Home arrow PHP arrow Page 4 - Using PHP With LDAP (part 2)

Adding It All Up - PHP

In this second, and concluding, article, dig deeper into PHP'sLDAP API by writing complex search queries and building a Web-basedadministration module to retrieve and modify entries from the LDAP directorytree.

TABLE OF CONTENTS:
  1. Using PHP With LDAP (part 2)
  2. Of Needles And Haystacks
  3. Making Lists
  4. Adding It All Up
  5. Changing Things Around
  6. Wiping Out The Past
  7. To Err Is Human...
  8. Endgame
By: Harish Kamath, (c) Melonfire
Rating: starstarstarstarstar / 9
April 07, 2003

print this article
SEARCH DEV SHED

TOOLS YOU CAN USE

advertisement
Now that you know how to pull data out from the LDAP directory, how about putting some in?

PHP has a function to do this as well - I'll show you how to use it, by creating a simple interface to add instances of the "inetOrgPerson" class to the LDAP directory.

First, the input form, "add.html":






<html> <head> <title>Add Entry</title> </head> <body> <form method="POST" action="add.php"> <table border="0" cellpadding="0" cellspacing="10" width="500" > <tr> <td width="50%" align="right">First name</td> <td width="50%"><input type="text" name="cn" size="20"></td> </tr> <tr> <td width="50%" align="right">Last name</td> <td width="50%"><input type="text" name="sn" size="20"></td> </tr> <tr> <td width="50%" align="right">E-mail address</td> <td width="50%"><input type="text" name="mail" size="20"></td> </tr> <tr> <td width="100%" colspan="2" align="center"> <input type="submit" value="Submit" name="Submit"> &nbsp;&nbsp;<input type="reset" value="Reset" name="Reset"> </td> </tr> </table> </form> </body> </html>
You'll notice here that I've only used three attributes of the "inetOrgPerson" class - "cn" for the common name, "sn" for the surname and "mail" for the email address. Feel free to add to this list if you like.

Here's what the form looks like,



and here's the script that actually adds the entry:

<html> <head> </head> <body> <?php // specify the LDAP server to connect to $conn = ldap_connect("localhost") or die("Could not connect to server. Error is " . ldap_error($conn)); // bind to the LDAP server $r = ldap_bind($conn) or die("Could not bind to server. Error is " . ldap_error($conn)); // prepare data $info["cn"] = $_POST['cn']; $info["sn"] = $_POST['sn']; $info["mail"] = $_POST['mail']; $info["objectClass"] = "inetOrgPerson"; // prepare DN for new entry $dn = "mail=" . $_POST['mail'] . ", dc=my-domain, dc=com"; // add data to directory $result = ldap_add($conn, $dn, $info); // if successful, display success message if($result) { echo "New entry with DN " . $dn . " added to LDAP directory."; } // else display error else { echo "An error occurred. Error number " . ldap_errno($conn) . ": " . ldap_err2str(ldap_errno($conn)); } // all done? clean up ldap_close($conn); ?> </body> </html>
Before I get into the details, let's give this code a quick test run. Enter some data into the form above and submit it - you will probably see something like this:



Ugly, huh?

In order to add an entry to the LDAP server, you must provide the server with appropriate credentials - something I've obviously not done in the example above. Typically, these credentials consist of the superuser's DN and password - information that you should have set when setting up your LDAP server.

Assuming you have this information, let's modify the code above and give it to the LDAP server.

<html> <head> </head> <body> <?php // configure privileged user $root_dn = "cn=root, dc=my-domain, dc=com"; $root_pw = "secret"; // specify the LDAP server to connect to $conn = ldap_connect("localhost") or die("Could not connect to server. Error is " . ldap_error($conn)); // bind to the LDAP server $r = ldap_bind($conn, $root_dn, $root_pw) or die("Could not bind to server. Error is " . ldap_error($conn)); // prepare data $info["cn"] = $_POST['cn']; $info["sn"] = $_POST['sn']; $info["mail"] = $_POST['mail']; $info["objectClass"] = "inetOrgPerson"; // prepare DN for new entry $dn = "mail=" . $_POST['mail'] . ", dc=my-domain, dc=com"; // add data to directory $result = ldap_add($conn, $dn, $info); // if successful, display success message if($result) { echo "New entry with DN " . $dn . " added to LDAP directory."; } // else display error else { echo "An error occurred. Error number " . ldap_errno($conn) . ": " . ldap_err2str(ldap_errno($conn)); } // all done? clean up ldap_close($conn); ?> </body> </html>
Note the addition of user credentials in the call to ldap_bind() - these credentials will be used to authenticate the PHP client and allow it to make changes to the LDAP directory.

<?php // configure privileged user $root_dn = "cn=root, dc=my-domain, dc=com"; $root_pw = "secret"; // specify the LDAP server to connect to $conn = ldap_connect("localhost") or die("Could not connect to server. Error is " . ldap_error($conn)); // bind to the LDAP server $r = ldap_bind($conn, $root_dn, $root_pw) or die("Could not bind to server. Error is " . ldap_error($conn)); ?>
Note also that LDAP requires you to provide the complete DN of the superuser, not just the username (as is common with other authentication mechanisms).

Once that's taken care of, the next step is to create an associative array whose keys correspond to attributes of an LDAP entry. The data for these attributes is obtained from the HTML form submitted by the user.

<?php // prepare data $info["cn"] = $_POST['cn']; $info["sn"] = $_POST['sn']; $info["mail"] = $_POST['mail']; $info["objectClass"] = "inetOrgPerson"; ?>
Once that's done, I also need to construct the DN for the new entry. In this case, I've used the email address as a component of the entry's DN in order to ensure uniqueness (LDAP DNs at the same level in the hierarchy must be unique).

<?php // prepare DN for new entry $dn = "mail=" . $_POST['mail'] . ", dc=my-domain, dc=com"; ?>
In case you're wondering where all this is going, you should know that all this information is needed by the ldap_add() functions, which is the PHP function that actually takes care of adding a new entry to the LDAP directory. This functions requires three arguments: a link identifier for the LDAP connection, the DN for the new entry, and the actual attributes of the entry. Since I now have all this in place, all that remains is to call ldap_add() and save the data to the LDAP server.

<?php // add data to directory $result = ldap_add($conn, $dn, $info); ?>
And here's what the result looks like:



In case you're wondering about the numerous calls to ldap_error() in the code above, ignore them for the moment - I'll be explaining them in detail shortly.

 
 
>>> More PHP Articles          >>> More By Harish Kamath, (c) Melonfire
 

blog comments powered by Disqus
escort Bursa Bursa escort Antalya eskort
   

PHP ARTICLES

- Hackers Compromise PHP Sites to Launch Attac...
- Red Hat, Zend Form OpenShift PaaS Alliance
- PHP IDE News
- BCD, Zend Extend PHP Partnership
- PHP FAQ Highlight
- PHP Creator Didn't Set Out to Create a Langu...
- PHP Trends Revealed in Zend Study
- PHP: Best Methods for Running Scheduled Jobs
- PHP Array Functions: array_change_key_case
- PHP array_combine Function
- PHP array_chunk Function
- PHP Closures as View Helpers: Lazy-Loading F...
- Using PHP Closures as View Helpers
- PHP File and Operating System Program Execut...
- PHP: Effects of Wrapping Code in Class Const...

Developer Shed Affiliates

 


Dev Shed Tutorial Topics: