/**
* Read an LDAP entry.
*
* @param resource $ds
* LDAP connection resource.
* @param resource $entryId
* LDAP entry resource.
* @param string[] $binaryFields
* Names of binary attributes.
*
* @return array
* Attributes for an LDAP entry.
*/
public static function readEntry($ds, $entryId, $binaryFields = array())
{
$data = array();
for ($attribute = ldap_first_attribute($ds, $entryId, $attributeId); $attribute !== false; $attribute = ldap_next_attribute($ds, $entryId, $attributeId)) {
$fieldValues = ldap_get_values($ds, $entryId, $attribute);
if (in_array($attribute, $binaryFields)) {
$fieldValues = ldap_get_values_len($ds, $entryId, $attribute);
}
if ($fieldValues['count'] == 1) {
$data[$attribute] = $fieldValues[0];
} else {
for ($i = 0; $i < $fieldValues['count']; $i++) {
$data[$attribute][$i] = $fieldValues[$i];
}
}
}
return $data;
}
/**
* Sets the internal attributes array
*
* This fetches the values for the attributes from the server.
* The attribute Syntax will be checked so binary attributes will be returned
* as binary values.
*
* Attributes may be passed directly via the $attributes parameter to setup this
* entry manually. This overrides attribute fetching from the server.
*
* @param array $attributes Attributes to set for this entry
*
* @access protected
* @return void
*/
protected function setAttributes($attributes = null)
{
/*
* fetch attributes from the server
*/
if (is_null($attributes) && is_resource($this->_entry) && is_resource($this->_link)) {
// fetch schema
if ($this->_ldap instanceof Net_LDAP2) {
$schema =& $this->_ldap->schema();
}
// fetch attributes
$attributes = array();
do {
if (empty($attr)) {
$ber = null;
$attr = @ldap_first_attribute($this->_link, $this->_entry, $ber);
} else {
$attr = @ldap_next_attribute($this->_link, $this->_entry, $ber);
}
if ($attr) {
$func = 'ldap_get_values';
// standard function to fetch value
// Try to get binary values as binary data
if ($schema instanceof Net_LDAP2_Schema) {
if ($schema->isBinary($attr)) {
$func = 'ldap_get_values_len';
}
}
// fetch attribute value (needs error checking?)
$attributes[$attr] = $func($this->_link, $this->_entry, $attr);
}
} while ($attr);
}
/*
* set attribute data directly, if passed
*/
if (is_array($attributes) && count($attributes) > 0) {
if (isset($attributes["count"]) && is_numeric($attributes["count"])) {
unset($attributes["count"]);
}
foreach ($attributes as $k => $v) {
// attribute names should not be numeric
if (is_numeric($k)) {
continue;
}
// map generic attribute name to real one
$this->_map[strtolower($k)] = $k;
// attribute values should be in an array
if (false == is_array($v)) {
$v = array($v);
}
// remove the value count (comes from ldap server)
if (isset($v["count"])) {
unset($v["count"]);
}
$this->_attributes[$k] = $v;
}
}
// save a copy for later use
$this->_original = $this->_attributes;
}
/**
* @param array $attrs An array of names of desired attributes
* @return array An array of the attributes representing the account
* @throws Zend_Ldap_Exception
*/
private function _getAccount($acctname, $attrs = null)
{
$baseDn = $this->_getBaseDn();
if (!$baseDn) {
/**
* @see Zend_Ldap_Exception
*/
require_once 'Zend/Ldap/Exception.php';
throw new Zend_Ldap_Exception(null, 'Base DN not set');
}
$accountFilter = $this->_getAccountFilter($acctname);
if (!$accountFilter) {
/**
* @see Zend_Ldap_Exception
*/
require_once 'Zend/Ldap/Exception.php';
throw new Zend_Ldap_Exception(null, 'Invalid account filter');
}
if (!is_resource($this->_resource))
$this->bind();
$resource = $this->_resource;
$str = $accountFilter;
$code = 0;
/**
* @todo break out search operation into simple function (private for now)
*/
if (!extension_loaded('ldap')) {
/**
* @see Zend_Ldap_Exception
*/
require_once 'Zend/Ldap/Exception.php';
throw new Zend_Ldap_Exception(null, 'LDAP extension not loaded');
}
$result = @ldap_search($resource,
$baseDn,
$accountFilter,
$attrs);
if (is_resource($result) === true) {
$count = @ldap_count_entries($resource, $result);
if ($count == 1) {
$entry = @ldap_first_entry($resource, $result);
if ($entry) {
$acct = array('dn' => @ldap_get_dn($resource, $entry));
$name = @ldap_first_attribute($resource, $entry, $berptr);
while ($name) {
$data = @ldap_get_values_len($resource, $entry, $name);
$acct[$name] = $data;
$name = @ldap_next_attribute($resource, $entry, $berptr);
}
@ldap_free_result($result);
return $acct;
}
} else if ($count == 0) {
/**
* @see Zend_Ldap_Exception
*/
require_once 'Zend/Ldap/Exception.php';
$code = Zend_Ldap_Exception::LDAP_NO_SUCH_OBJECT;
} else {
/**
* @todo limit search to 1 record and remove some of this logic?
