In this second, and concluding, article, dig deeper into PHP'sLDAP API by writing complex search queries and building a Web-basedadministration module to retrieve and modify entries from the LDAP directorytree.
Next up, modifying entries. You might remember, from previous pages, that the index page of this application included links to scripts named "edit.php" and "delete.php" next to each entry, and passed each of those scripts certain data using the URL GET method. Here's what that code looked like:
As you can see, the user's email address is passed from the
main index page to the "edit.php" script on the URL when the user clicks the corresponding hyperlink. This email address can then be used, in combination with the ldap_list() function, to retrieve the complete user record and display it in a form for editing - which is exactly what the next script does:
<html>
<head>
</head>
<body>
<table width="450" cellpadding="5" cellspacing="5" border="1"> <?php
// specify the LDAP server to connect to
$conn = ldap_connect("localhost") or die("Could not connect to server");
// bind to the LDAP server specified above
$r = ldap_bind($conn) or die("Could not bind to server");
// set base DN and return attribute list
$base_dn = "dc=my-domain,dc=com";
$params = array("mail", "cn", "sn");
// perform search using email address passed on URL
$result = ldap_list($conn, $base_dn, "mail=" . urldecode($_GET['mail']),
$params);
// extract data into array
$info = ldap_get_entries($conn, $result);
// print and display as editable form
?>
<form method="POST" action="modify.php">
<table border="0" cellpadding="0" cellspacing="10" width="500" >
<tr>
<td width="50%" align="right">First Name</td>
<td width="50%"><input type="text" name="cn" size="20" value="<?php
echo $info[0]["cn"][0]; ?>"></td>
</tr>
<tr>
<td width="50%" align="right">Last Name</td>
<td width="50%"><input type="text" name="sn" size="20" value="<?php
echo $info[0]["sn"][0]; ?>"></td>
</tr>
<tr>
<td width="50%" align="right">E-mail</td>
<td width="50%"><input type="text" name="mail" size="20" value="<?php
echo $info[0]["mail"][0]; ?>"></td>
</tr>
<tr>
<td width="100%" colspan="2" align="center">
<input type="submit" value="Submit" name="Submit">
<input type="reset" value="Reset" name="Reset">
</td>
</tr>
</table>
</form>
<?php
// all done? clean up
ldap_close($conn);
?>
</table>
</body>
</html>
Here's what it looks like:
I can now edit the data in the HTML form and submit it to a script that updates the entry in the directory. Here's the PHP code that take care of that:
<html>
<head>
</head>
<body>
<?php
// specify the LDAP server to connect to
$conn = ldap_connect("localhost") or die("Could not connect to server. Error
is " . ldap_error($conn));
// user with privileges to add an entry to LDAP hierarchy $root_dn =
"cn=root, dc=my-domain, dc=com"; $root_pw = "secret";
// bind to the LDAP server specified above
$r = ldap_bind($conn, $root_dn, $root_pw) or die("Could not bind to server.
Error is " . ldap_error($conn));
// prepare data
$info["cn"] = $_POST['cn'];
$info["sn"] = $_POST['sn'];
$info["mail"] = $_POST['mail'];
$info["objectClass"] = "inetOrgPerson";
// prepare DN
$dn = "mail=" . $_POST['mail'] . ", dc=my-domain, dc=com";
// modify data in the directory
$result = ldap_modify($conn, $dn, $info);
// if successful, display success message
if($result)
{
echo "Entry with DN " . $dn . " modified in LDAP directory."; } // else
display error
else
{
echo "An error occurred. Error number " . ldap_errno($conn) . ": " .
ldap_err2str(ldap_errno($conn)); }
// all done? clean up
ldap_close($conn);
?>
</body>
</html>
This code listing is similar to the code for adding a new
user...with one important change: it uses the ldap_modify() function instead of the ldap_add() command to update an existing entry, rather than add a new one.
Here's the output of the script above, indicating that the update was successful:
/ 9 
