...

...

@@ -58,6 +58,152 @@ if ($ds) {

58

58

</programlisting>

59

59

</example>

60

60

</section>

61

+

<section xml:id="ldap.examples-controls">

62

+

<title>LDAP Controls</title>

63

+

<para>

64

+

Here are some examples of using LDAP Controls with PHP &gt;= 7.3.0.

65

+

</para>

66

+

67

+

<example>

68

+

<title>Bind with policy information</title>

69

+

<programlisting role="php">

70

+

<![CDATA[

71

+

<?php

72

+

73

+

$user = 'cn=admin,dc=example,dc=com';

74

+

$passwd = 'adminpassword';

75

+

76

+

$ds = ldap_connect('ldap://localhost');

77

+

78

+

if ($ds) {

79

+

$r = ldap_bind_ext($ds, $user, $passwd, [['oid' => LDAP_CONTROL_PASSWORDPOLICYREQUEST]]);

80

+

81

+

if (ldap_parse_result($ds, $r, $errcode, $matcheddn, $errmsg, $referrals, $ctrls)) {

82

+

if ($errcode != 0) {

83

+

die("Error: $errmsg ($errcode)");

84

+

}

85

+

if (isset($ctrls[LDAP_CONTROL_PASSWORDPOLICYRESPONSE])) {

86

+

$value = $ctrls[LDAP_CONTROL_PASSWORDPOLICYRESPONSE]['value'];

87

+

echo "Expires in: ".$value['expire']." seconds\n";

88

+

echo "Number of auth left: ".$value['grace']."\n";

89

+

if (isset($value['error'])) {

90

+

echo "Policy error code: ".$value['error'];

91

+

}

92

+

}

93

+

}

94

+

} else {

95

+

die("Unable to connect to LDAP server");

96

+

}

97

+

?>

98

+

]]>

99

+

</programlisting>

100

+

</example>

101

+

102

+

<example>

103

+

<title>Modify description only if it's not empty</title>

104

+

<programlisting role="php">

105

+

<![CDATA[

106

+

<?php

107

+

// $link is an LDAP connection

108

+

109

+

$result = ldap_mod_replace_ext(

110

+

$link,

111

+

'o=test,dc=example,dc=com',

112

+

['description' => 'New description'],

113

+

[

114

+

[

115

+

'oid' => LDAP_CONTROL_ASSERT,

116

+

'iscritical' => TRUE,

117

+

'value' => ['filter' => '(!(description=*))']

118

+

]

119

+

]

120

+

);

121

+

122

+

// Then use ldap_parse_result

123

+

?>

124

+

]]>

125

+

</programlisting>

126

+

</example>

127

+

128

+

<example>

129

+

<title>Read some values before deletion</title>

130

+

<programlisting role="php">

131

+

<![CDATA[

132

+

<?php

133

+

// $link is an LDAP connection

134

+

135

+

$result = ldap_delete_ext(

136

+

$link,

137

+

'o=test,dc=example,dc=com',

138

+

[

139

+

[

140

+

'oid' => LDAP_CONTROL_PRE_READ,

141

+

'iscritical' => TRUE,

142

+

'value' => ['attrs' => ['o', 'description']]

143

+

]

144

+

]

145

+

);

146

+

147

+

// Then use ldap_parse_result

148

+

?>

149

+

]]>

150

+

</programlisting>

151

+

</example>

152

+

153

+

<example>

154

+

<title>Delete a reference</title>

155

+

<programlisting role="php">

156

+

<![CDATA[

157

+

<?php

158

+

// $link is an LDAP connection

159

+

160

+

// Without the control it would delete the referenced node

161

+

// Make sure to set the control as critical to avoid that

162

+

$result = ldap_delete_ext(

163

+

$link,

164

+

'cn=reference,dc=example,dc=com',

165

+

[['oid' => LDAP_CONTROL_MANAGEDSAIT, 'iscritical' => TRUE]]

166

+

);

167

+

168

+

// Then use ldap_parse_result

169

+

?>

170

+

]]>

171

+

</programlisting>

172

+

</example>

173

+

174

+

<example>

175

+

<title>Use pagination for a search</title>

176

+

<programlisting role="php">

177

+

<![CDATA[

178

+

<?php

179

+

// $link is an LDAP connection

180

+

181

+

$cookie = '';

182

+

183

+

do {

184

+

$result = ldap_search(

185

+

$link, 'dc=example,dc=base', '(cn=*)', ['cn'], 0, 0, 0, LDAP_DEREF_NEVER,

186

+

[['oid' => LDAP_CONTROL_PAGEDRESULTS, 'value' => ['size' => 2, 'cookie' => $cookie]]]

187

+

);

188

+

ldap_parse_result($link, $result, $errcode , $matcheddn , $errmsg , $referrals, $controls);

189

+

// To keep the example short errors are not tested

190

+

$entries = ldap_get_entries($link, $result);

191

+

foreach ($entries as $entry) {

192

+

echo "cn: ".$entry['cn'][0]."\n";

193

+

}

194

+

if (isset($controls[LDAP_CONTROL_PAGEDRESULTS]['value']['cookie'])) {

195

+

// You need to pass the cookie from the last call to the next one

196

+

$cookie = $controls[LDAP_CONTROL_PAGEDRESULTS]['value']['cookie'];

197

+

} else {

198

+

$cookie = '';

199

+

}

200

+

// Empty cookie means last page

201

+

} while (strlen($cookie) > 0);

202

+

?>

203

+

]]>

204

+

</programlisting>

205

+

</example>

206

+

</section>

61

207

</chapter>

62

208

63

209

<!-- Keep this comment at the end of the file

64

210