PHP Internet Services
Looking Up Addresses with LDAP
Problem
You want to query an LDAP server for address information.
Solution
Use PHP’s LDAP extension:
$ds = ldap_connect('ldap.example.com') or die($php_errormsg);
ldap_bind($ds) or die($php_errormsg);
$sr = ldap_search($ds, 'o=Example Inc., c=US', 'sn=*') or die($php_errormsg);
$e = ldap_get_entries($ds, $sr) or die($php_errormsg);
for ($i=0; $i < $e['count']; $i++) {
echo $info[$i]['cn'][0] . ' (' . $info[$i]['mail'][0] . ')<br>';
}
ldap_close($ds) or die($php_errormsg);
Discussion
An LDAP (Lightweight Directory Access Protocol) server stores directory information, such as names and addresses, and allows you to query it for results. In many ways, it’s like a database, except that it’s optimized for storing information about people.
In addition, instead of the flat structure provided by a database, an LDAP server allows you to organize people in a hierarchical fashion. For example, employees may be divided into marketing, technical, and operations divisions, or they can be split regionally into North America, Europe, and Asia. This makes it easy to find all employees of a particular subset of a company.
When using LDAP, the address repository is called as a data source. Each entry in the repository has a globally unique identifier, known as a distinguished name. The distinguished name includes both a person’s name and the company information. For instance, John Q. Smith, who works at Example Inc., a U.S. company, has a distinguished name of cn=John Q. Smith, o=Example Inc., c=US. In LDAP, cn stands for common name, o for organization, and c for country.
You must enable PHP’s LDAP support with --with-ldap. You can download an LDAP server. This recipe assumes basic knowledge about LDAP.
Communicating with an LDAP server requires four steps: connecting, authenticating, searching records, and logging off. Besides searching, you can also add, alter, and delete records.
The opening transactions require you to connect to a specific LDAP server and then authenticate yourself in a process known as binding:
$ds = ldap_connect('ldap.example.com') or die($php_errormsg);
ldap_bind($ds) or die($php_errormsg);
Passing only the connection handle, $ds, to ldap_bind() does an anonymous bind. To bind with a specific username and password, pass them as the second and third parameters, like so:
ldap_bind($ds, $username, $password) or die($php_errormsg);
When you are logged in, you can request information. Because the information is arranged in a hierarchy, you need to indicate the base distinguished name as the second parameter. Finally, you pass in the search criteria. For example, here’s how to find all people with a surname of Jones at company Example Inc. located in the country US:
$sr = ldap_search($ds, 'o=Example Inc., c=US', 'sn=Jones') or die($php_errormsg);
$e = ldap_get_entries($ds, $sr) or die($php_errormsg);
After ldap_search() returns results, use ldap_get_entries() to retrieve the specific data records. Then iterate through the array of entries, $e:
for ($i=0; $i < $e['count']; $i++) {
echo $e[$i]['cn'][0] . ' (' . $e[$i]['mail'][0] . ')<br>';
}
Instead of doing count($e), use the precomputed record size located in $e['count']. Inside the loop, print the first common name and email address for each record. For example:
David Sklar (sklar@example.com)
Adam Trachtenberg (adam@example.com)
The ldap_search() function searches the entire tree equal to and below the distinguished name base. To restrict the results to a specific level, use ldap_list(). Because the search takes place over a smaller set of records, ldap_list() can be significantly faster than ldap_search().
No comments:
Post a Comment