回值

Returns an LDAP result identifier or false on error.

更新日志

版本	说明
8.0.0	`controls` is nullable now; previously, it defaulted to [].
7.3	Support for `controls` added

参见

ldap_mod_add
ldap_parse_result

ldap_mod_add

Add attribute values to current attributes

说明

bool ldap_mod_add ( resource $ldap , string $dn , array $entry [, arraynull $controls = null ] )

Adds one or more attribute values to the specified dn. To add a whole new object see ldap_add function.

参数

ldap
An LDAP link identifier, returned by ldap_connect.

dn
The distinguished name of an LDAP entity.

entry
An associative array listing the attirbute values to add. If an attribute was not existing yet it will be added. If an attribute is existing you can only add values to it if it supports multiple values.

controls
Array of LDAP Controls to send with the request.

返回值

成功时返回 true，或者在失败时返回 false。

更新日志

版本	说明
8.0.0	`controls` is nullable now; previously, it defaulted to [].
7.3	Support for `controls` added

注释

Note: 此函数可安全用于二进制对象。

参见

ldap_mod_add_ext
ldap_mod_del
ldap_mod_replace
ldap_modify_batch

ldap_mod_del_ext

Delete attribute values from current attributes

说明

resourcefalse ldap_mod_del_ext ( resource $ldap , string $dn , array $entry [, arraynull $controls = null ] )

Does the same thing as ldap_mod_del but returns the LDAP result resource to be parsed with ldap_parse_result.

参数

See ldap_mod_del

更新日志

版本	说明
8.0.0	`controls` is nullable now; previously, it defaulted to [].
7.3	Support for `controls` added

返回值

Returns an LDAP result identifier or false on error.

参见

ldap_mod_del
ldap_parse_result

ldap_mod_del

Delete attribute values from current attributes

说明

bool ldap_mod_del ( resource $ldap , string $dn , array $entry [, arraynull $controls = null ] )

Removes one or more attribute values from the specified dn. Object deletions are done by the ldap_delete function.

参数

ldap
An LDAP link identifier, returned by ldap_connect.

dn
The distinguished name of an LDAP entity.

entry

controls
Array of LDAP Controls to send with the request.

返回值

成功时返回 true，或者在失败时返回 false。

更新日志

版本	说明
8.0.0	`controls` is nullable now; previously, it defaulted to [].
7.3	Support for `controls` added

参见

ldap_mod_del_ext
ldap_mod_add
ldap_mod_replace
ldap_modify_batch

ldap_mod_replace_ext

Replace attribute values with new ones

说明

resourcefalse ldap_mod_replace_ext ( resource $ldap , string $dn , array $entry [, arraynull $controls = null ] )

Does the same thing as ldap_mod_replace but returns the LDAP result resource to be parsed with ldap_parse_result.

参数

See ldap_mod_replace

返回值

Returns an LDAP result identifier or false on error.

更新日志

版本	说明
8.0.0	`controls` is nullable now; previously, it defaulted to [].
7.3	Support for `controls` added

参见

ldap_mod_replace
ldap_parse_result

ldap_mod_replace

Replace attribute values with new ones

说明

bool ldap_mod_replace ( resource $ldap , string $dn , array $entry [, arraynull $controls = null ] )

Replaces one or more attributes from the specified dn. It may also add or remove attributes.

参数

ldap
An LDAP link identifier, returned by ldap_connect.

dn
The distinguished name of an LDAP entity.

entry
An associative array listing the attributes to replace. Sending an empty array as value will remove the attribute, while sending an attribute not existing yet on this entry will add it.

controls
Array of LDAP Controls to send with the request.

返回值

成功时返回 true，或者在失败时返回 false。

更新日志

版本	说明
8.0.0	`controls` is nullable now; previously, it defaulted to [].
7.3	Support for `controls` added

注释

Note: 此函数可安全用于二进制对象。

参见

ldap_mod_replace_ext
ldap_mod_del
ldap_mod_add
ldap_modify_batch

ldap_modify_batch

Batch and execute modifications on an LDAP entry

说明

bool ldap_modify_batch ( resource $ldap , string $dn , array $modifications_info [, arraynull $controls = null ] )

Modifies an existing entry in the LDAP directory. Allows detailed specification of the modifications to perform.

