PHP ʖ²ἯTH º󍋼/A XLVIII. LDAP functions ½鉜 LDAP is the Lightweight Directory Access Protocol, and is a protocol used to access "Directory Servers". The Directory is a special kind of database that holds information in a tree structure. The concept is similar to your hard disk directory structure, except that in this context, the root directory is "The world" and the first level subdirectories are "countries". Lower levels of the directory structure contain entries for companies, organisations or places, while yet lower still we find directory entries for people, and perhaps equipment or documents. To refer to a file in a subdirectory on your hard disk, you might use something like: /usr/local/myapp/docs The forwards slash marks each division in the reference, and the sequence is read from left to right. The equivalent to the fully qualified file reference in LDAP is the "distinguished name", referred to simply as "dn". An example dn might be: cn=John Smith,ou=Accounts,o=My Company,c=US The comma marks each division in the reference, and the sequence is read from right to left. You would read this dn as: country = US organization = My Company organizationalUnit = Accounts commonName = John Smith In the same way as there are no hard rules about how you organise the directory structure of a hard disk, a directory server manager can set up any structure that is meaningful for the purpose. However, there are some conventions that are used. The message is that you can not write code to access a directory server unless you know something about its structure, any more than you can use a database without some knowledge of what is available. Lots of information about LDAP can be found at Netscape University of Michigan OpenLDAP Project LDAP World The Netscape SDK contains a helpful Programmer's Guide in HTML format. Шdz You will need to get and compile LDAP client libraries from either the University of Michigan ldap-3.3 package or the Netscape Directory SDK 3.0 to compile PHP with LDAP support. °²װ LDAP support in PHP is not enabled by default. You will need to use the --with-ldap[=DIR] configuration option when compiling PHP to enable LDAP support. DIR is the LDAP base install directory. Note to Win32 Users: In order to enable this module on a Windows environment, you must copy libsasl.dll from the DLL folder of the PHP/Win32 binary package to the SYSTEM32 folder of your windows machine. (Ex: C:\WINNT\SYSTEM32 or C:\WINDOWS\SYSTEM32) ԋАʱŤփ բЩº¯ʽµĐЎªʜµ½ȫ¾ּA HREF="configuration.html#configuration.file" Ťփ΄¼þ php.ini µē°Ϭ¡£ Name Default Changeable ldap.max_links "-1" PHP_INI_SYSTEM ׊Դ Ѝ ¸À©չģ¿鎴¶¨ҥȎºΗʔ´ Ѝ¡£ Ԥ¶¨ҥ³£ ·¶= Retrieve information for all entries where the surname starts with "S" from a directory server, displaying an extract with name and email address. =ד 1. LDAP search example ?php // basic sequence with LDAP is connect, bind, search, interpret search // result, close connection echo "h3 LDAP query test /h3 "; echo "Connecting ..."; $ds=ldap_connect("localhost"); // must be a valid LDAP server! echo "connect result is ".$ds." p "; if ($ds) {echo "Binding ..."; $r=ldap_bind($ds); // this is an "anonymous" bind, typically // read-only access echo "Bind result is ".$r." p "; echo "Searching for (sn=S*) ..."; // Search surname entry $sr=ldap_search($ds,"o=My Company, c=US", "sn=S*"); echo "Search result is ".$sr." p "; echo "Number of entires returned is ".ldap_count_entries($ds,$sr)." p "; echo "Getting entries... p "; $info = ldap_get_entries($ds, $sr); echo "Data for ".$info["count"]." items returned: p "; for ($i=0; $i $info["count"]; $i++) {echo "dn is: ". $info[$i]["dn"] ." br "; echo "first cn entry is: ". $info[$i]["cn"][0] ." br "; echo "first email entry is: ". $info[$i]["mail"][0] ." p ";} echo "Closing connection"; ldap_close($ds);} else {echo" h4 Unable to connect to LDAP server /h4 ";}? Using the PHP LDAP calls The name or address of the directory server you will use The "base dn" of the server (the part of the world directory that is held on this server, which could be "o=My Company,c=US") Whether you need a password to access the server (many servers will provide read access for an "anonymous bind" but require a password for anything else) ldap_connect() // establish connection to server | ldap_bind() // anonymous or authenticated "login" | do something like search or update the directory and display the results | ldap_close() // "logout" Ŀ¼ ldap_8859_to_t61 -- Translate 8859 characters to t61 characters ldap_add -- Add entries to LDAP directory ldap_bind -- Bind to LDAP directory ldap_close -- Close link to LDAP server ldap_compare -- Compare value of attribute found in entry specified with DN ldap_connect -- Connect to an LDAP server ldap_count_entries -- Count the number of entries in a search ldap_delete -- Delete an entry from a directory ldap_dn2ufn -- Convert DN to User Friendly Naming format ldap_err2str -- Convert LDAP error number into string error message ldap_errno -- Return the LDAP error number of the last LDAP command ldap_error -- Return the LDAP error message of the last LDAP command ldap_explode_dn -- Splits DN into its component parts ldap_first_attribute -- Return first attribute ldap_first_entry -- Return first result id ldap_first_reference -- Return first reference ldap_free_result -- Free result memory ldap_get_attributes -- Get attributes from a search result entry ldap_get_dn -- Get the DN of a result entry ldap_get_entries -- Get all result entries ldap_get_option -- Get the current value for given option ldap_get_values_len -- Get all binary values from a result entry ldap_get_values -- Get all values from a result entry ldap_list -- Single-level search ldap_mod_add -- Add attribute values to current attributes ldap_mod_del -- Delete attribute values from current attributes ldap_mod_replace -- Replace attribute values with new ones ldap_modify -- Modify an LDAP entry ldap_next_attribute -- Get the next attribute in result ldap_next_entry -- Get next result entry ldap_next_reference -- Get next reference ldap_parse_reference -- Extract information from reference entry ldap_parse_result -- Extract information from result ldap_read -- Read an entry ldap_rename -- Modify the name of an entry ldap_search -- Search LDAP tree ldap_set_option -- Set the value of the given option ldap_set_rebind_proc -- Set a callback function to do re-binds on referral chasing. ldap_sort -- Sort LDAP result entries ldap_start_tls -- Start TLS ldap_t61_to_8859 -- Translate t61 characters to 8859 characters ldap_unbind -- Unbind from LDAP directory º󍋼/A ưµ㼯A java_last_exception_get ɏһ¼¶ ldap_8859_to_t61