Ldap
in package
Table of Contents
Constants
- ACCTNAME_FORM_BACKSLASH = 3
- ACCTNAME_FORM_DN = 1
- ACCTNAME_FORM_PRINCIPAL = 4
- ACCTNAME_FORM_USERNAME = 2
- SEARCH_SCOPE_BASE = 3
- SEARCH_SCOPE_ONE = 2
- SEARCH_SCOPE_SUB = 1
Properties
- $boundUser : bool|null|string
- FALSE if no user is bound to the LDAP resource NULL if there has been an anonymous bind username of the currently bound user
- $lastConnectBindParams : array<string|int, mixed>
- $options : array<string|int, mixed>
- The options used in connecting, binding, etc.
- $reconnectCount : int
- Current connection retry attempt counter.
- $reconnectsAttempted : int
- Total number of times reconnections were attempted unsuccessfully.
- $resource : resource|null
- The raw LDAP extension resource.
- $rootDse : RootDse
- Caches the RootDse
- $schema : Schema
- Caches the schema
- $connectString : string|null
- String used with ldap_connect for error handling purposes.
Methods
- __construct() : mixed
- __destruct() : void
- add() : Ldap
- Add new information to the LDAP repository
- addAttributes() : Ldap
- Add one or more attributes to the specified dn
- bind() : Ldap
- connect() : Ldap
- To connect using SSL it seems the client tries to verify the server certificate by default. One way to disable this behavior is to set 'TLS_REQCERT never' in OpenLDAP's ldap.conf and restarting Apache. Or, if you really care about the server's cert you can put a cert on the web server.
- copy() : Ldap
- Copies a LDAP entry from one DN to another DN.
- copyToSubtree() : Ldap
- Copies a LDAP entry from one DN to another subtree.
- count() : int
- Count items found by given filter.
- countChildren() : int
- Count children for a given DN.
- delete() : Ldap
- Delete an LDAP entry
- deleteAttributes() : Ldap
- Delete single attributes from a LDAP-Node
- disconnect() : Ldap
- exists() : bool
- Check if a given DN exists.
- getBaseDn() : string
- Gets the base DN under which objects of interest are located
- getBaseNode() : Node
- Returns the base node as a Laminas\Ldap\Node
- getBoundUser() : bool|null|string
- Get the currently bound user
- getCanonicalAccountName() : string
- getEntry() : array<string|int, mixed>
- Get LDAP entry by DN
- getLastError() : string
- Return the LDAP error message of the last LDAP command
- getLastErrorCode() : int
- Return the LDAP error number of the last LDAP command
- getNode() : Node|null
- Returns the specified DN as a Laminas\Ldap\Node
- getOptions() : array<string|int, mixed>
- getReconnectsAttempted() : int
- getResource() : resource
- getRootDse() : RootDse
- Returns the RootDse
- getSaslOpts() : array<string|int, string>|null
- Gets any options that have been set for sasl binds.
- getSchema() : Schema
- Returns the schema
- move() : Ldap
- Moves a LDAP entry from one DN to another DN.
- moveToSubtree() : Ldap
- Moves a LDAP entry from one DN to another subtree.
- prepareLdapEntryArray() : void
- Prepares an ldap data entry array for insert/update operation
- rename() : Ldap
- Renames a LDAP entry from one DN to another DN.
- resetReconnectsAttempted() : void
- save() : Ldap
- Save entry to LDAP registry.
- search() : Collection
- A global LDAP search routine for finding information.
- searchEntries() : array<string|int, mixed>
- Search LDAP registry for entries matching filter and optional attributes
- setOptions() : Ldap
- Sets the options used in connecting, binding, etc.
- update() : Ldap
- Update LDAP registry
- updateAttributes() : Ldap
- Update one or more attributes to the specified dn
- coalesce() : mixed
- createCollection() : Collection
- Extension point for collection creation
- getAccount() : array<string|int, mixed>
- getAccountCanonicalForm() : int
- getAccountDn() : string
- getAccountDomainName() : string
- getAccountDomainNameShort() : string
- getAccountFilter() : string
- getAccountFilterFormat() : string
- getAllowEmptyPassword() : bool
- getBindRequiresDn() : bool
- getChildrenDns() : array<string|int, mixed>
- Retrieve the immediate children DNs of the given $parentDn
- getHost() : string
- getNetworkTimeout() : int
- getOptReferrals() : bool
- getPassword() : string
- getPort() : int
- getReconnectsToAttempt() : int
- getTryUsernameSplit() : bool
- getUsername() : string
- getUseSsl() : bool
- getUseStartTls() : bool
- isPossibleAuthority() : bool
- reconnectSleep() : mixed
- selectParam() : mixed
- Selects current parameters on new connections, last when reconnecting.