*/
$resource = null;
$str = "$accountFilter: Unexpected result count: $count";
/**
* @see Zend_Ldap_Exception
*/
require_once 'Zend/Ldap/Exception.php';
$code = Zend_Ldap_Exception::LDAP_OPERATIONS_ERROR;
}
@ldap_free_result($result);
}
/**
* @see Zend_Ldap_Exception
*/
require_once 'Zend/Ldap/Exception.php';
throw new Zend_Ldap_Exception($resource, $str, $code);
}
/**
* Sets the internal attributes array.
*
* This method fetches the values for the attributes from the server. The
* attribute syntax will be checked so binary attributes will be returned
* as binary values.
*
* Attributes may be passed directly via the $attributes parameter to setup
* this entry manually. This overrides attribute fetching from the server.
*
* @param array $attributes Attributes to set for this entry.
*/
protected function _loadAttributes(array $attributes = null)
{
/* Fetch attributes from the server. */
if (is_null($attributes) && is_resource($this->_entry) && is_resource($this->_link)) {
/* Fetch schema. */
if ($this->_ldap instanceof Horde_Ldap) {
try {
$schema = $this->_ldap->schema();
} catch (Horde_Ldap_Exception $e) {
$schema = null;
}
}
/* Fetch attributes. */
$attributes = array();
for ($attr = @ldap_first_attribute($this->_link, $this->_entry); $attr; $attr = @ldap_next_attribute($this->_link, $this->_entry)) {
/* Standard function to fetch value. */
$func = 'ldap_get_values';
/* Try to get binary values as binary data. */
if ($schema instanceof Horde_Ldap_Schema && $schema->isBinary($attr)) {
$func = 'ldap_get_values_len';
}
/* Fetch attribute value (needs error checking?) . */
$attributes[$attr] = $func($this->_link, $this->_entry, $attr);
}
}
/* Set attribute data directly, if passed. */
if (is_array($attributes) && count($attributes) > 0) {
if (isset($attributes['count']) && is_numeric($attributes['count'])) {
unset($attributes['count']);
}
foreach ($attributes as $k => $v) {
/* Attribute names should not be numeric. */
if (is_numeric($k)) {
continue;
}
/* Map generic attribute name to real one. */
$this->_map[Horde_String::lower($k)] = $k;
/* Attribute values should be in an array. */
if (false == is_array($v)) {
$v = array($v);
}
/* Remove the value count (comes from LDAP server). */
if (isset($v['count'])) {
unset($v['count']);
}
$this->_attributes[$k] = $v;
}
}
/* Save a copy for later use. */
$this->_original = $this->_attributes;
}
<?php
require "connect.inc";
$link = ldap_connect_and_bind($host, $port, $user, $passwd, $protocol_version);
insert_dummy_data($link, $base);
$result = ldap_search($link, "{$base}", "(objectclass=organization)", array("objectClass"));
$entry = ldap_first_entry($link, $result);
var_dump(ldap_first_attribute($link, $entry));
?>
===DONE===
<?php
require "connect.inc";
$link = ldap_connect_and_bind($host, $port, $user, $passwd, $protocol_version);
insert_dummy_data($link, $base);
$result = ldap_search($link, "$base", "(objectclass=organization)", array("objectClass"));
$entry = ldap_first_entry($link, $result);
var_dump(
ldap_first_attribute($link, $entry)
);
?>
===DONE===
<?php
include "connect.inc";
$link = ldap_connect_and_bind($host, $port, $user, $passwd, $protocol_version);
remove_dummy_data($link, $base);
?>
/**
* Advances focus to next attribute in current entry.