参数

ldap
An LDAP link identifier, returned by ldap_connect.

dn
The distinguished name of an LDAP entity.

modifications_info
An array that specifies the modifications to make. Each entry in this array is an associative array with two or three keys: attrib maps to the name of the attribute to modify, modtype maps to the type of modification to perform, and (depending on the type of modification) values maps to an array of attribute values relevant to the modification.

Possible values for modtype include:

LDAP_MODIFY_BATCH_ADD
Each value specified through values is added (as an additional value) to the attribute named by attrib.

LDAP_MODIFY_BATCH_REMOVE
Each value specified through values is removed from the attribute named by attrib. Any value of the attribute not contained in the values array will remain untouched.

LDAP_MODIFY_BATCH_REMOVE_ALL
All values are removed from the attribute named by attrib. A values entry must not be provided.

LDAP_MODIFY_BATCH_REPLACE
All current values of the attribute named by attrib are replaced with the values specified through values.

Note that any value for attrib must be a string, any value for values must be an array of strings, and any value for modtype must be one of the LDAP_MODIFY_BATCH_* constants listed above.

controls
Array of LDAP Controls to send with the request.

返回值

成功时返回 true，或者在失败时返回 false。

更新日志

版本	说明
8.0.0	`controls` is nullable now; previously, it defaulted to [].
7.3	Support for `controls` added

范例

示例 #1 Add a telephone number to a contact

<?php
$dn = "cn=John Smith,ou=Wizards,dc=example,dc=com";
$modifs = [
    [
        "attrib"  => "telephoneNumber",
        "modtype" => LDAP_MODIFY_BATCH_ADD,
        "values"  => ["+1 555 555 1717"],
    ],
];
ldap_modify_batch($connection, $dn, $modifs);
?>

示例 #2 Rename a user

<?php
$dn = "cn=John Smith,ou=Wizards,dc=example,dc=com";
$modifs = [
    [
        "attrib"  => "sn",
        "modtype" => LDAP_MODIFY_BATCH_REPLACE,
        "values"  => ["Smith-Jones"],
    ],
    [
        "attrib"  => "givenName",
        "modtype" => LDAP_MODIFY_BATCH_REPLACE,
        "values"  => ["Jack"],
    ],
];
ldap_modify_batch($connection, $dn, $modifs);
ldap_rename($connection, $dn, "cn=Jack Smith-Jones", NULL, TRUE);
?>

示例 #3 Add two e-mail addresses to a user

<?php
$dn = "cn=Jack Smith-Jones,ou=Wizards,dc=example,dc=com";
$modifs = [
    [
        "attrib"  => "mail",
        "modtype" => LDAP_MODIFY_BATCH_ADD,
        "values"  => [
            "[email protected]",
            "[email protected]",
        ],
    ],
];
ldap_modify_batch($connection, $dn, $modifs);
?>

示例 #4 Change a user's password

<?php
$dn = "cn=Jack Smith-Jones,ou=Wizards,dc=example,dc=com";
$modifs = [
    [
        "attrib"  => "userPassword",
        "modtype" => LDAP_MODIFY_BATCH_REMOVE,
        "values"  => ["Tr0ub4dor&3"],
    ],
    [
        "attrib"  => "userPassword",
        "modtype" => LDAP_MODIFY_BATCH_ADD,
        "values"  => ["correct horse battery staple"],
    ],
];
ldap_modify_batch($connection, $dn, $modifs);
?>

示例 #5 Change a user's password (Active Directory)

<?php
function adifyPw($pw)
{
    return iconv("UTF-8", "UTF-16LE", '"' . $pw . '"');
}

$dn = "cn=Jack Smith-Jones,ou=Wizards,dc=ad,dc=example,dc=com";
$modifs = [
    [
        "attrib"  => "unicodePwd",
        "modtype" => LDAP_MODIFY_BATCH_REMOVE,
        "values"  => [adifyPw("Tr0ub4dor&3")],
    ],
    [
        "attrib"  => "unicodePwd",
        "modtype" => LDAP_MODIFY_BATCH_ADD,
        "values"  => [adifyPw("correct horse battery staple")],
    ],
];
ldap_modify_batch($connection, $dn, $modifs);

ldap_modify

别名 ldap_mod_replace

说明

此函数是该函数的别名： ldap_mod_replace.

