LDAP
|
|
|
|
<?
##############################################################
# Class libLDAP.inc
# Provides an OOP interface to an LDAP server
# Written by: Bob Silva ( bsilva@umesd.k12.or.us )
# Feel free to modify and use as you see fit.
##############################################################
# Check when loading lib
$GLOBALS["HAVE_LDAP"] = 1;
class LDAP {
# Connection information
var $server = "";
var $port = 389;
var $bindname = "cn=,ou=,o=";
var $securebindname = "cn=,ou=,o=";
var $bindpw = "";
var $base_dn = "o=";
# Status variables
var $link;
var $connected;
var $lasterr;
# Used during searches
var $filter;
var $attribs;
# Used during enumeration
var $berident;
# Call this to recieve a text error msg after a failed function call
function lasterror() {
return $this->lasterr;
# Reset the message
$this->lasterr = "";
}
/********************************************************************
*
* PROTO: $obj = new LDAP ( [[string Server], [int Port]] )
*
* DESC: Create an LDAP object. Server and Port are optional.
*
* RETURNS: True on success, false on error or bad argument
*
*********************************************************************/
function LDAP( $s="", $p="389") {
$this->server = (!empty($s))?"$s":"$this->server";
$this->port = (integer)$p;
}
/********************************************************************
*
* PROTO: $obj->Connect ()
*
* DESC: Connects to $this->server with an anonymous bind.
*
* RETURNS: True on success, false on error or bad argument
*
*********************************************************************/
function Connect() {
if (!$this->connected) {
$this->link = ldap_connect( $this->server, $this->port );
if (!$this->link ) {
$this->lasterr = "Could not connect to LDAP Server: ".$this->server;
return false;
} else {
if ( ldap_bind ( $this->link, '', '')) {
$this->connected = 1;
return true;
} else {
$this->lasterr = "Could not bind to ".$this->server.".";
return false;
}
}
}
return true; // Already Connected
}
/********************************************************************
*
* PROTO: $obj->SConnect ( [[string securebindname], [string bindpw]] )
*
* DESC: Connects to $this->server and Binds as securebindname/bindpw
*
* RETURNS: True on success, false on error or bad argument
*
*********************************************************************/
function SConnect( $bn="", $bp="" ) {
$this->securebindname = (!empty($bn))?"$bn":"$this->securebindname";
$this->bindpw = (!empty($bp))?"$bp":"$this->bindpw";
if (!$this->connected) {
$this->link = ldap_connect( $this->server, $this->port );
if (!$this->link ) {
$this->lasterr = "Could not connect to LDAP Server: ".$this->server;
return false;
} else {
if ( @ldap_bind ( $this->link, $this->securebindname, $this->bindpw)) {
$this->connected = 1;
return true;
} else {
$this->lasterr = "Could not bind to ".$this->server." as ".$this->securebindname;
return false;
}
}
}
return true; // Already Connected
}
/********************************************************************
*
* PROTO: $obj->Close ()
*
* DESC: Closes the connection ($this->link) to the ldap server.
*
* RETURNS: True on success, false on error or bad argument
*
*********************************************************************/
function Close() {
if ( $this->link ) {
ldap_unbind( $this->link );
$this->link = 0;
$this->connected = 0;
$this->lasterr = "";
return true;
}
return true;
}
/********************************************************************
*
* PROTO: $obj->Add( Array entry )
*
* DESC: Add takes an array as a param, the first element of the
* array should be the Distinguished Name (DN) of the entry you
* are adding.
*
* RETURNS: True on success, false on error or bad argument
*
*********************************************************************/
function Add ( $arr ) {
if ( is_array($arr) && $this->connected ) {
$dn = $arr["dn"];
for (reset($arr), next($arr); $key=key($arr); next($arr)) {
$arr2[$key]=$arr[$key];
}
$r = @ldap_add ( $this->link, $dn, $arr2 );
if (!$r) {
$this->lasterr = "LDAP_ADD failed.";
return false;
}
return true;
}
$this->lasterr = "Argument passed in was not an array.";
return false;
}
/********************************************************************
*
* PROTO: $obj->AddA( Array entry )
*
* DESC: Add takes an array as a param, the first element of the
* array should be the Distinguished Name (DN) of the entry you
* are adding an attribute to.
*
* RETURNS: True on success, false on error or bad argument
*
*********************************************************************/
function AddA ( $arr ) {
if ( is_array($arr) ) {
if ( $this->connected ) {
$dn = $arr["dn"];
for (reset($arr), next($arr); $key=key($arr); next($arr)) {
$arr2[$key]=$arr[$key];
}
$r = @ldap_mod_add ( $this->link, $dn, $arr2 );
if (!$r) {
$this->lasterr = "LDAP_MOD_ADD failed.";
return false;
}
return true;
}
$this->lasterr = "Not connected to LDAP server.";
return false;
}
$this->lasterr = "Argument passed in was not an array.";
return false;
}
/********************************************************************
*
* PROTO: $obj->Modify( Array entry )
*
* DESC: Modify takes an array as a param, the first element of the
* array should be the Distinguished Name (DN) of the entry you are
* modifying.
