Documentation

Horde_Ldap
in package

The main Horde_Ldap class.

Copyright 2003-2007 Tarjej Huse, Jan Wagner, Del Elson, Benedikt Hallinger Copyright 2009-2017 Horde LLC (http://www.horde.org/)

Tags
author

Tarjej Huse tarjei@bergfald.no

author

Jan Wagner wagner@netsols.de

author

Del del@babel.com.au

author

Benedikt Hallinger beni@php.net

author

Ben Klang ben@alkaloid.net

author

Chuck Hagenbuch chuck@horde.org

author

Jan Schneider jan@horde.org

license

http://www.gnu.org/licenses/lgpl-3.0.txt LGPLv3

Table of Contents

$_config  : array<string|int, mixed>
Class configuration array.
$_downHostList  : array<string|int, mixed>
List of hosts that are known to be down.
$_hostList  : array<string|int, mixed>
List of hosts we try to establish a connection to.
$_link  : resource
LDAP resource link.
$_rootDSE  : array<string|int, mixed>
Cache for rootDSE objects.
$_schema  : Horde_Ldap_Schema
Schema object.
$_schemaAttrs  : array<string|int, mixed>
Cache for attribute encoding checks.
__construct()  : mixed
Constructor.
__destruct()  : mixed
Destructor.
add()  : mixed
Adds a new entry to the directory.
bind()  : mixed
Bind or rebind to the LDAP server.
buildClause()  : string
Builds an LDAP search filter fragment.
checkLDAPExtension()  : mixed
Checks if PHP's LDAP extension is loaded.
copy()  : Horde_Ldap_Entry
Copies an entry to a new location.
delete()  : mixed
Deletes an entry from the directory.
disconnect()  : mixed
Closes the LDAP connection.
errorName()  : string
Returns the string for an LDAP errorcode.
exists()  : bool
Returns whether a DN exists in the directory.
findUserDN()  : string
Returns the DN of a user.
getEntry()  : Horde_Ldap_Entry
Returns a specific entry based on the DN.
getLink()  : resource
Returns the LDAP link resource.
getOption()  : Horde_Ldap_Error|string
Returns an LDAP option value.
getVersion()  : int
Returns the LDAP protocol version that is used on the connection.
modify()  : mixed
Modifies an LDAP entry on the server.
move()  : mixed
Renames or moves an entry.
quote()  : string
Escapes characters with special meaning in LDAP searches.
quoteDN()  : string
Takes an array of DN elements and properly quotes it according to RFC 1485.
rootDSE()  : Horde_Ldap_RootDse
Returns a rootDSE object
schema()  : Horde_Ldap_Schema
Returns a schema object
search()  : Horde_Ldap_Search
Runs an LDAP search query.
setOption()  : mixed
Sets an LDAP option.
setVersion()  : mixed
Sets the LDAP protocol version that is used on the connection.
startTLS()  : mixed
Starts an encrypted session.
utf8Decode()  : array<string|int, mixed>|Horde_Ldap_Error
utf8Encode()  : array<string|int, mixed>|Horde_Ldap_Error
_connect()  : mixed
Connects to the LDAP server.
_quoteRDN()  : string
Takes an RDN array with an attribute name and value and properly quotes it according to RFC 1485.
_quoteRDNs()  : string
Takes a single or a list of RDN arrays with an attribute name and value and properly quotes it according to RFC 1485.
_reconnect()  : mixed
Reconnects to the LDAP server.
setConfig()  : mixed
Sets the internal configuration array.
utf8()  : array<string|int, mixed>

Properties

$_config

Class configuration array.