- shouldReconnect() : bool
- splitName() : void
- unbind() : $this
Constants
ACCTNAME_FORM_BACKSLASH
public
mixed
ACCTNAME_FORM_BACKSLASH
= 3
ACCTNAME_FORM_DN
public
mixed
ACCTNAME_FORM_DN
= 1
ACCTNAME_FORM_PRINCIPAL
public
mixed
ACCTNAME_FORM_PRINCIPAL
= 4
ACCTNAME_FORM_USERNAME
public
mixed
ACCTNAME_FORM_USERNAME
= 2
SEARCH_SCOPE_BASE
public
mixed
SEARCH_SCOPE_BASE
= 3
SEARCH_SCOPE_ONE
public
mixed
SEARCH_SCOPE_ONE
= 2
SEARCH_SCOPE_SUB
public
mixed
SEARCH_SCOPE_SUB
= 1
Properties
$boundUser
FALSE if no user is bound to the LDAP resource NULL if there has been an anonymous bind username of the currently bound user
protected
bool|null|string
$boundUser
= false
$lastConnectBindParams
protected
array<string|int, mixed>
$lastConnectBindParams
= []
$options
The options used in connecting, binding, etc.
protected
array<string|int, mixed>
$options
$reconnectCount
Current connection retry attempt counter.
protected
int
$reconnectCount
= 0
$reconnectsAttempted
Total number of times reconnections were attempted unsuccessfully.
protected
int
$reconnectsAttempted
= 0
$resource
The raw LDAP extension resource.
protected
resource|null
$resource
$rootDse
Caches the RootDse
protected
RootDse
$rootDse
$schema
Caches the schema
protected
Schema
$schema
$connectString
String used with ldap_connect for error handling purposes.
private
string|null
$connectString
= null
Methods
__construct()
public
__construct([array<string|int, mixed>|Traversable $options = [] ]) : mixed
Parameters
- $options : array<string|int, mixed>|Traversable = []
-
Options used in connecting, binding, etc.
Tags
__destruct()
public
__destruct() : void
add()
Add new information to the LDAP repository
public
add(string|Dn $dn, array<string|int, mixed> $entry) : Ldap
Parameters
- $dn : string|Dn
- $entry : array<string|int, mixed>
Tags
Return values
Ldap —Provides a fluid interface
addAttributes()
Add one or more attributes to the specified dn
public
addAttributes(string|Dn $dn, array<string|int, mixed> $attributes[, bool $allowEmptyAttributes = false ]) : Ldap
Parameters
- $dn : string|Dn
- $attributes : array<string|int, mixed>
- $allowEmptyAttributes : bool = false
Tags
Return values
Ldap —Provides a fluid interface
bind()
public
bind([string $username = null ][, string $password = null ][, array<string|int, string>|null $saslOpts = null ]) : Ldap
Parameters
- $username : string = null
-
The username for authenticating the bind
- $password : string = null
-
The password for authenticating the bind
- $saslOpts : array<string|int, string>|null = null
-
Options when performing SASL binds.
Tags
Return values
Ldap —Provides a fluent interface
connect()
To connect using SSL it seems the client tries to verify the server certificate by default. One way to disable this behavior is to set 'TLS_REQCERT never' in OpenLDAP's ldap.conf and restarting Apache. Or, if you really care about the server's cert you can put a cert on the web server.
public
connect([string $host = null ][, int $port = null ][, bool $useSsl = null ][, bool $useStartTls = null ][, int $networkTimeout = null ]) : Ldap
Parameters
- $host : string = null
-
The hostname of the LDAP server to connect to
- $port : int = null
-
The port number of the LDAP server to connect to
- $useSsl : bool = null
-
Use SSL
- $useStartTls : bool = null
-
Use STARTTLS
- $networkTimeout : int = null
-
The value for network timeout when connect to the LDAP server.