参见

ldap_rename

ldap_next_attribute

Get the next attribute in result

说明

stringfalse ldap_next_attribute ( resource $ldap , resource $entry )

Retrieves the attributes in an entry. The first call to ldap_next_attribute is made with the entry returned from ldap_first_attribute.

参数

ldap
An LDAP link identifier, returned by ldap_connect.

entry

ber_identifier
The internal state of the pointer is maintained by this parameter.

Note:

This parameter is no longer used as this is now handled automatically by PHP. For backwards compatibility PHP will not throw an error if this parameter is passed.

返回值

Returns the next attribute in an entry on success and false on error.

参见

ldap_get_attributes

ldap_next_entry

Get next result entry

说明

resourcefalse ldap_next_entry ( resource $ldap , resource $result )

Retrieve the entries stored in the result. Successive calls to the ldap_next_entry return entries one by one till there are no more entries. The first call to ldap_next_entry is made after the call to ldap_first_entry with the result as returned from the ldap_first_entry.

参数

ldap
An LDAP link identifier, returned by ldap_connect.

result

返回值

Returns entry identifier for the next entry in the result whose entries are being read starting with ldap_first_entry. If there are no more entries in the result then it returns false.

参见

ldap_get_entries

ldap_next_reference

Get next reference

说明

resourcefalse ldap_next_reference ( resource $ldap , resource $entry )

Warning

本函数还未编写文档，仅有参数列表。

ldap_parse_exop

Parse result object from an LDAP extended operation

说明

bool ldap_parse_exop ( resource $ldap , resource $result [, string &$response_data = null [, string &$response_oid = null ]] )

Parse LDAP extended operation data from result object result

参数

ldap
An LDAP link identifier, returned by ldap_connect.

result
An LDAP result resource, returned by ldap_exop.

response_data
Will be filled by the response data.

response_oid
Will be filled by the response OID.

返回值

成功时返回 true，或者在失败时返回 false。

参见

ldap_exop

ldap_parse_reference

Extract information from reference entry

说明

bool ldap_parse_reference ( resource $ldap , resource $entry , array &$referrals )

Warning

本函数还未编写文档，仅有参数列表。

ldap_parse_result

Extract information from result

说明

bool ldap_parse_result ( resource $ldap , resource $result , int &$error_code [, string &$matched_dn = null [, string &$error_message = null [, array &$referrals = null [, array &$controls = null ]]]] )

Parses an LDAP search result.

参数

ldap
An LDAP link identifier, returned by ldap_connect.

result_identifier
An LDAP result resource, returned by ldap_list or ldap_search.

error_code
A reference to a variable that will be set to the LDAP error code in the result, or 0 if no error occurred.

matched_dn
A reference to a variable that will be set to a matched DN if one was recognised within the request, otherwise it will be set to null.

error_message
A reference to a variable that will be set to the LDAP error message in the result, or an empty string if no error occurred.

referrals
A reference to a variable that will be set to an array set to all of the referral strings in the result, or an empty array if no referrals were returned.

controls
An array of LDAP Controls which have been sent with the response.

返回值

成功时返回 true，或者在失败时返回 false。

更新日志

版本	说明
7.3	Support for `controls` added

范例

示例 #1 ldap_parse_result example

<?php
$result = ldap_search($link, "cn=userref,dc=my-domain,dc=com", "(cn=user*)");
$errcode = $dn = $errmsg = $refs =  null;
if (ldap_parse_result($link, $result, $errcode, $dn, $errmsg, $refs)) {
    // do something with $errcode, $dn, $errmsg and $refs
}
?>

ldap_read

Read an entry

说明

resourcearrayfalse ldap_read ( resourcearray $ldap , arraystring $base , arraystring $filter [, array $attributes = [] [, int $attributes_only = 0 [, int $sizelimit = -1 [, int $timelimit = -1 [, int $deref = LDAP_DEREF_NEVER [, arraynull $controls = null ]]]]]] )

Performs the search for a specified filter on the directory with the scope LDAP_SCOPE_BASE. So it is equivalent to reading an entry from the directory.

