ldap_get_option()
(PHP 4 >= 4.0.4, PHP 5, PHP 7)
Get the current value for given option
说明
ldap_get_option(resource $link_identifier,int $option, mixed&$retval): bool
Sets$retvalto the value of the specified option.
参数
- $link_identifier
An LDAP link identifier, returned by ldap_connect().
- $option
The parameter$optioncan be one of:
Option Type since LDAP_OPT_DEREF
integer LDAP_OPT_SIZELIMIT
integer LDAP_OPT_TIMELIMIT
integer LDAP_OPT_NETWORK_TIMEOUT
integer LDAP_OPT_PROTOCOL_VERSION
integer LDAP_OPT_ERROR_NUMBER
integer LDAP_OPT_DIAGNOSTIC_MESSAGE
integer LDAP_OPT_REFERRALS
bool LDAP_OPT_RESTART
bool LDAP_OPT_HOST_NAME
string LDAP_OPT_ERROR_STRING
string LDAP_OPT_MATCHED_DN
string LDAP_OPT_SERVER_CONTROLS
array LDAP_OPT_CLIENT_CONTROLS
array LDAP_OPT_X_KEEPALIVE_IDLE
int 7.1 LDAP_OPT_X_KEEPALIVE_PROBES
int 7.1 LDAP_OPT_X_KEEPALIVE_INTERVAL
int 7.1 LDAP_OPT_X_TLS_CACERTDIR
string 7.1 LDAP_OPT_X_TLS_CACERTFILE
string 7.1 LDAP_OPT_X_TLS_CERTFILE
string 7.1 LDAP_OPT_X_TLS_CIPHER_SUITE
string 7.1 LDAP_OPT_X_TLS_CRLCHECK
integer 7.1 LDAP_OPT_X_TLS_CRL_NONE
integer 7.1 LDAP_OPT_X_TLS_CRL_PEER
integer 7.1 LDAP_OPT_X_TLS_CRL_ALL
integer 7.1 LDAP_OPT_X_TLS_CRLFILE
string 7.1 LDAP_OPT_X_TLS_DHFILE
string 7.1 LDAP_OPT_X_TLS_KEYILE
string 7.1 LDAP_OPT_X_TLS_PACKAGE
string 7.1 LDAP_OPT_X_TLS_PROTOCOL_MIN
integer 7.1 LDAP_OPT_X_TLS_RANDOM_FILE
string 7.1 LDAP_OPT_X_TLS_REQUIRE_CERT
integer - $retval
This will be set to the option value.
返回值
成功时返回TRUE
,或者在失败时返回FALSE
。
范例
Example #1 Check protocol version
<?php // $ds is a valid link identifier for a directory server if (ldap_get_option($ds, LDAP_OPT_PROTOCOL_VERSION, $version)) { echo "Using protocol version $version\n"; } else { echo "Unable to determine protocol version\n"; } ?>
注释
Note:This function is only available when using OpenLDAP 2.x.x OR Netscape Directory SDK x.x.
参见
ldap_set_option()
Set the value of the given option
Following on from Jeremy S's example. Instead of defining LDAP_OPT_DIAGNOSTIC_MESSAGE as 0x32 then using it, you can just use the option already defined as that value :) LDAP_OPT_ERROR_STRING
Here is how to tell if an Active Directory user account expired: define('LDAP_OPT_DIAGNOSTIC_MESSAGE', 0x0032); ldap_set_option($conn, LDAP_OPT_PROTOCOL_VERSION, 3); ldap_set_option($conn, LDAP_OPT_REFERRALS, 0); $bind = ldap_bind($conn, $user, $pass); ldap_get_option($conn, LDAP_OPT_DIAGNOSTIC_MESSAGE, $extended_error); if (!empty($extended_error)) { $errno = explode(',', $extended_error)[2]; $errno = explode(' ', $errno)[2]; $errno = intval($errno); if ($errno == 532) $err = 'Unable to login: Password expired.'; }
PHP 7.1 added support for configuring the LDAP CA/Cert environment directly, rather than relying on the environment variables. I noticed that a lot of people are having trouble getting this to work. The correct way is: $ds=ldap_connect("ldap.google.com"); ldap_set_option(NULL, LDAP_OPT_X_TLS_CERTFILE, "/path/file.crt"); ldap_set_option(NULL, LDAP_OPT_X_TLS_KEYFILE, "/path/file.key"); ldap_set_option($ds, LDAP_OPT_PROTOCOL_VERSION, 3); ldap_set_option($ds, LDAP_OPT_REFERRALS, 0); ldap_start_tls($ds); ... ldap_close($ds);