ldap_set_option()

(PHP 4 >= 4.0.4, PHP 5, PHP 7)

Set the value of the given option

说明

ldap_set_option(resource $link_identifier,int $option, mixed $newval): bool

Sets the value of the specified option to be$newval.

参数

$link_identifier

An LDAP link identifier, returned by ldap_connect().

$option

The parameter$optioncan be one of:

Option	Type	Available since
LDAP_OPT_DEREF	integer
LDAP_OPT_SIZELIMIT	integer
LDAP_OPT_TIMELIMIT	integer
LDAP_OPT_NETWORK_TIMEOUT	integer	PHP 5.3.0
LDAP_OPT_PROTOCOL_VERSION	integer
LDAP_OPT_ERROR_NUMBER	integer
LDAP_OPT_REFERRALS	bool
LDAP_OPT_RESTART	bool
LDAP_OPT_HOST_NAME	string
LDAP_OPT_ERROR_STRING	string
LDAP_OPT_DIAGNOSTIC_MESSAGE	string
LDAP_OPT_MATCHED_DN	string
LDAP_OPT_SERVER_CONTROLS	array
LDAP_OPT_CLIENT_CONTROLS	array
LDAP_OPT_X_KEEPALIVE_IDLE	int	PHP 7.1.0
LDAP_OPT_X_KEEPALIVE_PROBES	int	PHP 7.1.0
LDAP_OPT_X_KEEPALIVE_INTERVAL	int	PHP 7.1.0
LDAP_OPT_X_TLS_CACERTDIR	string	PHP 7.1.0
LDAP_OPT_X_TLS_CACERTFILE	string	PHP 7.1.0
LDAP_OPT_X_TLS_CERTFILE	string	PHP 7.1.0
LDAP_OPT_X_TLS_CIPHER_SUITE	string	PHP 7.1.0
LDAP_OPT_X_TLS_CRLCHECK	integer	PHP 7.1.0
LDAP_OPT_X_TLS_CRLFILE	string	PHP 7.1.0
LDAP_OPT_X_TLS_DHFILE	string	PHP 7.1.0
LDAP_OPT_X_TLS_KEYFILE	string	PHP 7.1.0
LDAP_OPT_X_TLS_PROTOCOL_MIN	integer	PHP 7.1.0
LDAP_OPT_X_TLS_RANDOM_FILE	string	PHP 7.1.0
LDAP_OPT_X_TLS_REQUIRE_CERT	integer	PHP 7.0.5

LDAP_OPT_SERVER_CONTROLS and LDAP_OPT_CLIENT_CONTROLS require a list of controls, this means that the value must be an array of controls. A control consists of anoididentifying the control, an optionalvalue, and an optional flag forcriticality. In PHP a control is given by an array containing an element with the keyoidand string value, and two optional elements. The optional elements are keyvaluewith string value and keyiscriticalwith boolean value.iscriticaldefaults toFALSEif not supplied. See » draft-ietf-ldapext-ldap-c-api-xx.txt for details. See also the second example below.

$newval

The new value for the specified$option.

返回值

成功时返回TRUE，或者在失败时返回FALSE。

范例

Example #1 Set protocol version

<?php
// $ds is a valid link identifier for a directory server
if (ldap_set_option($ds, LDAP_OPT_PROTOCOL_VERSION, 3)) {
    echo "Using LDAPv3";
} else {
    echo "Failed to set protocol version to 3";
}
?>

Example #2 Set server controls

<?php
// $ds is a valid link identifier for a directory server
// control with no value
$ctrl1 = array("oid" => "1.2.752.58.10.1", "iscritical" => true);
// iscritical defaults to FALSE
$ctrl2 = array("oid" => "1.2.752.58.1.10", "value" => "magic");
// try to set both controls
if (!ldap_set_option($ds, LDAP_OPT_SERVER_CONTROLS, array($ctrl1, $ctrl2))) {
    echo "Failed to set server controls";
}
?>

注释

Note:

This function is only available when using OpenLDAP 2.x.x OR Netscape Directory SDK x.x.

