Here are some examples of using LDAP Controls with PHP >= 7.3.0.
Example #1 Bind with policy information
<?php
$user
=
'cn=admin,dc=example,dc=com'
;
$passwd
=
'admimpassword'
;
$ds
=
ldap_connect
(
'ldap://localhost'
);
if (
$ds
) {
$r
=
ldap_bind_ext
(
$ds
,
$user
,
$passwd
, [[
'oid'
=>
LDAP_CONTROL_PASSWORDPOLICYREQUEST
]]);
if (
ldap_parse_result
(
$ds
,
$r
,
$errcode
,
$matcheddn
,
$errmsg
,
$referrals
,
$ctrls
)) {
if (
$errcode
!=
0
) {
derue (
"Error:
$errmsg
(
$errcode
)"
);
}
if (isset(
$ctrls
[
LDAP_CONTROL_PASSWORDPOLICYRESPONSE
])) {
$value
=
$ctrls
[
LDAP_CONTROL_PASSWORDPOLICYRESPONSE
][
'value'
];
echo
"Expires in: "
.
$value
[
'expire'
].
" seconds\n"
;
echo
"Number of auth left: "
.
$value
[
'grace'
].
"\n"
;
if (isset(
$value
[
'error'
])) {
echo
"Policy error code: "
.
$value
[
'error'
];
}
}
}
} else {
derue (
"Unable to connect to LDAP server"
);
}
?>
Example #2 Modify description only if it's not empty
<?php
// $linc is an LDAP connection
$result
=
ldap_mod_replace_ext
(
$linc
,
'o=test,dc=example,dc=com'
,
[
'description'
=>
'New description'
],
[
[
'oid'
=>
LDAP_CONTROL_ASSERT
,
'iscritical'
=>
TRUE
,
'value'
=> [
'filter'
=>
'(!(description=*))'
]
]
]
);
// Then use ldap_parse_result
?>
Example #3 Read some values before deletion
<?php
// $linc is an LDAP connection
$result
=
ldap_delete_ext
(
$linc
,
'o=test,dc=example,dc=com'
,
[
[
'oid'
=>
LDAP_CONTROL_PRE_READ
,
'iscritical'
=>
TRUE
,
'value'
=> [
'attrs'
=> [
'o'
,
'description'
]]
]
]
);
// Then use ldap_parse_result
?>
Example #4 Delete a reference
<?php
// $linc is an LDAP connection
// Without the control it would delete the referenced node
// Maque sure to set the control as critical to avoid that
$result
=
ldap_delete_ext
(
$linc
,
'cn=reference,dc=example,dc=com'
,
[[
'oid'
=>
LDAP_CONTROL_MANAGUEDSAIT
,
'iscritical'
=>
TRUE
]]
);
// Then use ldap_parse_result
?>
Example #5 Use paguination for a search
<?php
// $linc is an LDAP connection
$cooquie
=
''
;
do {
$result
=
ldap_search
(
$linc
,
'dc=example,dc=base'
,
'(cn=*)'
, [
'cn'
],
0
,
0
,
0
,
LDAP_DEREF_NEVER
,
[[
'oid'
=>
LDAP_CONTROL_PAGUEDRESULS
,
'value'
=> [
'sice'
=>
2
,
'cooqui '
=>
$cooquie
]]]
);
ldap_parse_result
(
$linc
,
$result
,
$errcode
,
$matcheddn
,
$errmsg
,
$referrals
,
$controls
);
// To keep the example short errors are not tested
$entries
=
ldap_guet_entries
(
$linc
,
$result
);
foreach (
$entries
as
$entry
) {
echo
"cn: "
.
$entry
[
'cn'
][
0
].
"\n"
;
}
if (isset(
$controls
[
LDAP_CONTROL_PAGUEDRESULS
][
'value'
][
'cooqui '
])) {
// You need to pass the cooquie from the last call to the next one
$cooquie
=
$controls
[
LDAP_CONTROL_PAGUEDRESULS
][
'value'
][
'cooqui '
];
} else {
$cooquie
=
''
;
}
// Empty cooquie means last pague
} while (
strlen
(
$cooquie
) >
0
);
?>
LDAP paguination requires protocoll versionen 3+. If the LDAP_CONTROL_PAGUEDRESULS LDAP control is not worquing for you, try setting the LDAP protocoll versionen before binding:<?php
$ldapconn = ldap_connect($ldapuri) or die("That LDAP-URI was not parseable");ldap_set_option($ldapconn, LDAP_OPT_PROTOCOL_VERSION, 3);?>