Tags
Return values
Ldap —Provides a fluent interface
copy()
Copies a LDAP entry from one DN to another DN.
public
copy(string|Dn $from, string|Dn $to[, bool $recursively = false ]) : Ldap
Parameters
Tags
Return values
Ldap —Provides a fluid interface
copyToSubtree()
Copies a LDAP entry from one DN to another subtree.
public
copyToSubtree(string|Dn $from, string|Dn $to[, bool $recursively = false ]) : Ldap
Parameters
Tags
Return values
Ldap —Provides a fluid interface
count()
Count items found by given filter.
public
count(string|AbstractFilter $filter[, string|Dn|null $basedn = null ][, int $scope = self::SEARCH_SCOPE_SUB ]) : int
Parameters
- $filter : string|AbstractFilter
- $basedn : string|Dn|null = null
- $scope : int = self::SEARCH_SCOPE_SUB
Tags
Return values
intcountChildren()
Count children for a given DN.
public
countChildren(string|Dn $dn) : int
Parameters
- $dn : string|Dn
Tags
Return values
intdelete()
Delete an LDAP entry
public
delete(string|Dn $dn[, bool $recursively = false ]) : Ldap
Parameters
- $dn : string|Dn
- $recursively : bool = false
Tags
Return values
Ldap —Provides a fluid interface
deleteAttributes()
Delete single attributes from a LDAP-Node
public
deleteAttributes(Dn|string $dn, array<string|int, mixed> $attributes[, bool $allowEmptyAttributes = false ]) : Ldap
This method removes single attributes from a node identified by $dn. The attributes have to be given as array where the array-key is the attribute-name and the array-value is the attribute-value that is to be removed.
To remove multiple entries of an attribute pass an array with the values
to be removed as value of the key. So if you want to remove more than
one memberUid-attribute you would pass
array('memberUid' => ['uid1', 'uid2',...]); as
$attributes
Beware that passing an empty array will remove all entries of the attribute. Therefore you will have to set the $emptyAll-flag!
Parameters
- $dn : Dn|string
-
The DN for which to remove attributes
- $attributes : array<string|int, mixed>
-
The attributes to be removed
- $allowEmptyAttributes : bool = false
-
Whether empty attribute-array should remove all attribute- values or not.
Tags
Return values
Ldap —Provides a fluent interface
disconnect()
public
disconnect() : Ldap
Return values
Ldap —Provides a fluent interface
exists()
Check if a given DN exists.
public
exists(string|Dn $dn) : bool
Parameters
- $dn : string|Dn
Tags
Return values
boolgetBaseDn()
Gets the base DN under which objects of interest are located
public
getBaseDn() : string
Return values
stringgetBaseNode()
Returns the base node as a Laminas\Ldap\Node
public
getBaseNode() : Node
Tags
Return values
NodegetBoundUser()
Get the currently bound user
public
getBoundUser() : bool|null|string
FALSE if no user is bound to the LDAP resource NULL if there has been an anonymous bind username of the currently bound user
Return values
bool|null|stringgetCanonicalAccountName()
public
getCanonicalAccountName(string $acctname[, int $form = 0 ]) : string
Parameters
- $acctname : string
-
The name to canonicalize
- $form : int = 0
-
The desired form of canonicalization
Tags
Return values
string —The canonicalized name in the desired form
getEntry()
Get LDAP entry by DN
public
getEntry(string|Dn $dn[, array<string|int, mixed> $attributes = [] ][, bool $throwOnNotFound = false ]) : array<string|int, mixed>
Parameters
- $dn : string|Dn
- $attributes : array<string|int, mixed> = []
- $throwOnNotFound : bool = false
Tags
Return values
array<string|int, mixed>getLastError()
Return the LDAP error message of the last LDAP command
public
getLastError([int &$errorCode = null ][, array<string|int, mixed> &$errorMessages = null ]) : string
Parameters
- $errorCode : int = null
- $errorMessages : array<string|int, mixed> = null
Return values
stringgetLastErrorCode()
Return the LDAP error number of the last LDAP command
public
getLastErrorCode() : int
Return values
intgetNode()
Returns the specified DN as a Laminas\Ldap\Node
public
getNode(string|Dn $dn) : Node|null
Parameters
- $dn : string|Dn
Tags
Return values
Node|nullgetOptions()
public
getOptions() : array<string|int, mixed>
Return values
array<string|int, mixed> —The current options.
getReconnectsAttempted()
public
getReconnectsAttempted() : int
Return values
intgetResource()
public
getResource() : resource
Return values
resource —The raw LDAP extension resource.
getRootDse()
Returns the RootDse
public
getRootDse() : RootDse
Tags
Return values
RootDsegetSaslOpts()
Gets any options that have been set for sasl binds.
public
getSaslOpts() : array<string|int, string>|null
Return values
array<string|int, string>|nullgetSchema()
Returns the schema
public
getSchema() : Schema
Tags
Return values
Schemamove()
Moves a LDAP entry from one DN to another DN.
public
move(string|Dn $from, string|Dn $to[, bool $recursively = false ][, bool $alwaysEmulate = false ]) : Ldap
Parameters
Tags
Return values
Ldap —Provides a fluid interface
moveToSubtree()
Moves a LDAP entry from one DN to another subtree.
public
moveToSubtree(string|Dn $from, string|Dn $to[, bool $recursively = false ][, bool $alwaysEmulate = false ]) : Ldap
Parameters
Tags
Return values
Ldap —Provides a fluid interface
prepareLdapEntryArray()
Prepares an ldap data entry array for insert/update operation
public
static prepareLdapEntryArray(array<string|int, mixed> &$entry) : void
Parameters
- $entry : array<string|int, mixed>
Tags
rename()
Renames a LDAP entry from one DN to another DN.
public
rename(string|Dn $from, string|Dn $to[, bool $recursively = false ][, bool $alwaysEmulate = false ]) : Ldap
This method implicitly moves the entry to another location within the tree.
Parameters
Tags
Return values
Ldap —Provides a fluid interface
resetReconnectsAttempted()
public
resetReconnectsAttempted() : void
save()
Save entry to LDAP registry.
public
save(string|Dn $dn, array<string|int, mixed> $entry) : Ldap
Internally decides if entry will be updated to added by calling .
Parameters
- $dn : string|Dn
- $entry : array<string|int, mixed>
Tags
Return values
Ldap —Provides a fluid interface
search()
A global LDAP search routine for finding information.
public
search(string|AbstractFilter|array<string|int, mixed> $filter[, string|Dn|null $basedn = null ][, int $scope = self::SEARCH_SCOPE_SUB ][, array<string|int, mixed> $attributes = [] ][, string|null $sort = null ][, string|null $collectionClass = null ][, int $sizelimit = 0 ][, int $timelimit = 0 ]) : Collection
Options can be either passed as single parameters according to the method signature or as an array with one or more of the following keys
- filter
- baseDn
- scope
- attributes
- sort
- collectionClass
- sizelimit
- timelimit
Parameters
- $filter : string|AbstractFilter|array<string|int, mixed>
- $basedn : string|Dn|null = null
- $scope : int = self::SEARCH_SCOPE_SUB
- $attributes : array<string|int, mixed> = []
- $sort : string|null = null
- $collectionClass : string|null = null
- $sizelimit : int = 0
- $timelimit : int = 0
Tags
Return values
CollectionsearchEntries()
Search LDAP registry for entries matching filter and optional attributes
public
searchEntries(string|AbstractFilter|array<string|int, mixed> $filter[, string|Dn|null $basedn = null ][, int $scope = self::SEARCH_SCOPE_SUB ][, array<string|int, mixed> $attributes = [] ][, string|null $sort = null ][, bool $reverseSort = false ][, int $sizelimit = 0 ][, int $timelimit = 0 ]) : array<string|int, mixed>
Options can be either passed as single parameters according to the method signature or as an array with one or more of the following keys
- filter
- baseDn
- scope
- attributes
- sort
- reverseSort
- sizelimit
- timelimit
Parameters
- $filter : string|AbstractFilter|array<string|int, mixed>
- $basedn : string|Dn|null = null
- $scope : int = self::SEARCH_SCOPE_SUB
- $attributes : array<string|int, mixed> = []
- $sort : string|null = null
- $reverseSort : bool = false
- $sizelimit : int = 0
- $timelimit : int = 0
Tags
Return values
array<string|int, mixed>setOptions()
Sets the options used in connecting, binding, etc.
public
setOptions(array<string|int, mixed>|Traversable $options) : Ldap
Valid option keys: host port useSsl username password bindRequiresDn baseDn accountCanonicalForm accountDomainName accountDomainNameShort accountFilterFormat allowEmptyPassword useStartTls optReferrals tryUsernameSplit reconnectAttempts networkTimeout saslOpts
Parameters
- $options : array<string|int, mixed>|Traversable
-
Options used in connecting, binding, etc.
Tags
Return values
Ldap —Provides a fluent interface
update()
Update LDAP registry
public
update(string|Dn $dn, array<string|int, mixed> $entry) : Ldap
Parameters
- $dn : string|Dn
- $entry : array<string|int, mixed>
Tags
Return values
Ldap —Provides a fluid interface
updateAttributes()
Update one or more attributes to the specified dn
public
updateAttributes(string|Dn $dn, array<string|int, mixed> $attributes[, bool $allowEmptyAttributes = false ]) : Ldap
Parameters
- $dn : string|Dn
- $attributes : array<string|int, mixed>
- $allowEmptyAttributes : bool = false
Tags
Return values
Ldap —Provides a fluid interface
coalesce()
protected
static coalesce(TA $a, TB $b) : mixed
Parameters
- $a : TA
- $b : TB
Tags
createCollection()
Extension point for collection creation
protected
createCollection(DefaultIterator $iterator, Collection>|null $collectionClass) : Collection
Parameters
- $iterator : DefaultIterator
- $collectionClass : Collection>|null
Tags
Return values
CollectiongetAccount()
protected
getAccount(string $acctname[, array<string|int, mixed> $attrs = null ]) : array<string|int, mixed>
Parameters
- $acctname : string
- $attrs : array<string|int, mixed> = null
-
An array of names of desired attributes
Tags
Return values
array<string|int, mixed> —An array of the attributes representing the account
getAccountCanonicalForm()
protected
getAccountCanonicalForm() : int
Return values
int —Either ACCTNAME_FORM_BACKSLASH, ACCTNAME_FORM_PRINCIPAL or ACCTNAME_FORM_USERNAME indicating the form usernames should be canonicalized to.
getAccountDn()
protected
getAccountDn(string $acctname) : string
Parameters
- $acctname : string
-
The name of the account
Tags
Return values
string —The DN of the specified account
getAccountDomainName()
protected
getAccountDomainName() : string
Return values
string —The account domain name
getAccountDomainNameShort()
protected
getAccountDomainNameShort() : string
Return values
string —The short account domain name
getAccountFilter()
protected
getAccountFilter(string $acctname) : string
Parameters
- $acctname : string
Return values
string —The LDAP search filter for matching directory accounts
getAccountFilterFormat()
protected
getAccountFilterFormat() : string
Return values
string —A format string for building an LDAP search filter to match an account
getAllowEmptyPassword()
protected
getAllowEmptyPassword() : bool
Return values
bool —Allow empty passwords
getBindRequiresDn()
protected
getBindRequiresDn() : bool
Return values
bool —Bind requires DN
getChildrenDns()
Retrieve the immediate children DNs of the given $parentDn
protected
getChildrenDns(string|Dn $parentDn) : array<string|int, mixed>
This method is used in recursive methods like delete() or copy()
Parameters
- $parentDn : string|Dn
Tags
Return values
array<string|int, mixed> —of DNs
getHost()
protected
getHost() : string
Return values
string —The hostname of the LDAP server being used to authenticate accounts
getNetworkTimeout()
protected
getNetworkTimeout() : int
Return values
int —The value for network timeout when connect to the LDAP server.
getOptReferrals()
protected
getOptReferrals() : bool
Return values
bool —Opt. Referrals
getPassword()
protected
getPassword() : string
Return values
string —The default password for binding
getPort()
protected
getPort() : int
Return values
int —The port of the LDAP server or 0 to indicate that no port value is set
getReconnectsToAttempt()
protected
getReconnectsToAttempt() : int
Return values
int —The number of times reconnect to server should be attempted.
getTryUsernameSplit()
protected
getTryUsernameSplit() : bool
Return values
bool —Try splitting the username into username and domain
getUsername()
protected
getUsername() : string
Return values
string —The default acctname for binding
getUseSsl()
protected
getUseSsl() : bool
Return values
bool —The default SSL / TLS encrypted transport control
getUseStartTls()
protected
getUseStartTls() : bool
Return values
bool —The default SSL / TLS encrypted transport control
isPossibleAuthority()
protected
isPossibleAuthority(string $dname) : bool
Parameters
- $dname : string
-
The domain name to check
Return values
boolreconnectSleep()
protected
reconnectSleep() : mixed
selectParam()
Selects current parameters on new connections, last when reconnecting.
protected
selectParam(string $method, string $parameter, mixed $property) : mixed
Parameters
- $method : string
-
Whether the connect or bind method is the caller.
- $parameter : string
-
The parameter name.
- $property : mixed
-
The value of the parameter as set in an instance property.
Return values
mixed —If a reconnect attempt is being made, the value used for the parameter last time it was supplied by an external invocation. Otherwise, the value.
shouldReconnect()
protected
shouldReconnect(resource $resource) : bool
Parameters
- $resource : resource
Return values
boolsplitName()
protected
splitName(string $name, string &$dname, string &$aname) : void
Parameters
- $name : string
-
The name to split
- $dname : string
-
The resulting domain name (this is an out parameter)
- $aname : string
-
The resulting account name (this is an out parameter)
unbind()
protected
unbind() : $this