17.8.1 Problem
17.8.2 Solution
$ds = ldap_connect('ldap.example.com') or die($php_errormsg);
ldap_bind($ds) or die($php_errormsg);
$sr = ldap_search($ds, 'o=Example Inc., c=US', 'sn=*') or die($php_errormsg);
$e = ldap_get_entries($ds, $sr) or die($php_errormsg);
for ($i=0; $i < $e['count']; $i++) {
echo $info[$i]['cn'][0] . ' (' . $info[$i]['mail'][0] . ')<br>';
}
ldap_close($ds) or die($php_errormsg);
17.8.3 Discussion
LDAP stands for Lightweight Directory
Access Protocol. An LDAP server stores directory information, such as names and
addresses, and allows you to query it for results. In many ways, it's like a
database, except that it's optimized for storing information about people.
In addition, instead of the flat structure provided by a
database, an LDAP server allows you to organize people in a hierarchical
fashion. For example, employees may be divided into marketing, technical, and
operations divisions, or they can be split regionally into North America,
Europe, and Asia. This makes it easy to find all employees of a particular
subset of a company.
When using LDAP, the address repository is
called as a data source. Each entry in the repository has a globally unique identifier, known as a
distinguished name. The distinguished name includes both a person's name,
but also their company information. For instance, John Q. Smith, who works at
Example Inc., a U.S. company has a distinguished name of cn=John Q. Smith,
o=Example Inc., c=US. In LDAP, cn stands for common
name, o for organization, and c for country.
You must enable
PHP's LDAP support with --with-ldap. You can
download an LDAP server from http://www.openldap.org. This recipe assumes basic knowledge
about LDAP. For more information, read the articles on the O'Reilly Network at
http://www.onlamp.com/topics/apache/ldap.
Communicating with an LDAP server requires four steps: connecting,
authenticating, searching records, and logging off. Besides searching, you can
also add, alter, and delete records.
The opening transactions require you to connect to an specific
LDAP server and then authenticate yourself in a process known as
binding:
$ds = ldap_connect('ldap.example.com') or die($php_errormsg);
ldap_bind($ds) or die($php_errormsg);
Passing only the connection handle, $ds, to
ldap_bind( ) does an
anonymous bind. To bind with a specific username and password, pass them as the
second and third parameters, like so:
ldap_bind($ds, $username, $password) or die($php_errormsg);
Once logged in, you can request information. Because the
information is arranged in a hierarchy, you need to indicate the base
distinguished name as the second parameter. Finally, you pass in the search
criteria. For example, here's how to find all people with a surname of
Jones at company Example Inc. located in the country
US:
$sr = ldap_search($ds, 'o=Example Inc., c=US', 'sn=Jones') or die($php_errormsg); $e = ldap_get_entries($ds, $sr) or die($php_errormsg);
Once
ldap_search( ) returns
results, use ldap_get_entries( ) to retrieve the specific data records.
Then iterate through the array of entries, $e:
for ($i=0; $i < $e['count']; $i++) {
echo $e[$i]['cn'][0] . ' (' . $e[$i]['mail'][0] . ')<br>';
}
Instead of doing count($e), use the precomputed record
size located in $e['count']. Inside the loop, print the first common
name and email address for each record. For example:
David Sklar (sklar@example.com) Adam Trachtenberg (adam@example.com)
The ldap_search( ) function searches the entire tree
equal to and below the distinguished name base. To restrict the results to a
specific level, use ldap_list( ). Because the
search takes place over a smaller set of records, ldap_list( ) can be
significantly faster than ldap_search( ).