protected array<string|int, mixed> $_config = array('hostspec' => 'localhost', 'port' => 389, 'version' => 3, 'tls' => \false, 'binddn' => '', 'bindpw' => '', 'basedn' => '', 'options' => array(), 'filter' => '(objectClass=*)', 'scope' => 'sub', 'user' => array(), 'timeout' => 5, 'auto_reconnect' => \false, 'min_backoff' => 1, 'current_backoff' => 1, 'max_backoff' => 32, 'cache' => \false, 'cache_root_dse' => \false, 'cachettl' => 3600)
  • hostspec: The LDAP host to connect to (may be an array of several hosts to try).
  • port: The server port.
  • version: LDAP version (defaults to 3).
  • tls: When set, ldap_start_tls() is run after connecting.
  • binddn: The DN to bind as when searching.
  • bindpw: Password to use when searching LDAP.
  • basedn: LDAP base.
  • options: Hash of LDAP options to set.
  • filter: Default search filter.
  • scope: Default search scope.
  • user: Configuration parameters for , must contain 'uid', and may contain 'basedn' entries.
  • timeout: Connection timeout in seconds (defaults to 5).
  • auto_reconnect: If true, the class will automatically attempt to reconnect to the LDAP server in certain failure conditions when attempting a search, or other LDAP operations. Defaults to false. Note that if you set this to true, calls to search() may block indefinitely if there is a catastrophic server failure.
  • min_backoff: Minimum reconnection delay period (in seconds).
  • current_backof: Initial reconnection delay period (in seconds).
  • max_backoff: Maximum reconnection delay period (in seconds).
  • cache: A Horde_Cache instance for caching schema requests.

$_downHostList

List of hosts that are known to be down.

protected array<string|int, mixed> $_downHostList = array()

$_hostList

List of hosts we try to establish a connection to.

protected array<string|int, mixed> $_hostList = array()

$_link

LDAP resource link.

protected resource $_link

$_rootDSE

Cache for rootDSE objects.

protected array<string|int, mixed> $_rootDSE = array()

Hash with requested rootDSE attr names as key and rootDSE object as value.

Since the RootDSE object itself may request a rootDSE object, caches successful requests. Internally, Horde_Ldap needs several lookups to this object, so caching increases performance significally.

$_schemaAttrs

Cache for attribute encoding checks.

protected array<string|int, mixed> $_schemaAttrs = array()

Hash with attribute names as key and boolean value to determine whether they should be utf8 encoded or not.

Methods

__construct()

Constructor.

public __construct([array<string|int, mixed> $config = array() ]) : mixed
Parameters
$config : array<string|int, mixed> = array()

Configuration array.

Tags
see

$_config

Return values
mixed

__destruct()

Destructor.

public __destruct() : mixed
Return values
mixed

add()

Adds a new entry to the directory.

public add(Horde_Ldap_Entry $entry) : mixed

This also links the entry to the connection used for the add, if it was a fresh entry.

Parameters
$entry : Horde_Ldap_Entry

An LDAP entry.

Tags
see
HordeLdap_Entry::createFresh()
throws
Horde_Ldap_Exception
Return values
mixed

bind()

Bind or rebind to the LDAP server.

public bind([string $dn = null ][, string $password = null ]) : mixed

This function binds with the given DN and password to the server. In case no connection has been made yet, it will be started and STARTTLS issued if appropiate.

The internal bind configuration is not being updated, so if you call bind() without parameters, you can rebind with the credentials provided at first connecting to the server.

Parameters
$dn : string = null

DN for binding.

$password : string = null

Password for binding.

Tags
throws
Horde_Ldap_Exception
Return values
mixed

buildClause()

Builds an LDAP search filter fragment.

public static buildClause(string $lhs, string $op, string $rhs[, array<string|int, mixed> $params = array() ]) : string
Parameters
$lhs : string

The attribute to test.

$op : string

The operator.

$rhs : string

The comparison value.

$params : array<string|int, mixed> = array()

Any additional parameters for the operator.

Return values
string

The LDAP search fragment.

checkLDAPExtension()

Checks if PHP's LDAP extension is loaded.

public static checkLDAPExtension() : mixed

If it is not loaded, it tries to load it manually using PHP's dl(). It knows both windows-dll and *nix-so.

