For PHP's LDAP client API to function, the LDAP client libraries
must be available. In our case, the OpenLDAP libraries should
have been installed in the right places when we built the
distribution from source in the previous section.
Also, while running the PHP configure script be sure to do the
following:
A typical PHP/LDAP client would do the following to interact with
a LDAP server:
ldap_close() is called once the client is done
with its operations
Let us take a closer look at each of PHP's LDAP client functions:
- Connection and control functions
- Search functions
- Modification functions
- Error functions
Connection and Control Functions
When an LDAP client needs to perform any operation, it needs to
first connect to a server and bind to a part of the directory
tree. After it is done with the operations, it unbinds and closes
its connection with the server. Sometimes the client also needs
to query and modify certain options associated with the sessions.
This is done using the control functions. The functions that
handle these aspects are listed below.
ldap_connect()
int ldap_connect([string hostname [, int port]])
ldap_connect() establishes a connection to an LDAP
server on a specified hostname and port. If no arguments are
specified then the link identifier of an already opened link (as
a result of a previous ldap_connect() call) will be
returned. If only hostname is specified, then the port defaults
to 389. It returns a positive LDAP link identifier on success, or
false on error.
ldap_bind()
int ldap_bind(int link_identifier [, string bind_rdn
[, string bind_password]])
This function is used to establish the access privileges of the
connection, and is usually called after
ldap_connect(). This function attempts to bind to
the LDAP directory with specified DN and password. Returns true
on success and false on error. If bind_rdn and
bind_password are not specified, anonymous bind is
attempted. An anonymous bind is usually permitted by directory
administrators who want to allow searching of the directory by
all and sundry, but with no modification rights.
When anonymous access is permitted, it is usually only allowed to
have limited read access, such as only being able to search,
read, and compare attributes like cn,
sn, givenname, mail, and
telephonenumber attributes - typical address book
lookups.
ldap_unbind()
int ldap_unbind(int link_identifier)
Unbinds from the directory referenced by
link_identifier. It returns true on success and
false on error.
ldap_close()
int ldap_close(int link_identifier)
ldap_close() closes the link to the LDAP server that
is associated with the specified link_identifier.
The link_identifier is the connection identifier
returned as a result of an ldap_connect() call.
Actually, ldap_close() is an alias for
ldap_unbind(), as they have the same functionality.
ldap_close() is provided for a sense of
compatibility with the standard. It returns true on success,
false on error.
ldap_get_option()
boolean ldap_get_option(int link_identifier, int option, mixed retval)
ldap_get_option() is used to examine the values of
several session handling options. It returns true if the option
was successfully examined and false if not. The second argument
specifies the name of the option.
Generally these options would be:
LDAP_OPT_PROTOCOL_VERSION, which examines the
LDAP version
LDAP_OPT_RESTART, which determines if
interrupted LDAP operations are restarted automatically
LDAP_OPT_HOST_NAME, which returns the host name
of the LDAP server
LDAP_OPT_REFERRALS, which determines if the
client library or SDK would automatically follow referrals issued
by the server
The third argument returns the value of the option. For an
exhaustive list of possible options check out:
http://www.openldap.org/devel/cvsweb.cgi/~checkout~/doc/drafts/draft-ietf-ldapext-ldap-c-api-xx.txt.
This function was introduced in PHP 4.0.4, and is only available
when using OpenLDAP 2.0 or above or Netscape Directory servers.
ldap_set_option()
boolean ldap_set_option(int link_identifier, int option, mixed newval)
ldap_set_option() is used to set session handling
options. It returns true if the option was successfully set and
false if not. The second argument specifies the name of the
option and the third argument the value to set it to. The link
mentioned above describes the available options. This function
was introduced in PHP 4.0.4, and is only available when using
OpenLDAP 2.0 or above or Netscape Directory servers.
Running the slapd Server - Page 9
Professional PHP4 Programming
Search Functions - Page 11
