| ||||||
 | ||||||
XLIX. LDAP functions
Introduction in LDAP
LDAP is Lightweight Directory Access Protocol - the protocol used for access to "Directory Servers". Directory is a special type of a database which contains information as treelike structure.
The concept is similar to structure of directories of a hard disk, but in this context of root/root the directory is "The world/globe", and the first level of subdirectories is "countries/country". There are levels of structure of the directories, containing occurrences for companies/companies even below, organizations/organizations or places, and there are occurrences of directories for people/people and, probably, the equipment or documents even below.
To address to the file in a subdirectory on a hard disk, you enter something it seems
/ usr/local/myapp/docs
The slash separates each division of the reference, and the sequence is read from left to right.
Equivalent for the full qualified link to file in LDAP is "distinguished name/distinctive a name", "dn" called simply. An example of dn can be:
cn=John Smith, ou=Accounts, o=My Company, c=US
The comma works as a slash, and the sequence is read from right to left. You can read this dn as...
country = US
organization = My Company
organizationalUnit = Accounts
commonName = John Smith
In the same way, as there are no firm rules of the organization of structure of directories on a hard disk, directory server manager (a menezhder of the server of directories) can adjust any structure necessary for implementation of objectives. However there are some agreements which are thus used: you cannot write down a code for access to the server of directories if do not know its structure though can use a DB without knowledge of that is available.
Full example of a code
We request information for all occurrences where the surname begins with "S", from the server of directories and we display them with a name and an email address.
Use of calls of PHP LDAP
You need to receive and compile client libraries LDAP from a ldap-3.3 University of Michigan or Netscape Directory SDK 3.0 package. It is necessary for you also перекомпилировать PHP with the included support of LDAP before PHP calls to LDAP will earn.
Before beginning use of calls of LDAP, it is necessary for you to know:
Name or the address of the server of directories which you will use
server "base dn" (a part of a world-directory which contains on this server which can be "o=My Company, c=US")
Whether the password for access to this server (many servers provide access for reading for "anonymous bind", but demand the password for other actions) is necessary to you
The typical sequence of a call of LDAP in your appendix will correspond such патэрну:
to ldap_connect () // to establish connection with the server
|
ldap_bind () // anonymous/anonymous or authenticated "login"
|
to make something such as search or directory updating
and to deduce results
|
ldap_close () // "logout"
Additional information
A large number of information on LDAP can be found on:
Netscape SDK contains good Programmer's Guide in the.html format.
- Contents
- ldap_8859_to_t61 - broadcasts 8859-symbols in t61-symbols
- ldap_add - adds entries into a LDAP directory
- ldap_bind - connects with a LDAP directory
- ldap_close - closes the reference to the LDAP server
- ldap_compare - compares value of the attribute found in occurrence, specified by means of DN
- ldap_connect - connects to the LDAP server
- ldap_count_entries - counts up number of occurrences by search
- ldap_delete - deletes occurrence of their directory
- ldap_dn2ufn - converts DN in the User Friendly Naming format
- ldap_err2str - converts number of an error of LDAP in a line of an error message
- ldap_errno - returns number of an error of LDAP of the last LDAP team
- ldap_error - returns an error message of LDAP of the last LDAP team
- ldap_explode_dn - divides DN into parts components
- ldap_first_attribute - returns the first attribute
- ldap_first_entry - returns id first by a resultant
- ldap_first_reference - returns the first reference
- ldap_free_result - releases memory of result
- ldap_get_attributes - receives attributes from search result occurrence
- ldap_get_dn - receives DN of rezultiruyushchy occurrence
- ldap_get_entries - receives all resultants of occurrence
- ldap_get_option - receives the current value of this option
- ldap_get_values_len - receives all binary values from rezultiruyushchy occurrence
- ldap_get_values - receives all values from rezultiruyushchy occurrence
- ldap_list - single-level search
- ldap_mod_add - adds values of attributes to the current attributes
- ldap_mod_del - deletes values of attributes from the current attributes
- ldap_mod_replace - replaces values of attributes new
- ldap_modify - modifies LDAP occurrence
- ldap_next_attribute - receives the following attribute as a result
- ldap_next_entry - receives the following resultants occurrence
- ldap_next_reference - receives the following reference
- ldap_parse_reference - takes information from reference occurrence
- ldap_parse_result - takes information from result
- ldap_read - reads occurrence
- ldap_rename - modifies an occurrence name
- ldap_search - looks for LDAP tree
- ldap_set_option - establishes value of this option
- ldap_set_rebind_proc - establishes callback-function for performance of repeated sheaves at referral chasing
- ldap_sort - sorts resultants of occurrence of LDAP
- ldap_start_tls - starts TLS
- ldap_t61_to_8859 - broadcasts t61-symbols in 8859-symbols
- ldap_unbind - unties from a LDAP directory
| ||||||
|