参数

ldap
An LDAP link identifier, returned by ldap_connect.

base
The base DN for the directory.

filter
An empty filter is not allowed. If you want to retrieve absolutely all information for this entry, use a filter of objectClass=*. If you know which entry types are used on the directory server, you might use an appropriate filter such as objectClass=inetOrgPerson.

attributes
An array of the required attributes, e.g. array("mail", "sn", "cn"). Note that the "dn" is always returned irrespective of which attributes types are requested.

attributes_only
Should be set to 1 if only attribute types are wanted. If set to 0 both attributes types and attribute values are fetched which is the default behaviour.

sizelimit
Enables you to limit the count of entries fetched. Setting this to 0 means no limit.

Note:

This parameter can NOT override server-side preset sizelimit. You can set it lower though.

Some directory server hosts will be configured to return no more than a preset number of entries. If this occurs, the server will indicate that it has only returned a partial results set. This also occurs if you use this parameter to limit the count of fetched entries.

timelimit
Sets the number of seconds how long is spend on the search. Setting this to 0 means no limit.

Note:

This parameter can NOT override server-side preset timelimit. You can set it lower though.

deref
Specifies how aliases should be handled during the search. It can be one of the following:

LDAP_DEREF_NEVER - (default) aliases are never dereferenced.
LDAP_DEREF_SEARCHING - aliases should be dereferenced during the search but not when locating the base object of the search.
LDAP_DEREF_FINDING - aliases should be dereferenced when locating the base object but not during the search.
LDAP_DEREF_ALWAYS - aliases should be dereferenced always.

controls
Array of LDAP Controls to send with the request.

返回值

Returns a search result identifier or false on error.

更新日志

版本	说明
8.0.0	`controls` is nullable now; previously, it defaulted to [].
4.0.5	Parallel searches support was added. See ldap_search for details.
7.3	Support for `controls` added

ldap_rename_ext

Modify the name of an entry

说明

resourcefalse ldap_rename_ext ( resource $ldap , string $dn , string $new_rdn , string $new_parent , bool $delete_old_rdn [, arraynull $controls = null ] )

Does the same thing as ldap_rename but returns the LDAP result resource to be parsed with ldap_parse_result.

参数

See ldap_rename

返回值

Returns an LDAP result identifier or false on error.

更新日志

版本	说明
8.0.0	`controls` is nullable now; previously, it defaulted to [].
7.3	Support for `controls` added

参见

ldap_rename
ldap_parse_result

ldap_rename

Modify the name of an entry

说明

bool ldap_rename ( resource $ldap , string $dn , string $new_rdn , string $new_parent , bool $delete_old_rdn [, arraynull $controls = null ] )

The entry specified by dn is renamed/moved.

参数

ldap
An LDAP link identifier, returned by ldap_connect.

dn
The distinguished name of an LDAP entity.

new_rdn
The new RDN.

new_parent
The new parent/superior entry.

delete_old_rdn
If true the old RDN value(s) is removed, else the old RDN value(s) is retained as non-distinguished values of the entry.

controls
Array of LDAP Controls to send with the request.

返回值

成功时返回 true，或者在失败时返回 false。

更新日志

版本	说明
8.0.0	`controls` is nullable now; previously, it defaulted to [].
7.3	Support for `controls` added

注释

Note:

This function currently only works with LDAPv3. You may have to use ldap_set_option prior to binding to use LDAPv3. This function is only available when using OpenLDAP 2.x.x OR Netscape Directory SDK x.x.

参见

ldap_rename_ext
ldap_modify

ldap_sasl_bind

Bind to LDAP directory using SASL

说明

bool ldap_sasl_bind ( resource $ldap [, stringnull $dn = null [, stringnull $password = null [, stringnull $mech = null [, stringnull $realm = null [, stringnull $authc_id = null [, stringnull $authz_id = null [, stringnull $props = null ]]]]]]] )

Warning

本函数还未编写文档，仅有参数列表。

返回值

成功时返回 true，或者在失败时返回 false。

更新日志

版本	说明
8.0.0	`dn`, `password`, `mech`, `realm`, `authc_id`, `authz_id` and `props` are nullable now.