*
* @return attribute|false next attribute in entry, false at end of attribute set
*/
public function next()
{
if ($this->cursor) {
$name = @ldap_next_attribute($this->link, $this->node);
$this->cursor = $name !== false;
} else {
if ($this->cursor === null) {
$name = @ldap_first_attribute($this->link, $this->node);
$this->cursor = $name !== false;
}
}
if (!$this->cursor) {
return $this->current = false;
}
return $this->current = new attribute($this, $name);
}
function pla_ldap_search($server_id, $filter, $base_dn = null, $attrs = array(), $scope = 'sub', $sort_results = true)
{
global $servers;
if (!check_server_id($server_id)) {
return false;
}
if ($base_dn == null) {
$base_dn = $servers[$server_id]['base'];
}
$ds = pla_ldap_connect($server_id);
if (!$ds) {
return false;
}
switch ($scope) {
case 'base':
$search = @ldap_read($ds, $base_dn, $filter, $attrs, 0, 200, 0, LDAP_DEREF_ALWAYS);
break;
case 'one':
$search = @ldap_list($ds, $base_dn, $filter, $attrs, 0, 200, 0, LDAP_DEREF_ALWAYS);
break;
case 'sub':
default:
$search = @ldap_search($ds, $base_dn, $filter, $attrs, 0, 200, 0, LDAP_DEREF_ALWAYS);
break;
}
if (!$search) {
return array();
}
//get the first entry identifier
if ($entry_id = ldap_first_entry($ds, $search)) {
//iterate over the entries
while ($entry_id) {
//get the distinguished name of the entry
$dn = ldap_get_dn($ds, $entry_id);
//get the attributes of the entry
$attrs = ldap_get_attributes($ds, $entry_id);
$return[$dn]['dn'] = $dn;
//get the first attribute of the entry
if ($attr = ldap_first_attribute($ds, $entry_id, $attrs)) {
//iterate over the attributes
while ($attr) {
if (is_attr_binary($server_id, $attr)) {
$values = ldap_get_values_len($ds, $entry_id, $attr);
} else {
$values = ldap_get_values($ds, $entry_id, $attr);
}
//get the number of values for this attribute
$count = $values['count'];
unset($values['count']);
if ($count == 1) {
$return[$dn][$attr] = $values[0];
} else {
$return[$dn][$attr] = $values;
}
$attr = ldap_next_attribute($ds, $entry_id, $attrs);
}
}
// end while attr
$entry_id = ldap_next_entry($ds, $entry_id);
}
}
// end while entry_id
if ($sort_results && is_array($return)) {
ksort($return);
}
return $return;
}
/**
* Return the current result item
* Implements Iterator
*
* @return array
* @throws Zend_Ldap_Exception
*/
public function current()
{
if (!is_resource($this->_current) || !is_string($this->_currentDn)) {
return null;
}
$entry = array('dn' => $this->_currentDn);
$ber_identifier = null;
$name = @ldap_first_attribute($this->_ldap->getResource(), $this->_current, $ber_identifier);
while ($name) {
$data = @ldap_get_values_len($this->_ldap->getResource(), $this->_current, $name);
unset($data['count']);
$entry[strtolower($name)] = $data;
$name = @ldap_next_attribute($this->_ldap->getResource(), $this->_current, $ber_identifier);
}
ksort($entry, SORT_LOCALE_STRING);
return $entry;
}
/**
* A handy ldap searching function very similar to PHP's ldap_search() with the
* following exceptions: Callers may specify a search scope and the return value
* is an array containing the search results rather than an LDAP result resource.