参见

• ldap_get_option()Get the current value for given option

As john.hallam@compaq.com above mentioned ,one has to set option LDAP_OPT_PROTOCOL_VERSION=3
ldap_set_option($ds,LDAP_OPT_PROTOCOL_VERSION,3);
to use the ldap_rename function.
However, the ldap_set_option() line has to be written immediately after ldap_connect() and before ldap_bind() statements.
Christos Soulios

Luckily you can turn on debugging before you open a connection:
 ldap_set_option(NULL, LDAP_OPT_DEBUG_LEVEL, 7);
This way you at least can see in the logs if the connection fails...

The following flags are valid integer values for the LDAP_OPT_DEREF (as taken from the documentation for ldap_read()):
LDAP_DEREF_NEVER (int 0) - (default) aliases are never dereferenced.
LDAP_DEREF_SEARCHING (int 1) - aliases should be dereferenced during the search but not when locating the base object of the search.
LDAP_DEREF_FINDING (int 2) - aliases should be dereferenced when locating the base object but not during the search.
LDAP_DEREF_ALWAYS (int 3) - aliases should be dereferenced always.
Example:
<?php
ldap_set_option($ds, LDAP_OPT_DEREF, LDAP_DEREF_ALWAYS);
?> 
These are defined in the draft C API (presumably from the original LDAP API). See draft-ietf-ldapext-ldap-c-api-xx.txt included in the OpenLDAP source code distribution.

I have the following code, but you do not rename the cn, that may be?
  $TheDN = "cn=Nombre,ou=Addressbook,dc=axia-ldap,dc=net";
  $newRDN = "cn=bill";
  $newParent = "ou=Addressbook,dc=axia-ldap,dc=net";
  ldap_set_option($ds,LDAP_OPT_PROTOCOL_VERSION,3);
  $result = ldap_rename($ds, $TheDN, $newRDN, $newParent, TRUE);

PHP 7.1 added support for configuring the LDAP CA/Cert environment directly, rather than relying on the environment variables. I noticed that a lot of people are having trouble getting this to work.
The correct way is:
$ds=ldap_connect("ldap.google.com"); 
ldap_set_option(NULL, LDAP_OPT_X_TLS_CERTFILE, "/path/file.crt");
ldap_set_option(NULL, LDAP_OPT_X_TLS_KEYFILE, "/path/file.key");
ldap_set_option($ds, LDAP_OPT_PROTOCOL_VERSION, 3);
ldap_set_option($ds, LDAP_OPT_REFERRALS, 0);
ldap_start_tls($ds);
...
ldap_close($ds);

To get this to work I had to set the LDAP version to 3 using ldap_set_option. Here is an example that might help:
$TheDN = "cn=john smith,ou=users,dc=acme,dc=com";
$newRDN = "cn=bill brown";
$newParent = "ou=users,dc=acme,dc=com";
ldap_set_option($ds,LDAP_OPT_PROTOCOL_VERSION,3);
@$result = ldap_rename($ds, $TheDN, $newRDN, $newParent, TRUE);

it seems that ldap_set_option returns 1 for bogus ldap_connect -ions also.
ldap_connect always returns a resource (documented in the
comments of ldap_connect) so it is not possible to check if the
ldap server is there or alive or what. and because ldap_set_option
must be between ldap_connect and ldap_bind, there seems to
be no sense in checking the return value.
it is a bit strange that ldap_bind is the first function which can
really check if a ldap resource is usable because it is the third
function in line to use when working with openldap.
<?php
$connect = ldap_connect("whatever");
$set = ldap_set_option($connect, LDAP_OPT_PROTOCOL_VERSION, 3);
echo $set;
?>

LDAP options description
http://publib.boulder.ibm.com/infocenter/iseries/v5r3/index.jsp?topic=%2Fapis%2Fldap_set_option.htm