Using PHP With LDAP (part 2) - Adding It All Up (
Page 4 of 8 )
Now that you know how to pull data out from the LDAP directory, how about
putting some in?
PHP has a function to do this as well - I'll show you
how to use it, by creating a simple interface to add instances of the
"inetOrgPerson" class to the LDAP directory.
First, the input form,
"add.html":
<html>
<head>
<title>Add Entry</title>
</head>
<body>
<form method="POST" action="add.php">
<table border="0" cellpadding="0" cellspacing="10" width="500" >
<tr>
<td width="50%" align="right">First name</td>
<td width="50%"><input type="text" name="cn" size="20"></td>
</tr>
<tr>
<td width="50%" align="right">Last name</td>
<td width="50%"><input type="text" name="sn" size="20"></td>
</tr>
<tr>
<td width="50%" align="right">E-mail address</td>
<td width="50%"><input type="text" name="mail" size="20"></td>
</tr>
<tr>
<td width="100%" colspan="2" align="center">
<input type="submit" value="Submit" name="Submit">
<input type="reset" value="Reset" name="Reset">
</td>
</tr>
</table>
</form>
</body>
</html>
You'll notice here that I've only used three attributes of
the "inetOrgPerson" class - "cn" for the common name, "sn" for the surname and
"mail" for the email address. Feel free to add to this list if you
like.
Here's what the form looks like,
and here's the script that actually adds the entry:
<html>
<head>
</head>
<body>
<?php
// specify the LDAP server to connect to
$conn = ldap_connect("localhost") or die("Could not connect to server. Error
is " . ldap_error($conn));
// bind to the LDAP server
$r = ldap_bind($conn) or die("Could not bind to server. Error is " .
ldap_error($conn));
// prepare data
$info["cn"] = $_POST['cn'];
$info["sn"] = $_POST['sn'];
$info["mail"] = $_POST['mail'];
$info["objectClass"] = "inetOrgPerson";
// prepare DN for new entry
$dn = "mail=" . $_POST['mail'] . ", dc=my-domain, dc=com";
// add data to directory
$result = ldap_add($conn, $dn, $info);
// if successful, display success message
if($result)
{
echo "New entry with DN " . $dn . " added to LDAP directory."; } // else
display error
else
{
echo "An error occurred. Error number " . ldap_errno($conn) . ": " .
ldap_err2str(ldap_errno($conn)); }
// all done? clean up
ldap_close($conn);
?>
</body>
</html>
Before I get into the details, let's give this code a quick
test run. Enter some data into the form above and submit it - you will probably
see something like this:
Ugly,
huh?
In order to add an entry to the LDAP server, you must provide the
server with appropriate credentials - something I've obviously not done in the
example above. Typically, these credentials consist of the superuser's DN and
password - information that you should have set when setting up your LDAP
server.
Assuming you have this information, let's modify the code above
and give it to the LDAP server.
<html>
<head>
</head>
<body>
<?php
// configure privileged user
$root_dn = "cn=root, dc=my-domain, dc=com";
$root_pw = "secret";
// specify the LDAP server to connect to
$conn = ldap_connect("localhost") or die("Could not connect to server. Error
is " . ldap_error($conn));
// bind to the LDAP server
$r = ldap_bind($conn, $root_dn, $root_pw) or die("Could not bind to server.
Error is " . ldap_error($conn));
// prepare data
$info["cn"] = $_POST['cn'];
$info["sn"] = $_POST['sn'];
$info["mail"] = $_POST['mail'];
$info["objectClass"] = "inetOrgPerson";
// prepare DN for new entry
$dn = "mail=" . $_POST['mail'] . ", dc=my-domain, dc=com";
// add data to directory
$result = ldap_add($conn, $dn, $info);
// if successful, display success message
if($result)
{
echo "New entry with DN " . $dn . " added to LDAP directory."; } // else
display error
else
{
echo "An error occurred. Error number " . ldap_errno($conn) . ": " .
ldap_err2str(ldap_errno($conn)); }
// all done? clean up
ldap_close($conn);
?>
</body>
</html>
Note the addition of user credentials in the call to
ldap_bind() - these credentials will be used to authenticate the PHP client and
allow it to make changes to the LDAP directory.
<?php
// configure privileged user
$root_dn = "cn=root, dc=my-domain, dc=com";
$root_pw = "secret";
// specify the LDAP server to connect to
$conn = ldap_connect("localhost") or die("Could not connect to server. Error
is " . ldap_error($conn));
// bind to the LDAP server
$r = ldap_bind($conn, $root_dn, $root_pw) or die("Could not bind to server.
Error is " . ldap_error($conn));
?>
Note also that LDAP requires you to provide the complete DN
of the superuser, not just the username (as is common with other authentication
mechanisms).
Once that's taken care of, the next step is to create an
associative array whose keys correspond to attributes of an LDAP entry. The data
for these attributes is obtained from the HTML form submitted by the user.
<?php
// prepare data
$info["cn"] = $_POST['cn'];
$info["sn"] = $_POST['sn'];
$info["mail"] = $_POST['mail'];
$info["objectClass"] = "inetOrgPerson";
?>
Once that's done, I also need to construct the DN for the new
entry. In this case, I've used the email address as a component of the entry's
DN in order to ensure uniqueness (LDAP DNs at the same level in the hierarchy
must be unique).
<?php
// prepare DN for new entry
$dn = "mail=" . $_POST['mail'] . ", dc=my-domain, dc=com";
?>
In case you're wondering where all this is going, you should
know that all this information is needed by the ldap_add() functions, which is
the PHP function that actually takes care of adding a new entry to the LDAP
directory. This functions requires three arguments: a link identifier for the
LDAP connection, the DN for the new entry, and the actual attributes of the
entry. Since I now have all this in place, all that remains is to call
ldap_add() and save the data to the LDAP server.
<?php
// add data to directory
$result = ldap_add($conn, $dn, $info);
?>
And here's what the result looks like:
In case you're wondering about the numerous calls to
ldap_error() in the code above, ignore them for the moment - I'll be explaining
them in detail shortly.
/ 8 