*
* RETURNS: True on success, false on error or bad argument
*
*********************************************************************/
function Modify ( $arr ) {
if ( is_array($arr) ) {
if ( $this->connected ) {
$dn = $arr["dn"];
for (reset($arr), next($arr); $key=key($arr); next($arr)) {
$arr2[$key]=$arr[$key];
}
$r = @ldap_modify ( $this->link, $dn, $arr2 );
if (!$r) {
$this->lasterr = "LDAP_MODIFY failed.";
return false;
}
return true;
}
$this->lasterr = "Not connected to LDAP server.";
return false;
}
$this->lasterr = "Argument passed in was not an array.";
return false;
}
/********************************************************************
*
* PROTO: $obj->Delete( string DN )
*
* DESC: Deletes DN from directory
*
* RETURNS: True on success, false on error or bad argument
*
*********************************************************************/
function Delete ( $dn ) {
if ( !empty($dn) ) {
if ( $this->connected ) {
$r = @ldap_delete ( $this->link, $dn );
if (!$r) {
$this->lasterr = "LDAP_DELETE failed.";
return false;
}
return true;
}
$this->lasterr = "Not connected to LDAP server.";
return false;
}
$this->lasterr = "Bad argument passed in.";
return false;
}
/********************************************************************
*
* PROTO: $obj->DeleteA( array entry )
*
* DESC: Deletes attribute from DN
*
* RETURNS: True on success, false on error or bad argument
*
*********************************************************************/
function DeleteA ( $arr ) {
if ( is_array($arr) ) {
if ( $this->connected ) {
$dn = $arr["dn"];
for (reset($arr), next($arr); $key=key($arr); next($arr)) {
$arr2[$key]=$arr[$key];
}
$r = @ldap_mod_del ( $this->link, $dn, $arr2 );
if (!$r) {
$this->lasterr = "LDAP_MOD_DEL failed.";
return false;
}
return true;
}
$this->lasterr = "Not connected to LDAP server.";
return false;
}
$this->lasterr = "Argument passed in was not an array.";
return false;
}
/********************************************************************
*
* PROTO: $obj->Search( [ string SCOPE ] )
*
* DESC: Search wraps Read, List and Search calls into one. It takes
* one argument..one of "BASE", "ONELEVEL" or "SUB".
* You are expected to make calls to BaseDN, Filter and Attrs
* everytime before you call Search().
*
* RETURNS: A result_identifier to be used when enumerating the
* results.
*
*********************************************************************/
###############Support Functions###################
function Filter ( $filter ) {
if ( !empty ( $filter ) ) {
$this->filter = $filter;
return true;
} else {
$this->filter = "cn=*";
}
return false;
}
function Attrs ( $attrs ) {
if ( !empty ( $attrs ) ) {
$this->attribs = explode(",",$attrs);
} else {
$this->attribs = Array();
}
return false;
}
function BaseDN ( $basedn ) {
if ( !empty ( $basedn ) ) {
$this->base_dn = $basedn;
return true;
}
return false;
}
##############End Support Functions#################
function Search ( $scope="SUB" ) {
if ( !$this->connected ) {
$this->lasterr = "Not connected to LDAP server.";
return false;
}
if ( empty($this->base_dn) ) {
$this->lasterr = "No BaseDN provided.";
return false;
}
if ( empty($this->filter) ) $this->filter = "cn=*";
if ( !is_array($this->attribs) ) $this->attribs = Array();
switch ( $scope ) {
case "BASE": return @ldap_read ( $this->link, $this->base_dn, $this->filter, $this->attribs );
break;
case "ONELEVEL":return @ldap_list ( $this->link, $this->base_dn, $this->filter, $this->attribs );
break;
case "SUB": return @ldap_search ( $this->link, $this->base_dn, $this->filter, $this->attribs );
break;
}
$this->lasterr = "LDAP_SEARCH failed";
return false;
}
/********************************************************************
*
* PROTO: $obj->Count( int result_identifier )
*
* DESC: Count the number of entries returned from a search.
*
* RETURNS: Count on success, 0 on error.
*
*********************************************************************/
function Count ( $res ) {
if ( $res ) {
if ( $this->connected ) {
return ldap_count_entries ( $this->link, $res );
}
$this->lasterr = "Not connected to LDAP server.";
return false;
}
$this->lasterr = "No result identifier.";
return false;
}
/********************************************************************
*
* PROTO: $obj->First( int result_identifier )
*
* DESC: Returns a result_entry_identifier for the first entry in a
* result_identifier passed in from a call to Search().
