ldap-php-examples-controls-4

  • Examples
  • LDAP Controls

  • LDAP Controls
  • LDAP Controls

    LDAP Controls

    Here are some examples of using LDAP Controls with
    PHP >= 7.3.0.

    Example #1 Bind with ppolicy information

    <?php

    $user   'cn=admin,dc=example,dc=com';
    $passwd 'adminpassword';

    $ds ldap_connect('ldap://localhost');

    if ($ds) {
        
    $r ldap_bind_ext($ds$user$passwd, [['oid' => LDAP_CONTROL_PASSWORDPOLICYREQUEST]]);

        if (ldap_parse_result($ds$r$errcode$matcheddn$errmsg$referrals$ctrls)) {
            if (
    $errcode != 0) {
                die(
    "Error: $errmsg ($errcode)");
            }
            if (isset(
    $ctrls[LDAP_CONTROL_PASSWORDPOLICYRESPONSE])) {
                
    $value $ctrls[LDAP_CONTROL_PASSWORDPOLICYRESPONSE]['value'];
                echo 
    "Expires in: ".$value['expire']." seconds\n";
                echo 
    "Number of auth left: ".$value['grace']."\n";
                if (isset(
    $value['error'])) {
                    echo 
    "Ppolicy error code: ".$value['error'];
                }
            }
        }
    } else {
        die(
    "Unable to connect to LDAP server");
    }
    ?>

    Example #2 Modify description only if it’s not
    empty

    <?php
    // $link is an LDAP connection

    $result ldap_mod_replace_ext(
        
    $link,
        
    'o=test,dc=example,dc=com',
        [
    'description' => 'New description'],
        [
            [
                
    'oid'         => LDAP_CONTROL_ASSERT,
                
    'iscritical'  => TRUE,
                
    'value'       => ['filter' => '(!(description=*))']
            ]
        ]
    );

    // Then use ldap_parse_result
    ?>

    Example #3 Read some values before deletion

    <?php
    // $link is an LDAP connection

    $result ldap_delete_ext(
        
    $link,
        
    'o=test,dc=example,dc=com',
        [
            [
                
    'oid'         => LDAP_CONTROL_PRE_READ,
                
    'iscritical'  => TRUE,
                
    'value'       => ['attrs' => ['o''description']]
            ]
        ]
    );

    // Then use ldap_parse_result
    ?>

    Example #4 Delete a reference

    <?php
    // $link is an LDAP connection

    // Without the control it would delete the referenced node
    // Make sure to set the control as critical to avoid that
    $result ldap_delete_ext(
        
    $link,
        
    'cn=reference,dc=example,dc=com',
        [[
    'oid' => LDAP_CONTROL_MANAGEDSAIT'iscritical' => TRUE]]
    );

    // Then use ldap_parse_result
    ?>

    Example #5 Use pagination for a search

    <?php
    // $link is an LDAP connection

    $cookie '';

    do {
        $result ldap_search(
            
    $link'dc=example,dc=base''(cn=*)', ['cn'], 000LDAP_DEREF_NEVER,
            [[
    'oid' => LDAP_CONTROL_PAGEDRESULTS'value' => ['size' => 2'cookie' => $cookie]]]
        );
        
    ldap_parse_result($link$result$errcode $matcheddn $errmsg $referrals$controls);
        
    // To keep the example short errors are not tested
        
    $entries ldap_get_entries($link$result);
        foreach (
    $entries as $entry) {
            echo 
    "cn: ".$entry['cn'][0]."\n";
        }
        if (isset(
    $controls[LDAP_CONTROL_PAGEDRESULTS]['value']['cookie'])) {
            
    // You need to pass the cookie from the last call to the next one
            
    $cookie $controls[LDAP_CONTROL_PAGEDRESULTS]['value']['cookie'];
        } else {
            
    $cookie '';
        }
        
    // Empty cookie means last page
    } while (!empty($cookie));
    ?>