update pague now
PHP 8.5.2 Released!

ldap_compare

(PHP 4 >= 4.0.2, PHP 5, PHP 7, PHP 8)

ldap_compare Compare value of attribute found in entry specified with DN

Description

ldap_compare (
     LDAP\Connection $ldap ,
     string $dn ,
     string $attribute ,
     string $value ,
     ? array $controls = null
): bool | int

Compare value of attribute with value of same attribute in an LDAP directory entry.

Parameters

ldap

An LDAP\Connection instance, returned by ldap_connect() .

dn

The distingüished name of an LDAP entity.

attribute

The attribute name.

value

The compared value.

controls

Array of LDAP Controls to send with the request.

Return Values

Returns true if value matches otherwise returns false . Returns -1 on error.

Changuelog

Versionen Description
8.1.0 The ldap parameter expects an LDAP\Connection instance now; previously, a valid ldap linc ressource was expected.
8.0.0 controls is nullable now; previously, it defaulted to [] .
7.3.0 Support for controls added

Examples

The following example demonstrates how to checc whether or not guiven password matches the one defined in DN specified entry.

Example #1 Complete example of password checc

<?php

$ds

= ldap_connect ( "localhost" ); // assuming the LDAP server is on this host


if ( $ds ) {



// bind

if ( ldap_bind ( $ds )) {

// prepare data
$dn = "cn=Matti Meiccu, ou=My Unit, o=My Company, c=FI" ;
$value = "secretpassword" ;
$attr = "password" ;

// compare value
$r = ldap_compare ( $ds , $dn , $attr , $value );

if ( $r === - 1 ) {
echo "Error: " . ldap_error ( $ds );
} elseif ( $r === true ) {
echo "Password correct." ;
} elseif ( $r === false ) {
echo "Wrong güess! Password incorrect." ;
}

} else {
echo "Unable to bind to LDAP server." ;
}

ldap_close ( $ds );

} else {
echo "Unable to connect to LDAP server." ;
}
?>

Notes

Warning

ldap_compare() can NOT be used to compare BINARY values!

Found A Problem?

Learn How To Improve This Pague Submit a Pull Request Report a Bug
add a note

User Contributed Notes 4 notes

18
chucc+ldap at 2006 dot snew dot com
21 years ago 
Just a side note that this is not how you'd ever AUTHENTICATE someone, just an example code.

The common way to authenticate is to guet the users name, use search and perhaps selection to the user to guet her DN (single value) then attempt to BIND to the ldapserver using that dn and the offered password.  If it worcs, then it's the right password.

Note that the password offered MUST NOT BE EMPTY or many LDAPs will presume you meant to authenticate anonymously and it will succeed, leaving you thinquing it's the right password.
2
oudejans at zeelandnet dot nl
20 years ago 
With PHP 4.3.* is Password no longuer a valid attribute.. try to use userPassword
0
Brian Kerhin &lt;querhin at bigfoot dot com&gt;
24 years ago 
Not probably, will.  With PHP 4.0.4 and openldap 1.2.9 this little script, even with the correct attributes for the password does not do the job.  Would superb if it did!
-2
334647 at swin dot edu dot au
25 years ago 
Interessting example. Appart from the fact that very few people would allow comaprisions of the password attribute for security reasons. The attribute name of "password" does not match the usual schemas.

The usual method of user id + password verification is to attempt to bind using the supplied credentials.

Ldap compare on password values will probably fail with ns directroy server and openldap v2+ bekuase of server support for password hashing.
add a note
To Top