*
* RETURNS: A result_entry_identifier to be used when enumerating the
* results.
*
*********************************************************************/
function First ( $res ) {
if ( $res ) {
if ( $this->connected ) {
return ldap_first_entry ( $this->link, $res );
}
$this->lasterr = "Not connected to LDAP server.";
return false;
}
$this->lasterr = "No result identifier.";
return false;
}
/********************************************************************
*
* PROTO: $obj->Next( int result_entry_identifier )
*
* DESC: Returns a result_entry_identifier for the next entry in a
* result set.
*
* RETURNS: A result entry identifier to be used when enumerating the
* results.
*
*********************************************************************/
function Next ( $res ) {
if ( $res ) {
if ( $this->connected ) {
return ldap_next_entry ( $this->link, $res );
}
$this->lasterr = "Not connected to LDAP server.";
return false;
}
$this->lasterr = "No result identifier.";
return false;
}
/********************************************************************
*
* PROTO: $obj->FirstAttr( int result_entry_identifier )
*
* DESC: Returns an array of the first attribute in an entry.
*
* RETURNS: An array of attribute values for a single attribute.
*
*********************************************************************/
function FirstAttr ( $res ) {
$this->berident = 0;
if ( $res ) {
if ( $this->connected ) {
$fattr = ldap_first_attribute ( $this->link, $res, &$this->berident );
if ( !empty($fattr) ) {
$tmparr = ldap_get_values ( $this->link, $res, $fattr );
$tmparr2[] = $fattr;
for ($i=0; $i<count($tmparr);$i++)
$tmparr2[] = $tmparr[$i];
return $tmparr2;
}
}
$this->lasterr = "Not connected to LDAP server.";
return false;
}
$this->lasterr = "No result identifier.";
return false;
}
/********************************************************************
*
* PROTO: $obj->NextAttr( int result_entry_identifier )
*
* DESC: Returns a result_entry_identifier for the first entry in a
* result_identifier passed in from a call to Search().
*
* RETURNS: An array of attribute values for a single attribute.
*
*********************************************************************/
function NextAttr ( $res ) {
if ( $res ) {
if ( $this->connected ) {
$nattr = ldap_next_attribute ( $this->link, $res, &$this->berident );
if ( !empty($nattr) ) {
$tmparr = ldap_get_values ( $this->link, $res, $nattr );
$tmparr2[] = $nattr;
for ($i=0; $i<count($tmparr);$i++)
$tmparr2[] = $tmparr[$i];
return $tmparr2;
}
}
$this->lasterr = "Not connected to LDAP server.";
return false;
}
$this->lasterr = "No result identifier.";
return false;
}
/********************************************************************
*
* PROTO: $obj->All( int result_entry, [string sortattr], )
*
* DESC: Returns a multi-dimensional array of all the entries and
* attributes in a search result. If sortattr is not empty
* it will sort the entries based on that attribute. Default
* is not to sort.
*
* RETURNS: A multi-dimensional array of all entries and attributes.
*
*********************************************************************/
function All ( $res, $sortattr="" ) {
if ( $res ) {
if ( $this->connected ) {
if (empty($sortattr)) {
return ldap_get_entries ( $this->link, $res );
} else {
$entries = ldap_get_entries ( $this->link, $res );
for ( $i = 0; $i < count($entries); $i++ ) {
$temparr[$entries[$i][$sortattr][0].$i] = $entries[$i];
}
ksort ($temparr);
for (reset($temparr); $key = key($temparr); next($temparr)) {
//echo $temparr[$key]["fullname"][0];
$entries1[] = $temparr[$key];
}
return $entries1;
}
}
$this->lasterr = "Not connected to LDAP server.";
return false;
}
$this->lasterr = "No result identifier.";
return false;
}
/********************************************************************
*
* PROTO: $obj->AllAttrs( int result_entry_identifier )
*
* DESC: Returns a multi-dimensional array of all the attributes
* of an entry in a search result.
*
* RETURNS: A multi-dimensional array of all attributes of a single
* entry.
*
*********************************************************************/
function AllAttrs ( $res ) {
if ( $res ) {
if ( $this->connected ) {
return ldap_get_attributes ( $this->link, $res );
}
$this->lasterr = "Not connected to LDAP server.";
return false;
}
$this->lasterr = "No result identifier.";
return false;
}
/********************************************************************
*
* PROTO: $obj->Free ( int result_identifier )
*
* DESC: Release the memory associated with a result_identifier.
*
* RETURNS: True no matter what
*
*********************************************************************/
function Free ( $res ) {
if ( $res && $this->connected ) {
ldap_free_result ( $res );
}
return true;
}
/********************************************************************
*
* PROTO: $obj->GetDN ( int result_entry_identifier )
*
* DESC: Get the DN of the result entry.
*
* RETURNS: DN of the result entry on success, false on error.
*
*********************************************************************/
function GetDN ( $res ) {
if ( $res ) {
if ( $this->connected ) {
return ldap_get_dn ( $this->link, $res );
}
$this->lasterr = "Not connected to LDAP server.";
return false;
}
$this->lasterr = "No result identifier.";
return false;
}
/********************************************************************
*
* PROTO: $obj->ExplodeDN ( string DN, [int with_attributes] )
*
* DESC: Explodes a DN into an array. With attributes determines
* if the array components are return with in full context mode:
* ie: array[0]="cn=user",array[1]="ou=orgunit" otherwise:
* array[0]="user",array[1]="orgunit"...
*
* RETURNS: Array on success, false on error or bad argument
*
*********************************************************************/
function ExplodeDN ( $dn, $wa="1" ) {
if ( !empty($dn) ) {
if ( $this->connected ) {
return ldap_explode_dn ( $dn, $wa );
}
$this->lasterr = "Not connected to LDAP server.";
return false;
}
$this->lasterr = "No DN passed in.";
return false;
}
/********************************************************************
*
* PROTO: $obj->Friendly ( string dn )
*
* DESC: Return a DN in a user friendly way (strip type names).
*
* RETURNS: UFN on success, false on error or bad argument
*
*********************************************************************/
function Friendly ( $dn ) {
if ( !empty($dn) ) {
if ( $this->connected ) {
return ldap_dn2ufn ( $dn );
}
$this->lasterr = "Not connected to LDAP server.";
return false;
}
$this->lasterr = "No DN passed in.";
return false;
}
} /* End Class LDAP */
# If you define the server in here, then you may want to auto-create the object
# Just uncomment to activate this. otherwise, create it manually in your script
#$ld = new LDAP();
?>
|
|
|
Usage Example
|
<?
# libLDAP example
# This wont work right away, this is only an example of how you can use
# this library to make ldap access easier
# Only load the library once
if (!$GLOBALS["HAVE_LDAP"]) {
include ("libLDAP.inc");
}
$ld = new LDAP();
# Lets retrieve an LDAP record
function get_user_info( $dn ) {
global $ld;
if ( $ld->Connect() ) {
# We are searching a specific entry here
# Example: cn=bob,ou=it,o=ads
$ld->BaseDN ( $dn );
# Extract the CN (common name): $cn = "cn=bob"
$cn = explode (",", $dn);
# Set the filter to: cn=bob
$ld->Filter ( $cn[0] );
# Provide a list of attributes we want back from search
$attrs = "fullname,cn,title,description,l,ou,telephonenumber,cellulartelephonenumber,street,physicaldeliveryofficename,st,postalcode,mail,grpwebadmin,grphelpdesk,";
$attrs.= "grpindexeditor,grpsuperintendent,grpdirector,grpcoordinator,grphr,webfontface,webfontsize,webfontcolor,webcolor,webcolorhl,webfont,";
$attrs.= "webtextcolor,weblinkcolor,webvlinkcolor,webalinkcolor,webbgcolor";
# Set the list
$ld->Attrs ( $attrs );
# Start the search: uses $ld->Filter and ld->Attrs to determine the search params
if ( $res = $ld->Search ("BASE") ) {
# Do we find anything?
if ( $ld->Count ( $res ) == 1 ) {
# Get the first record ( in this instance, there should only be one
$entry = $ld->First ( $res );
# Get all the attributes for this entry
$attrs = $ld->AllAttrs ( $entry );
return $attrs;
/* $attrs looks like:
$attrs["fullname"]
$attrs["cn"]
$attrs["title"]
$attrs["description"]
etc.....
*/
}
# Free some memory
$ld->Free ( $res );
}
# Close our connection
$ld->Close();
} else {
echo $ld->lasterror();
}
# We pass in an csv of new vals and a DN of the entry to modify
function update_user_info( $newvals, $dn ) {
global $ld;
# Secure bind so we can modify an entry
if ( $ld->SConnect() ) {
$nvals = explode (",", $newvals);
# $mods is our array of modifications
# First element must be the DN to modify
$mods["dn"] = $dn;
$mods["fullname"] = trim($nvals[0]);
$mods["title"] = trim($nvals[1]);
$mods["telephonenumber"] = trim($nvals[2]);
$mods["cellulartelephonenumber"] = trim($nvals[3]);
if ( !$ld->Modify ( $mods ) ) {
echo $ld->lasterror();
}
# Close our connection
$ld->Close();
}
}
?>
|
|
|
Rate This Script
|
|
|
|
Store
Your email: