In this second, and concluding, article, dig deeper into PHP'sLDAP API by writing complex search queries and building a Web-basedadministration module to retrieve and modify entries from the LDAP directorytree.
So that takes care of searching. Now, how about adding, editing and deleting entries?
PHP comes with a full-fledged API that allows easy modification of the LDAP directory tree. In order to demonstrate how this API works, I'm going to build, over the next few pages, a simple administration module that performs these functions, so that you can see how it's done.
First up, we need an index page that lists all the entries in the directory. This index page will serve as the starting point for an administrator to make changes to existing directory entries or add new ones. Here's the code,
<html>
<head>
</head>
<body>
<table width="450" cellpadding="5" cellspacing="5" border="1">
<?php
// specify the LDAP server to connect to
$conn = ldap_connect("localhost") or die("Could not connect to server");
// bind to the LDAP server specified above
$r = ldap_bind($conn) or die("Could not bind to server");
// set base DN and required attribute list
$base_dn = "dc=my-domain, dc=com";
$params = array("mail", "cn", "sn");
// list all entries from the base DN
$result = ldap_list($conn, $base_dn, "cn=*", $params);
?>
<tr>
<td>First Name</td>
<td>Last Name</td>
<td colspan=2> </td>
</tr>
<?php
// get entries
$info = ldap_get_entries($conn, $result);
// and print attribute values
for ($i=0; $i<$info["count"]; $i++)
{
echo "<tr>";
echo "<td>".$info[$i]["cn"][0]."</td>";
echo "<td>".$info[$i]["sn"][0]."</td>";
echo "<td><a href=\"edit.php?mail=" . urlencode($info[$i]["mail"][0]) .
"\">Edit</a></td>";
echo "<td><a href=\"delete.php?mail=" . urlencode($info[$i]["mail"][0])
. "\">Delete</a></td>";
echo "</tr>";
}
// all done? clean up
ldap_close($conn);
?>
</table>
<p>
<a href="add.html">Add new entry</a>
</body>
</html>
and here's what it looks like:
As you can see, most of this code is similar to what you saw in the previous article. However, there is one important difference - instead of using the ldap_search() function, I'm using the ldap_list() function, which returns a one-level list of all the entries matching the specified criteria, given a base DN at which to start searching.
<?php
// set base DN and required attribute list
$base_dn = "dc=my-domain, dc=com";
$params = array("mail", "cn", "sn");
// list all entries from the base DN
$result = ldap_list($conn, $base_dn, "cn=*", $params);
?>
This base DN and search filter are provided to ldap_list() as
second and third arguments respectively. In the example above, the ldap_list() function returns all the entries which have a "cn" attribute and are located immediately under the node with DN "dc=my-domain,dc=com".
Additionally, ldap_list() accepts a fourth, optional parameter - an array containing a list of all the attributes that should be included in the result set. In the example above, this array is called $params, and it specifies that the returned result set should contain the "cn", "sn" and "mail" attributes.
The search result identifier returned by the ldap_list() can be passed to the ldap_get_entries() function, which does the dirty work of extracting the raw data into a structured array. This array can be processed using a simple "for" loop.
Note also the links to "edit.php" and "delete.php" next to
each entry - I'll be discussing the scripts these links point to shortly. For the moment, though, skip downwards to the last link on the page, which points to "add.html" - this is the HTML form that is used to add new users to the database, and it's discussed on the next page.
/ 9 
