Among its many other capabilities, PHP also comes with afull-featured API to connect to, and communicate with, LDAP directoryservers. This article explores how PHP and LDAP can be used together,beginning with a crash course in LDAP basics and proceeding to a series ofsimple examples that demonstrate how PHP can be used to search an LDAPdirectory and format the results for the Web.
At the onset, I should tell you that communicating with an LDAP server through PHP is very similar to communicating with a database server - open a connection, use the connection to search for some information, iterate over the resource handle containing the results of the search and close the connection.
1. Let's begin with the basic connection.
// specify the LDAP server to connect to
$conn = ldap_connect("localhost") or die("Could not connect to server");
The ldap_connect() function is used to open a connection with
the LDAP server. If a connection is possible, the function returns a link identifier that is used for all subsequent communication with the LDAP server. If a connection is not possible, the function returns false.
By default, the ldap_connect() function looks for an LDAP server on port 389. In case your LDAP server is running on a non-standard port, you can specify that port number as an additional argument to ldap_connect(), as in the following code snippet.
// LDAP server running on non-standard port 510
$conn = ldap_connect("localhost", 510) or die("Could not connect to
2. Once a connection is established, the next step is to
"bind" it to the LDAP server via the ldap_bind() function call.
// bind to the LDAP server specified above
$r = ldap_bind($conn) or die("Could not bind to server");
In the example above, this is a so-called "anonymous" bind,
as no authentication credentials are provided in my call to ldap_bind().
3. Now for the meat of the script - the ldap_search() function.
// start searching
// specify both the start location and the search criteria
// in this case, start at the top and return all entries $result =
ldap_search($conn,"dc=my-domain,dc=com", "(cn=*)") or die ("Error in search
This function requires three parameters - the LDAP link
identifier, the DN of the location in the LDAP hierarchy where the search should begin, and the search query string itself. In the example above, I'm asking the system to begin searching at the root of the hierarchy, and return all entries which have a valid common name ("cn") attribute.
The return value of ldap_search() is a result set with the entries that match the query.
4. Once a result set has been obtained, the entries within it may be placed in a multi-dimensional array via a call to ldap_get_entries().
// get entry data as array
$info = ldap_get_entries($conn, $result);
// iterate over array and print data for each entry
for ($i=0; $i<$info["count"]; $i++)
echo "dn is: ". $info[$i]["dn"] ."<br>";
echo "first cn is: ". $info[$i]["cn"] ."<br>";
echo "first email address is: ". $info[$i]["mail"] ."<p>"; }
Every element of this array corresponds to one entry from the
LDAP directory. Each of these elements (entries) is further structured as an array, whose elements correspond to the attributes of each entry; these attributes may be accessed either by name or index number. A "for" loop is used to iterate over this multi-dimensional array, and return a subset of the data within it.
A count of all the entries in the result set can be obtained via a call to ldap_count_entries()
// print number of entries found
echo "Number of entries found: " . ldap_count_entries($conn, $result) .
5. Once the result set has been processed, the connection to
the LDAP server can be closed via a call to ldap_close().
// all done? clean up
It's generally a good idea to close the connection once
you're done using it, so that system resources used by the script are freed up and made available to other programs.
The five steps outlined above make up a general template for interacting with an LDAP server through PHP. You will see that these steps (and the code that they consist of) recur over almost every example in this tutorial.