Tags
throws
Horde_Ldap_Exception
Return values
mixed

delete()

Deletes an entry from the directory.

public delete(string|Horde_Ldap_Entry $dn[, bool $recursive = false ]) : mixed
Parameters
$dn : string|Horde_Ldap_Entry

DN string or Horde_Ldap_Entry.

$recursive : bool = false

Should we delete all children recursivelx as well?

Tags
throws
Horde_Ldap_Exception
Return values
mixed

disconnect()

Closes the LDAP connection.

public disconnect() : mixed
Return values
mixed

errorName()

Returns the string for an LDAP errorcode.

public static errorName(int $errorcode) : string

Made to be able to make better errorhandling. Function based on DB::errorMessage().

Hint: The best description of the errorcodes is found here: http://www.directory-info.com/Ldap/LDAPErrorCodes.html

Parameters
$errorcode : int

An error code.

Return values
string

The description for the error.

findUserDN()

Returns the DN of a user.

public findUserDN(string $user) : string

The purpose is to quickly find the full DN of a user so it can be used to re-bind as this user. This method requires the 'user' configuration parameter to be set.

Parameters
$user : string

The user to find.

Tags
throws
Horde_Ldap_Exception
throws
Horde_Exception_NotFound
Return values
string

The user's full DN.

getEntry()

Returns a specific entry based on the DN.

public getEntry(string $dn[, array<string|int, mixed> $attributes = array() ]) : Horde_Ldap_Entry
Parameters
$dn : string

DN of the entry that should be fetched.

$attributes : array<string|int, mixed> = array()

Array of Attributes to select. If ommitted, all attributes are fetched.

Tags
todo

Maybe a check against the schema should be done to be sure the attribute type exists.

throws
Horde_Ldap_Exception
throws
Horde_Exception_NotFound
Return values
Horde_Ldap_Entry

A Horde_Ldap_Entry object.

getLink()

Returns the LDAP link resource.

public getLink() : resource

It will loop attempting to re-establish the connection if the connection attempt fails and auto_reconnect has been turned on (see the _config array documentation).

Return values
resource

LDAP link.

getOption()

Returns an LDAP option value.

public getOption(string $option) : Horde_Ldap_Error|string
Parameters
$option : string

Option to get.

Tags
throws
Horde_Ldap_Exception
Return values
Horde_Ldap_Error|string

Horde_Ldap_Error or option value

getVersion()

Returns the LDAP protocol version that is used on the connection.

public getVersion() : int

A lot of LDAP functionality is defined by what protocol version the LDAP server speaks. This might be 2 or 3.

Return values
int

The protocol version.

modify()

Modifies an LDAP entry on the server.

public modify(string|Horde_Ldap_Entry $entry[, array<string|int, mixed> $parms = array() ]) : mixed

The $params argument is an array of actions and should be something like this: array('add' => array('attribute1' => array('val1', 'val2'), 'attribute2' => array('val1')), 'delete' => array('attribute1'), 'replace' => array('attribute1' => array('val1')), 'changes' => array('add' => ..., 'replace' => ..., 'delete' => array('attribute1', 'attribute2' => array('val1')))

The order of execution is as following:

  1. adds from 'add' array
  2. deletes from 'delete' array
  3. replaces from 'replace' array
  4. changes (add, replace, delete) in order of appearance

The function calls the corresponding functions of an Horde_Ldap_Entry object. A detailed description of array structures can be found there.

Unlike the modification methods provided by the Horde_Ldap_Entry object, this method will instantly carry out an update() after each operation, thus modifying "directly" on the server.

Parameters
$entry : string|Horde_Ldap_Entry

DN string or Horde_Ldap_Entry.

$parms : array<string|int, mixed> = array()

Array of changes

Tags
see
Horde_Ldap_Entry::add()
see
Horde_Ldap_Entry::delete()
see
Horde_Ldap_Entry::replace()
throws
Horde_Ldap_Exception
Return values
mixed

move()

Renames or moves an entry.

public move(string|Horde_Ldap_Entry $entry, string $newdn[, Horde_Ldap $target_ldap = null ]) : mixed

This method will instantly carry out an update() after the move, so the entry is moved instantly.

