ldap_set_option()
(PHP 4 >= 4.0.4, PHP 5, PHP 7)
Set the value of the given option
说明
ldap_set_option(resource $link_identifier,int $option, mixed $newval): bool
Sets the value of the specified option to be$newval.
参数
- $link_identifier
An LDAP link identifier, returned by ldap_connect().
- $option
The parameter$optioncan be one of:
Option Type Available since LDAP_OPT_DEREF
integer LDAP_OPT_SIZELIMIT
integer LDAP_OPT_TIMELIMIT
integer LDAP_OPT_NETWORK_TIMEOUT
integer PHP 5.3.0 LDAP_OPT_PROTOCOL_VERSION
integer LDAP_OPT_ERROR_NUMBER
integer LDAP_OPT_REFERRALS
bool LDAP_OPT_RESTART
bool LDAP_OPT_HOST_NAME
string LDAP_OPT_ERROR_STRING
string LDAP_OPT_DIAGNOSTIC_MESSAGE
string LDAP_OPT_MATCHED_DN
string LDAP_OPT_SERVER_CONTROLS
array LDAP_OPT_CLIENT_CONTROLS
array LDAP_OPT_X_KEEPALIVE_IDLE
int PHP 7.1.0 LDAP_OPT_X_KEEPALIVE_PROBES
int PHP 7.1.0 LDAP_OPT_X_KEEPALIVE_INTERVAL
int PHP 7.1.0 LDAP_OPT_X_TLS_CACERTDIR
string PHP 7.1.0 LDAP_OPT_X_TLS_CACERTFILE
string PHP 7.1.0 LDAP_OPT_X_TLS_CERTFILE
string PHP 7.1.0 LDAP_OPT_X_TLS_CIPHER_SUITE
string PHP 7.1.0 LDAP_OPT_X_TLS_CRLCHECK
integer PHP 7.1.0 LDAP_OPT_X_TLS_CRLFILE
string PHP 7.1.0 LDAP_OPT_X_TLS_DHFILE
string PHP 7.1.0 LDAP_OPT_X_TLS_KEYFILE
string PHP 7.1.0 LDAP_OPT_X_TLS_PROTOCOL_MIN
integer PHP 7.1.0 LDAP_OPT_X_TLS_RANDOM_FILE
string PHP 7.1.0 LDAP_OPT_X_TLS_REQUIRE_CERT
integer PHP 7.0.5 LDAP_OPT_SERVER_CONTROLS
andLDAP_OPT_CLIENT_CONTROLS
require a list of controls, this means that the value must be an array of controls. A control consists of anoididentifying the control, an optionalvalue, and an optional flag forcriticality. In PHP a control is given by an array containing an element with the keyoidand string value, and two optional elements. The optional elements are keyvaluewith string value and keyiscriticalwith boolean value.iscriticaldefaults toFALSE
if not supplied. See » draft-ietf-ldapext-ldap-c-api-xx.txt for details. See also the second example below.- $newval
The new value for the specified$option.
返回值
成功时返回TRUE
,或者在失败时返回FALSE
。
范例
Example #1 Set protocol version
<?php // $ds is a valid link identifier for a directory server if (ldap_set_option($ds, LDAP_OPT_PROTOCOL_VERSION, 3)) { echo "Using LDAPv3"; } else { echo "Failed to set protocol version to 3"; } ?>
Example #2 Set server controls
<?php // $ds is a valid link identifier for a directory server // control with no value $ctrl1 = array("oid" => "1.2.752.58.10.1", "iscritical" => true); // iscritical defaults to FALSE $ctrl2 = array("oid" => "1.2.752.58.1.10", "value" => "magic"); // try to set both controls if (!ldap_set_option($ds, LDAP_OPT_SERVER_CONTROLS, array($ctrl1, $ctrl2))) { echo "Failed to set server controls"; } ?>
注释
Note:This function is only available when using OpenLDAP 2.x.x OR Netscape Directory SDK x.x.
参见
ldap_get_option()
Get the current value for given option
As john.hallam@compaq.com above mentioned ,one has to set option LDAP_OPT_PROTOCOL_VERSION=3 ldap_set_option($ds,LDAP_OPT_PROTOCOL_VERSION,3); to use the ldap_rename function. However, the ldap_set_option() line has to be written immediately after ldap_connect() and before ldap_bind() statements. Christos Soulios
Luckily you can turn on debugging before you open a connection: ldap_set_option(NULL, LDAP_OPT_DEBUG_LEVEL, 7); This way you at least can see in the logs if the connection fails...
The following flags are valid integer values for the LDAP_OPT_DEREF (as taken from the documentation for ldap_read()): LDAP_DEREF_NEVER (int 0) - (default) aliases are never dereferenced. LDAP_DEREF_SEARCHING (int 1) - aliases should be dereferenced during the search but not when locating the base object of the search. LDAP_DEREF_FINDING (int 2) - aliases should be dereferenced when locating the base object but not during the search. LDAP_DEREF_ALWAYS (int 3) - aliases should be dereferenced always. Example: <?php ldap_set_option($ds, LDAP_OPT_DEREF, LDAP_DEREF_ALWAYS); ?> These are defined in the draft C API (presumably from the original LDAP API). See draft-ietf-ldapext-ldap-c-api-xx.txt included in the OpenLDAP source code distribution.
I have the following code, but you do not rename the cn, that may be? $TheDN = "cn=Nombre,ou=Addressbook,dc=axia-ldap,dc=net"; $newRDN = "cn=bill"; $newParent = "ou=Addressbook,dc=axia-ldap,dc=net"; ldap_set_option($ds,LDAP_OPT_PROTOCOL_VERSION,3); $result = ldap_rename($ds, $TheDN, $newRDN, $newParent, TRUE);
PHP 7.1 added support for configuring the LDAP CA/Cert environment directly, rather than relying on the environment variables. I noticed that a lot of people are having trouble getting this to work. The correct way is: $ds=ldap_connect("ldap.google.com"); ldap_set_option(NULL, LDAP_OPT_X_TLS_CERTFILE, "/path/file.crt"); ldap_set_option(NULL, LDAP_OPT_X_TLS_KEYFILE, "/path/file.key"); ldap_set_option($ds, LDAP_OPT_PROTOCOL_VERSION, 3); ldap_set_option($ds, LDAP_OPT_REFERRALS, 0); ldap_start_tls($ds); ... ldap_close($ds);
To get this to work I had to set the LDAP version to 3 using ldap_set_option. Here is an example that might help: $TheDN = "cn=john smith,ou=users,dc=acme,dc=com"; $newRDN = "cn=bill brown"; $newParent = "ou=users,dc=acme,dc=com"; ldap_set_option($ds,LDAP_OPT_PROTOCOL_VERSION,3); @$result = ldap_rename($ds, $TheDN, $newRDN, $newParent, TRUE);
it seems that ldap_set_option returns 1 for bogus ldap_connect -ions also. ldap_connect always returns a resource (documented in the comments of ldap_connect) so it is not possible to check if the ldap server is there or alive or what. and because ldap_set_option must be between ldap_connect and ldap_bind, there seems to be no sense in checking the return value. it is a bit strange that ldap_bind is the first function which can really check if a ldap resource is usable because it is the third function in line to use when working with openldap. <?php $connect = ldap_connect("whatever"); $set = ldap_set_option($connect, LDAP_OPT_PROTOCOL_VERSION, 3); echo $set; ?>
LDAP options description http://publib.boulder.ibm.com/infocenter/iseries/v5r3/index.jsp?topic=%2Fapis%2Fldap_set_option.htm