注释

Note: Requirement
ldap_sasl_bind requires SASL support (sasl.h). Be sure --with-ldap-sasl is used when configuring PHP otherwise this function will be undefined.

ldap_search

Search LDAP tree

说明

resourcearrayfalse ldap_search ( resourcearray $ldap , arraystring $base , arraystring $filter [, array $attributes = [] [, int $attributes_only = 0 [, int $sizelimit = -1 [, int $timelimit = -1 [, int $deref = LDAP_DEREF_NEVER [, arraynull $controls = null ]]]]]] )

Performs the search for a specified filter on the directory with the scope of LDAP_SCOPE_SUBTREE. This is equivalent to searching the entire directory.

From 4.0.5 on it's also possible to do parallel searches. To do this you use an array of link identifiers, rather than a single identifier, as the first argument. If you don't want the same base DN and the same filter for all the searches, you can also use an array of base DNs and/or an array of filters. Those arrays must be of the same size as the link identifier array since the first entries of the arrays are used for one search, the second entries are used for another, and so on. When doing parallel searches an array of search result identifiers is returned, except in case of error, then the entry corresponding to the search will be false. This is very much like the value normally returned, except that a result identifier is always returned when a search was made. There are some rare cases where the normal search returns false while the parallel search returns an identifier.

参数

ldap
An LDAP link identifier, returned by ldap_connect.

base
The base DN for the directory.

filter
The search filter can be simple or advanced, using boolean operators in the format described in the LDAP documentation (see the » Netscape Directory SDK or » RFC4515 for full information on filters).

attributes
An array of the required attributes, e.g. array("mail", "sn", "cn"). Note that the "dn" is always returned irrespective of which attributes types are requested.

attributes_only
Should be set to 1 if only attribute types are wanted. If set to 0 both attributes types and attribute values are fetched which is the default behaviour.

sizelimit
Enables you to limit the count of entries fetched. Setting this to 0 means no limit.

Note:

This parameter can NOT override server-side preset sizelimit. You can set it lower though.

Some directory server hosts will be configured to return no more than a preset number of entries. If this occurs, the server will indicate that it has only returned a partial results set. This also occurs if you use this parameter to limit the count of fetched entries.

timelimit
Sets the number of seconds how long is spend on the search. Setting this to 0 means no limit.

Note:

This parameter can NOT override server-side preset timelimit. You can set it lower though.

deref
Specifies how aliases should be handled during the search. It can be one of the following:

LDAP_DEREF_NEVER - (default) aliases are never dereferenced.
LDAP_DEREF_SEARCHING - aliases should be dereferenced during the search but not when locating the base object of the search.
LDAP_DEREF_FINDING - aliases should be dereferenced when locating the base object but not during the search.
LDAP_DEREF_ALWAYS - aliases should be dereferenced always.

controls
Array of LDAP Controls to send with the request.

返回值

Returns a search result identifier or false on error.

更新日志

版本	说明
8.0.0	`controls` is nullable now; previously, it defaulted to [].
7.3	Support for `controls` added

范例

The example below retrieves the organizational unit, surname, given name and email address for all people in "My Company" where the surname or given name contains the substring $person. This example uses a boolean filter to tell the server to look for information in more than one attribute.

示例 #1 LDAP search

<?php
// $ds is a valid link identifier for a directory server

// $person is all or part of a person's name, eg "Jo"

$dn = "o=My Company, c=US";
$filter="(|(sn=$person*)(givenname=$person*))";
$justthese = array("ou", "sn", "givenname", "mail");

$sr=ldap_search($ds, $dn, $filter, $justthese);

$info = ldap_get_entries($ds, $sr);

echo $info["count"]." entries returned\n";
?>

ldap_set_option

Set the value of the given option

说明

bool ldap_set_option ( resourcenull $ldap , int $option , arraystringintbool $value )

Sets the value of the specified option to be value.