You can pass an optional Horde_Ldap object. In this case, a cross directory move will be performed which deletes the entry in the source (THIS) directory and adds it in the directory $target_ldap.

A cross directory move will switch the entry's internal LDAP reference so updates to the entry will go to the new directory.

If you want to do a cross directory move, you need to pass an Horde_Ldap_Entry object, otherwise the attributes will be empty.

Parameters
$entry : string|Horde_Ldap_Entry

An LDAP entry.

$newdn : string

The new location.

$target_ldap : Horde_Ldap = null

Target directory for cross server move.

Tags
throws
Horde_Ldap_Exception
Return values
mixed

quote()

Escapes characters with special meaning in LDAP searches.

public static quote(string $clause) : string
Parameters
$clause : string

The string to escape.

Return values
string

The escaped string.

quoteDN()

Takes an array of DN elements and properly quotes it according to RFC 1485.

public static quoteDN(array<string|int, mixed> $parts) : string
Parameters
$parts : array<string|int, mixed>

An array of tuples containing the attribute name and that attribute's value which make up the DN. Example: $parts = array( array('cn', 'John Smith'), array('dc', 'example'), array('dc', 'com') ); Nested arrays are supported since 2.1.0, to form multi-valued RDNs. Example: $parts = array( array( array('cn', 'John'), array('sn', 'Smith'), array('o', 'Acme Inc.'), ), array('dc', 'example'), array('dc', 'com') ); which will result in cn=John+sn=Smith+o=Acme Inc.,dc=example,dc=com

Return values
string

The properly quoted string DN.

rootDSE()

Returns a rootDSE object

public rootDSE([array<string|int, mixed> $attrs = array() ]) : Horde_Ldap_RootDse

This either fetches a fresh rootDSE object or returns it from the internal cache for performance reasons, if possible.

Parameters
$attrs : array<string|int, mixed> = array()

Array of attributes to search for.

Tags
throws
Horde_Ldap_Exception
Return values
Horde_Ldap_RootDse

Horde_Ldap_RootDse object

search()

Runs an LDAP search query.

public search([string|Horde_Ldap_Entry $base = null ][, string|Horde_Ldap_Filter $filter = null ][, array<string|int, mixed> $params = array() ]) : Horde_Ldap_Search

$base and $filter may be ommitted. The one from config will then be used. $base is either a DN-string or an Horde_Ldap_Entry object in which case its DN will be used.

$params may contain:

  • scope: The scope which will be used for searching, defaults to 'sub': - base: Just one entry - sub: The whole tree - one: Immediately below $base
  • sizelimit: Limit the number of entries returned (default: 0 = unlimited)
  • timelimit: Limit the time spent for searching (default: 0 = unlimited)
  • attrsonly: If true, the search will only return the attribute names
  • attributes: Array of attribute names, which the entry should contain. It is good practice to limit this to just the ones you need.

You cannot override server side limitations to sizelimit and timelimit: You can always only lower a given limit.

Parameters
$base : string|Horde_Ldap_Entry = null

LDAP searchbase.

$filter : string|Horde_Ldap_Filter = null

LDAP search filter.

$params : array<string|int, mixed> = array()

Array of options.

Tags
todo

implement search controls (sorting etc)

throws
Horde_Ldap_Exception
Return values
Horde_Ldap_Search

The search result.

setOption()

Sets an LDAP option.

public setOption(string $option, mixed $value) : mixed
Parameters
$option : string

Option to set.

$value : mixed

Value to set option to.

Tags
throws
Horde_Ldap_Exception
Return values
mixed

setVersion()

Sets the LDAP protocol version that is used on the connection.

public setVersion(int $version[, bool $force = false ]) : mixed
Parameters
$version : int

LDAP version that should be used.

