• 首页
  • css3教程
  • html5教程
  • jQuery手册
  • php7教程
  • MySQL手册
  • apache手册
  • 位置: php7教程 -> php7外部扩展库

    LDAP(轻型目录访问协议)

    轻型目录访问协议(英文:Lightweight Directory Access Protocol,缩写:LDAP,/ˈɛldæp/)是一个开放的,中立的,工业标准的应用协议,通过IP协议提供访问控制和维护分布式信息的目录信息。

    目录服务在开发内部网和与互联网程序共享用户、系统、网络、服务和应用的过程中占据了重要地位。例如,目录服务可能提供了组织有序的记录集合,通常有层级结构,例如公司电子邮件目录。同理,也可以提供包含了地址和电话号码的电话簿。

    安装

    默认情况下,PHP中的LDAP支持未启用。编译PHP以启用ldap支持时,需要使用--with-ldap[=DIR]配置选项。DIR是LDAP基本安装目录。要启用SASL支持,请确保使用--with-ldap-sasl[=DIR],系统上存在code>sasl.h。

    Note: Note to Win32 Users为了使此扩展生效, DLL 文件必须能在 Windows 系统的 PATH 指示的路径下找到。如何操作的信息,请参见题为“如何在 Windows 中将 PHP 目录加到 PATH 中”的FAQ。虽然将 DLL 文件从 PHP 文件夹复制到 Windows 系统目录也行,但不建议这样做。 此扩展需要下列文件在 PATH 路径中: libeay32.dll and ssleay32.dll, or, as of OpenSSL 1.1 libcrypto-*.dll and libssl-*.dll

    运行时配置

    这些函数的行为受php.ini中的设置影响。

    LDAP configuration options
    名字默认可修改范围更新日志
    ldap.max_links"-1"PHP_INI_SYSTEM

    例子

    <?php
    // basic sequence with LDAP is connect, bind, search, interpret search
    // result, close connection
    echo "<h3>LDAP query test</h3>";
    echo "Connecting ...";
    $ds=ldap_connect("localhost");  // must be a valid LDAP server!
    echo "connect result is " . $ds . "<br />";
    if ($ds) {
        echo "Binding ...";
        $r=ldap_bind($ds);     // this is an "anonymous" bind, typically
                               // read-only access
        echo "Bind result is " . $r . "<br />";
        echo "Searching for (sn=S*) ...";
        // Search surname entry
        $sr=ldap_search($ds, "o=My Company, c=US", "sn=S*");
        echo "Search result is " . $sr . "<br />";
        echo "Number of entries returned is " . ldap_count_entries($ds, $sr) . "<br />";
        echo "Getting entries ...<p>";
        $info = ldap_get_entries($ds, $sr);
        echo "Data for " . $info["count"] . " items returned:<p>";
        for ($i=0; $i<$info["count"]; $i++) {
            echo "dn is: " . $info[$i]["dn"] . "<br />";
            echo "first cn entry is: " . $info[$i]["cn"][0] . "<br />";
            echo "first email entry is: " . $info[$i]["mail"][0] . "<br /><hr />";
        }
        echo "Closing connection";
        ldap_close($ds);
    } else {
        echo "<h4>Unable to connect to LDAP server</h4>";
    }
    ?>
    
    <?php
    $user   = 'cn=admin,dc=example,dc=com';
    $passwd = 'adminpassword';
    $ds = ldap_connect('ldap://localhost');
    if ($ds) {
        $r = ldap_bind_ext($ds, $user, $passwd, [['oid' => LDAP_CONTROL_PASSWORDPOLICYREQUEST]]);
        if (ldap_parse_result($ds, $r, $errcode, $matcheddn, $errmsg, $referrals, $ctrls)) {
            if ($errcode != 0) {
                die("Error: $errmsg ($errcode)");
            }
            if (isset($ctrls[LDAP_CONTROL_PASSWORDPOLICYRESPONSE])) {
                $value = $ctrls[LDAP_CONTROL_PASSWORDPOLICYRESPONSE]['value'];
                echo "Expires in: ".$value['expire']." seconds\n";
                echo "Number of auth left: ".$value['grace']."\n";
                if (isset($value['error'])) {
                    echo "Ppolicy error code: ".$value['error'];
                }
            }
        }
    } else {
        die("Unable to connect to LDAP server");
    }
    ?>
    

    Example #2 Modify description only if it's not empty

    <?php
    // $link is an LDAP connection
    $result = ldap_mod_replace_ext(
        $link,
        'o=test,dc=example,dc=com',
        ['description' => 'New description'],
        [
            [
                'oid'         => LDAP_CONTROL_ASSERT,
                'iscritical'  => TRUE,
                'value'       => ['filter' => '(!(description=*))']
            ]
        ]
    );
    // Then use ldap_parse_result
    ?>
    

    Example #3 Read some values before deletion

    <?php
    // $link is an LDAP connection
    $result = ldap_delete_ext(
        $link,
        'o=test,dc=example,dc=com',
        [
            [
                'oid'         => LDAP_CONTROL_PRE_READ,
                'iscritical'  => TRUE,
                'value'       => ['attrs' => ['o', 'description']]
            ]
        ]
    );
    // Then use ldap_parse_result
    ?>
    

    Example #4 Delete a reference

    <?php
    // $link is an LDAP connection
    // Without the control it would delete the referenced node
    // Make sure to set the control as critical to avoid that
    $result = ldap_delete_ext(
        $link,
        'cn=reference,dc=example,dc=com',
        [['oid' => LDAP_CONTROL_MANAGEDSAIT, 'iscritical' => TRUE]]
    );
    // Then use ldap_parse_result
    ?>
    

    Example #5 Use pagination for a search

    <?php
    // $link is an LDAP connection
    $cookie = '';
    do {
        $result = ldap_search(
            $link, 'dc=example,dc=base', '(cn=*)', ['cn'], 0, 0, 0, LDAP_DEREF_NEVER,
            [['oid' => LDAP_CONTROL_PAGEDRESULTS, 'value' => ['size' => 2, 'cookie' => $cookie]]]
        );
        ldap_parse_result($link, $result, $errcode , $matcheddn , $errmsg , $referrals, $controls);
        // To keep the example short errors are not tested
        $entries = ldap_get_entries($link, $result);
        foreach ($entries as $entry) {
            echo "cn: ".$entry['cn'][0]."\n";
        }
        if (isset($controls[LDAP_CONTROL_PAGEDRESULTS]['value']['cookie'])) {
            // You need to pass the cookie from the last call to the next one
            $cookie = $controls[LDAP_CONTROL_PAGEDRESULTS]['value']['cookie'];
        } else {
            $cookie = '';
        }
        // Empty cookie means last page
    } while (!empty($cookie));
    ?>