参数

ldap
An LDAP link identifier, returned by ldap_connect.

option
The parameter option can be one of:

Option	Type	Available since
`LDAP_OPT_DEREF`	int
`LDAP_OPT_SIZELIMIT`	int
`LDAP_OPT_TIMELIMIT`	int
`LDAP_OPT_NETWORK_TIMEOUT`	int
`LDAP_OPT_PROTOCOL_VERSION`	int
`LDAP_OPT_ERROR_NUMBER`	int
`LDAP_OPT_REFERRALS`	bool
`LDAP_OPT_RESTART`	bool
`LDAP_OPT_HOST_NAME`	string
`LDAP_OPT_ERROR_STRING`	string
`LDAP_OPT_DIAGNOSTIC_MESSAGE`	string
`LDAP_OPT_MATCHED_DN`	string
`LDAP_OPT_SERVER_CONTROLS`	array
`LDAP_OPT_CLIENT_CONTROLS`	array
`LDAP_OPT_X_KEEPALIVE_IDLE`	int	PHP 7.1.0
`LDAP_OPT_X_KEEPALIVE_PROBES`	int	PHP 7.1.0
`LDAP_OPT_X_KEEPALIVE_INTERVAL`	int	PHP 7.1.0
`LDAP_OPT_X_TLS_CACERTDIR`	string	PHP 7.1.0
`LDAP_OPT_X_TLS_CACERTFILE`	string	PHP 7.1.0
`LDAP_OPT_X_TLS_CERTFILE`	string	PHP 7.1.0
`LDAP_OPT_X_TLS_CIPHER_SUITE`	string	PHP 7.1.0
`LDAP_OPT_X_TLS_CRLCHECK`	int	PHP 7.1.0
`LDAP_OPT_X_TLS_CRLFILE`	string	PHP 7.1.0
`LDAP_OPT_X_TLS_DHFILE`	string	PHP 7.1.0
`LDAP_OPT_X_TLS_KEYFILE`	string	PHP 7.1.0
`LDAP_OPT_X_TLS_PROTOCOL_MIN`	int	PHP 7.1.0
`LDAP_OPT_X_TLS_RANDOM_FILE`	string	PHP 7.1.0
`LDAP_OPT_X_TLS_REQUIRE_CERT`	int	PHP 7.0.5

LDAP_OPT_SERVER_CONTROLS and LDAP_OPT_CLIENT_CONTROLS require a list of controls, this means that the value must be an array of controls. A control consists of an oid identifying the control, an optional value, and an optional flag for criticality. In PHP a control is given by an array containing an element with the key oid and string value, and two optional elements. The optional elements are key value with string value and key iscritical with boolean value. iscritical defaults to false if not supplied. See » draft-ietf-ldapext-ldap-c-api-xx.txt for details. See also the second example below.

value
The new value for the specified option.

返回值

成功时返回 true，或者在失败时返回 false。

范例

示例 #1 Set protocol version

<?php
// $ds is a valid link identifier for a directory server
if (ldap_set_option($ds, LDAP_OPT_PROTOCOL_VERSION, 3)) {
    echo "Using LDAPv3";
} else {
    echo "Failed to set protocol version to 3";
}
?>

示例 #2 Set server controls

<?php
// $ds is a valid link identifier for a directory server
// control with no value
$ctrl1 = array("oid" => "1.2.752.58.10.1", "iscritical" => true);
// iscritical defaults to FALSE
$ctrl2 = array("oid" => "1.2.752.58.1.10", "value" => "magic");
// try to set both controls
if (!ldap_set_option($ds, LDAP_OPT_SERVER_CONTROLS, array($ctrl1, $ctrl2))) {
    echo "Failed to set server controls";
}
?>

注释

Note:

This function is only available when using OpenLDAP 2.x.x OR Netscape Directory SDK x.x.

参见

ldap_get_option

ldap_set_rebind_proc

Set a callback function to do re-binds on referral chasing

说明

bool ldap_set_rebind_proc ( resource $ldap , callablenull $callback )

Warning

本函数还未编写文档，仅有参数列表。

更新日志

版本	说明
8.0.0	`callback` is nullable now.

ldap_sort

Sort LDAP result entries on the client side

说明

bool ldap_sort ( resource $link , resource $result , string $sortfilter )

Sort the result of a LDAP search, returned by ldap_search.

As this function sorts the returned values on the client side it is possible that you might not get the expected results in case you reach the sizelimit either of the server or defined within ldap_search.

Warning

本特性已自 PHP 7.0.0 起废弃。强烈建议不要使用本特性。

参数

link
An LDAP link identifier, returned by ldap_connect.

result
An search result identifier, returned by ldap_search.

sortfilter
The attribute to use as a key in the sort.

范例

Sorting the result of a search.

