• 首页
  • vue
  • TypeScript
  • JavaScript
  • scss
  • css3
  • html5
  • php
  • MySQL
  • redis
  • jQuery
  • ldap_get_option()

    (PHP 4 >= 4.0.4, PHP 5, PHP 7)

    Get the current value for given option

    说明

    ldap_get_option(resource $link_identifier,int $option, mixed&$retval): bool

    Sets$retvalto the value of the specified option.

    参数

    $link_identifier

    An LDAP link identifier, returned by ldap_connect().

    $option

    The parameter$optioncan be one of:

    OptionTypesince
    LDAP_OPT_DEREFinteger
    LDAP_OPT_SIZELIMITinteger
    LDAP_OPT_TIMELIMITinteger
    LDAP_OPT_NETWORK_TIMEOUTinteger
    LDAP_OPT_PROTOCOL_VERSIONinteger
    LDAP_OPT_ERROR_NUMBERinteger
    LDAP_OPT_DIAGNOSTIC_MESSAGEinteger
    LDAP_OPT_REFERRALSbool
    LDAP_OPT_RESTARTbool
    LDAP_OPT_HOST_NAMEstring
    LDAP_OPT_ERROR_STRINGstring
    LDAP_OPT_MATCHED_DNstring
    LDAP_OPT_SERVER_CONTROLSarray
    LDAP_OPT_CLIENT_CONTROLSarray
    LDAP_OPT_X_KEEPALIVE_IDLEint7.1
    LDAP_OPT_X_KEEPALIVE_PROBESint7.1
    LDAP_OPT_X_KEEPALIVE_INTERVALint7.1
    LDAP_OPT_X_TLS_CACERTDIRstring7.1
    LDAP_OPT_X_TLS_CACERTFILEstring7.1
    LDAP_OPT_X_TLS_CERTFILEstring7.1
    LDAP_OPT_X_TLS_CIPHER_SUITEstring7.1
    LDAP_OPT_X_TLS_CRLCHECKinteger7.1
    LDAP_OPT_X_TLS_CRL_NONEinteger7.1
    LDAP_OPT_X_TLS_CRL_PEERinteger7.1
    LDAP_OPT_X_TLS_CRL_ALLinteger7.1
    LDAP_OPT_X_TLS_CRLFILEstring7.1
    LDAP_OPT_X_TLS_DHFILEstring7.1
    LDAP_OPT_X_TLS_KEYILEstring7.1
    LDAP_OPT_X_TLS_PACKAGEstring7.1
    LDAP_OPT_X_TLS_PROTOCOL_MINinteger7.1
    LDAP_OPT_X_TLS_RANDOM_FILEstring7.1
    LDAP_OPT_X_TLS_REQUIRE_CERTinteger
    $retval

    This will be set to the option value.

    返回值

    成功时返回TRUE,或者在失败时返回FALSE

    范例

    Example #1 Check protocol version

    <?php
    // $ds is a valid link identifier for a directory server
    if (ldap_get_option($ds, LDAP_OPT_PROTOCOL_VERSION, $version)) {
        echo "Using protocol version $version\n";
    } else {
        echo "Unable to determine protocol version\n";
    }
    ?>
    

    注释

    Note:

    This function is only available when using OpenLDAP 2.x.x OR Netscape Directory SDK x.x.

    参见

    Following on from Jeremy S's example. 
    Instead of defining LDAP_OPT_DIAGNOSTIC_MESSAGE as 0x32 then using it, you can just use the option already defined as that value :)
    LDAP_OPT_ERROR_STRING
    Here is how to tell if an Active Directory user account expired:
    define('LDAP_OPT_DIAGNOSTIC_MESSAGE', 0x0032);
    ldap_set_option($conn, LDAP_OPT_PROTOCOL_VERSION, 3);
    ldap_set_option($conn, LDAP_OPT_REFERRALS, 0);
    $bind = ldap_bind($conn, $user, $pass);
    ldap_get_option($conn, LDAP_OPT_DIAGNOSTIC_MESSAGE, $extended_error);
    if (!empty($extended_error))
    {
      $errno = explode(',', $extended_error)[2];
      $errno = explode(' ', $errno)[2];
      $errno = intval($errno);
      if ($errno == 532)
        $err = 'Unable to login: Password expired.';
    }
    PHP 7.1 added support for configuring the LDAP CA/Cert environment directly, rather than relying on the environment variables. I noticed that a lot of people are having trouble getting this to work.
    The correct way is:
    $ds=ldap_connect("ldap.google.com"); 
    ldap_set_option(NULL, LDAP_OPT_X_TLS_CERTFILE, "/path/file.crt");
    ldap_set_option(NULL, LDAP_OPT_X_TLS_KEYFILE, "/path/file.key");
    ldap_set_option($ds, LDAP_OPT_PROTOCOL_VERSION, 3);
    ldap_set_option($ds, LDAP_OPT_REFERRALS, 0);
    ldap_start_tls($ds);
    ...
    ldap_close($ds);