Using PHP With LDAP (part 1) - Anatomy 101 (
Page 5 of 6 )
At the onset, I should tell you that
communicating with an LDAP server through PHP is very similar to communicating
with a database server - open a connection, use the connection to search for
some information, iterate over the resource handle containing the results of the
search and close the connection.
1. Let's begin with the basic
connection.
<?php
// specify the LDAP server to connect to
$conn = ldap_connect("localhost") or die("Could not connect to server");
?>
The ldap_connect() function is used to open a connection with
the LDAP server. If a connection is possible, the function returns a link
identifier that is used for all subsequent communication with the LDAP server.
If a connection is not possible, the function returns false.
By default,
the ldap_connect() function looks for an LDAP server on port 389. In case your
LDAP server is running on a non-standard port, you can specify that port number
as an additional argument to ldap_connect(), as in the following code snippet.
<?php
// LDAP server running on non-standard port 510
$conn = ldap_connect("localhost", 510) or die("Could not connect to
server");
?>
2. Once a connection is established, the next step is to
"bind" it to the LDAP server via the ldap_bind() function call.
<?php
// bind to the LDAP server specified above
$r = ldap_bind($conn) or die("Could not bind to server");
?>
In the example above, this is a so-called "anonymous" bind,
as no authentication credentials are provided in my call to ldap_bind().
3. Now for the meat of the script - the ldap_search() function.
<?php
// start searching
// specify both the start location and the search criteria
// in this case, start at the top and return all entries $result =
ldap_search($conn,"dc=my-domain,dc=com", "(cn=*)") or die ("Error in search
query");
?>
This function requires three parameters - the LDAP link
identifier, the DN of the location in the LDAP hierarchy where the search should
begin, and the search query string itself. In the example above, I'm asking the
system to begin searching at the root of the hierarchy, and return all entries
which have a valid common name ("cn") attribute.
The return value of
ldap_search() is a result set with the entries that match the query.
4.
Once a result set has been obtained, the entries within it may be placed in a
multi-dimensional array via a call to ldap_get_entries().
<?php
// get entry data as array
$info = ldap_get_entries($conn, $result);
// iterate over array and print data for each entry
for ($i=0; $i<$info["count"]; $i++)
{
echo "dn is: ". $info[$i]["dn"] ."<br>";
echo "first cn is: ". $info[$i]["cn"][0] ."<br>";
echo "first email address is: ". $info[$i]["mail"][0] ."<p>"; }
?>
Every element of this array corresponds to one entry from the
LDAP directory. Each of these elements (entries) is further structured as an
array, whose elements correspond to the attributes of each entry; these
attributes may be accessed either by name or index number. A "for" loop is used
to iterate over this multi-dimensional array, and return a subset of the data
within it.
A count of all the entries in the result set can be obtained
via a call to ldap_count_entries()
<?php
// print number of entries found
echo "Number of entries found: " . ldap_count_entries($conn, $result) .
"<p>";
?>
5. Once the result set has been processed, the connection to
the LDAP server can be closed via a call to ldap_close().
<?php
// all done? clean up
ldap_close($conn);
?>
It's generally a good idea to close the connection once
you're done using it, so that system resources used by the script are freed up
and made available to other programs.
The five steps outlined above make
up a general template for interacting with an LDAP server through PHP. You will
see that these steps (and the code that they consist of) recur over almost every
example in this tutorial.