$force : bool = false

If set to true, the check against the rootDSE will be skipped.

Tags
todo

Checking via the rootDSE takes much time - why? fetching and instanciation is quick!

throws
Horde_Ldap_Exception
Return values
mixed

utf8Decode()

public utf8Decode(array<string|int, mixed> $attributes) : array<string|int, mixed>|Horde_Ldap_Error
Parameters
$attributes : array<string|int, mixed>

Array of attributes

Tags
todo

Remove this and expect all data to be UTF-8.

Decodes the given attribute values if needed by schema

$attributes is expected to be an array with keys describing the attribute names and the values as the value of this attribute: $attributes = array('cn' => 'foo', 'attr2' => array('mv1', 'mv2'));

access

public

see
utf8Encode()
Return values
array<string|int, mixed>|Horde_Ldap_Error

Array with decoded attribute values or Error

utf8Encode()

public utf8Encode(array<string|int, mixed> $attributes) : array<string|int, mixed>|Horde_Ldap_Error
Parameters
$attributes : array<string|int, mixed>

An array of attributes.

Tags
todo

Remove this and expect all data to be UTF-8.

Encodes given attributes to UTF8 if needed by schema.

This function takes attributes in an array and then checks against the schema if they need UTF8 encoding. If that is the case, they will be encoded. An encoded array will be returned and can be used for adding or modifying.

$attributes is expected to be an array with keys describing the attribute names and the values as the value of this attribute: $attributes = array('cn' => 'foo', 'attr2' => array('mv1', 'mv2'));

Return values
array<string|int, mixed>|Horde_Ldap_Error

An array of UTF8 encoded attributes or an error.

_connect()

Connects to the LDAP server.

protected _connect() : mixed

This function connects to the LDAP server specified in the configuration, binds and set up the LDAP protocol as needed.

Tags
throws
Horde_Ldap_Exception
Return values
mixed

_quoteRDN()

Takes an RDN array with an attribute name and value and properly quotes it according to RFC 1485.

protected static _quoteRDN(array<string|int, mixed> $attribute) : string
Parameters
$attribute : array<string|int, mixed>

A tuple containing the attribute name and that attribute's value which make up the RDN.

Return values
string

The properly quoted string RDN.

_quoteRDNs()

Takes a single or a list of RDN arrays with an attribute name and value and properly quotes it according to RFC 1485.

protected static _quoteRDNs(array<string|int, mixed> $attribute) : string
Parameters
$attribute : array<string|int, mixed>

A tuple or array of tuples containing the attribute name and that attribute's value which make up the RDN.

Return values
string

The properly quoted string RDN.

_reconnect()

Reconnects to the LDAP server.

protected _reconnect() : mixed

In case the connection to the LDAP service has dropped out for some reason, this function will reconnect, and re-bind if a bind has been attempted in the past. It is probably most useful when the server list provided to the new() or _connect() function is an array rather than a single host name, because in that case it will be able to connect to a failover or secondary server in case the primary server goes down.

This method just tries to re-establish the current connection. It will sleep for the current backoff period (seconds) before attempting the connect, and if the connection fails it will double the backoff period, but not try again. If you want to ensure a reconnection during a transient period of server downtime then you need to call this function in a loop.

Tags
throws
Horde_Ldap_Exception
Return values
mixed

setConfig()

Sets the internal configuration array.

protected setConfig(array<string|int, mixed> $config) : mixed
Parameters
$config : array<string|int, mixed>

Configuration hash.

Return values
mixed

utf8()

protected utf8(array<string|int, mixed> $attributes, array<string|int, mixed> $function) : array<string|int, mixed>
Parameters
$attributes : array<string|int, mixed>

Array of attributes

$function : array<string|int, mixed>

Function to apply to attribute values

Tags
todo

Remove this and expect all data to be UTF-8.

Encodes or decodes attribute values if needed

access

protected

Return values
array<string|int, mixed>

Array of attributes with function applied to values.

Search results