示例 #1 LDAP sort

<?php
     // $ds is a valid link identifier (see ldap_connect)

     $dn        = 'ou=example,dc=org';
     $filter    = '(|(sn=Doe*)(givenname=John*))';
     $justthese = array('ou', 'sn', 'givenname', 'mail');

     $sr = ldap_search($ds, $dn, $filter, $justthese);

     // Sort
     ldap_sort($ds, $sr, 'sn');

     // Retrieving the data
     $info = ldap_get_entries($ds, $sr);

ldap_start_tls

Start TLS

说明

bool ldap_start_tls ( resource $ldap )

Warning

本函数还未编写文档，仅有参数列表。

ldap_t61_to_8859

Translate t61 characters to 8859 characters

说明

stringfalse ldap_t61_to_8859 ( string $value )

Warning

本函数还未编写文档，仅有参数列表。

ldap_unbind

Unbind from LDAP directory

说明

bool ldap_unbind ( resource $ldap )

Unbinds from the LDAP directory.

参数

ldap
An LDAP link identifier, returned by ldap_connect.

返回值

成功时返回 true，或者在失败时返回 false。

参见

ldap_bind

ldap_8859_to_t61 — Translate 8859 characters to t61 characters
ldap_add_ext — Add entries to LDAP directory
ldap_add — Add entries to LDAP directory
ldap_bind_ext — Bind to LDAP directory
ldap_bind — 绑定 LDAP 目录
ldap_close — 别名 ldap_unbind
ldap_compare — Compare value of attribute found in entry specified with DN
ldap_connect — Connect to an LDAP server
ldap_control_paged_result_response — Retrieve the LDAP pagination cookie
ldap_control_paged_result — Send LDAP pagination control
ldap_count_entries — Count the number of entries in a search
ldap_delete_ext — Delete an entry from a directory
ldap_delete — Delete an entry from a directory
ldap_dn2ufn — Convert DN to User Friendly Naming format
ldap_err2str — Convert LDAP error number into string error message
ldap_errno — Return the LDAP error number of the last LDAP command
ldap_error — Return the LDAP error message of the last LDAP command
ldap_escape — Escape a string for use in an LDAP filter or DN
ldap_exop_passwd — PASSWD extended operation helper
ldap_exop_refresh — Refresh extended operation helper
ldap_exop_whoami — WHOAMI extended operation helper
ldap_exop — Performs an extended operation
ldap_explode_dn — Splits DN into its component parts
ldap_first_attribute — Return first attribute
ldap_first_entry — Return first result id
ldap_first_reference — Return first reference
ldap_free_result — Free result memory
ldap_get_attributes — Get attributes from a search result entry
ldap_get_dn — Get the DN of a result entry
ldap_get_entries — Get all result entries
ldap_get_option — Get the current value for given option
ldap_get_values_len — Get all binary values from a result entry
ldap_get_values — Get all values from a result entry
ldap_list — Single-level search
ldap_mod_add_ext — Add attribute values to current attributes
ldap_mod_add — Add attribute values to current attributes
ldap_mod_del_ext — Delete attribute values from current attributes
ldap_mod_del — Delete attribute values from current attributes
ldap_mod_replace_ext — Replace attribute values with new ones
ldap_mod_replace — Replace attribute values with new ones
ldap_modify_batch — Batch and execute modifications on an LDAP entry
ldap_modify — 别名 ldap_mod_replace
ldap_next_attribute — Get the next attribute in result
ldap_next_entry — Get next result entry
ldap_next_reference — Get next reference
ldap_parse_exop — Parse result object from an LDAP extended operation
ldap_parse_reference — Extract information from reference entry
ldap_parse_result — Extract information from result
ldap_read — Read an entry
ldap_rename_ext — Modify the name of an entry
ldap_rename — Modify the name of an entry
ldap_sasl_bind — Bind to LDAP directory using SASL
ldap_search — Search LDAP tree
ldap_set_option — Set the value of the given option
ldap_set_rebind_proc — Set a callback function to do re-binds on referral chasing
ldap_sort — Sort LDAP result entries on the client side
ldap_start_tls — Start TLS
ldap_t61_to_8859 — Translate t61 characters to 8859 characters
ldap_unbind — Unbind from LDAP directory