*
* Example usage:
* <code>
* $samba_users = $ldapserver->search(null,"ou=People,dc=example,dc=com",
* "(&(objectClass=sambaAccount)(objectClass=posixAccount))",
* array("uid","homeDirectory"));
* print_r( $samba_users );
*
* // prints (for example):
* // Array
* // (
* // [uid=jsmith,ou=People,dc=example,dc=com] => Array
* // (
* // [dn] => "uid=jsmith,ou=People,dc=example,dc=com"
* // [uid] => "jsmith"
* // [homeDirectory] => "\\server\jsmith"
* // )
* // [uid=byoung,ou=People,dc=example,dc=com] => Array
* // (
* // [dn] => "uid=byoung,ou=Samba,ou=People,dc=example,dc=com"
* // [uid] => "byoung"
* // [homeDirectory] => "\\server\byoung"
* // )
* // )
* </code>
*
* WARNING: This function will use a lot of memory on large searches since the entire result set is
* stored in a single array. For large searches, you should consider sing the less memory intensive
* PHP LDAP API directly (ldap_search(), ldap_next_entry(), ldap_next_attribute(), etc).
*
* @param resource $resource If an existing LDAP results should be used.
* @param string $filter The LDAP filter to use when searching (example: "(objectClass=*)") (see RFC 2254)
* @param string $base_dn The DN of the base of search.
* @param array $attrs An array of attributes to include in the search result (example: array( "objectClass", "uid", "sn" )).
* @param string $scope The LDAP search scope. Must be one of "base", "one", or "sub". Standard LDAP search scope.
* @param bool $sort_results Specify false to not sort results by DN or true to have the
* returned array sorted by DN (uses ksort)
* @param int $deref When handling aliases or referrals, this specifies whether to follow referrals. Must be one of
* LDAP_DEREF_ALWAYS, LDAP_DEREF_NEVER, LDAP_DEREF_SEARCHING, or LDAP_DEREF_FINDING. See the PHP LDAP API for details.
* @param int $size_limit Size limit for search
* @todo: Add entries to tree cache.
*/
function search($resource = null, $base_dn = null, $filter, $attrs = array(), $scope = 'sub', $sort_results = true, $deref = LDAP_DEREF_NEVER, $size_limit = 0)
{
if (DEBUG_ENABLED) {
debug_log('%s::search(): Entered with (%s,%s,%s,%s,%s,%s,%s)', 17, get_class($this), is_resource($this), $base_dn, $filter, $attrs, $scope, $sort_results, $deref);
}
# If we dont have a resource, we'll connect with default settings
if (!is_resource($resource)) {
$resource = $this->connect(false);
}
# If the baseDN is null, we'll just search the first DN.
if (is_null($base_dn)) {
foreach ($this->getBaseDN() as $baseDN) {
$base_dn = $baseDN;
break;
}
}
if (DEBUG_ENABLED) {
debug_log('%s::search(): %s search PREPARE.', 16, get_class($this), $scope);
}
switch ($scope) {
case 'base':
$search = @ldap_read($resource, $base_dn, $filter, $attrs, 0, $size_limit, 0, $deref);
break;
case 'one':
$search = @ldap_list($resource, $base_dn, $filter, $attrs, 0, $size_limit, 0, $deref);
break;
case 'sub':
default:
$search = @ldap_search($resource, $base_dn, $filter, $attrs, 0, $size_limit, 0, $deref);
break;
}
if (DEBUG_ENABLED) {
debug_log('%s::search(): %s search from base [%s] with [%s] for [%s] COMPLETE ().', 16, get_class($this), $scope, $base_dn, $filter, $attrs, is_null($search));
}
if (!$search) {
return array();
}
$return = array();
# Get the first entry identifier
if ($entry_id = ldap_first_entry($resource, $search)) {
# Iterate over the entries
while ($entry_id) {
# Get the distinguished name of the entry
$dn = ldap_get_dn($resource, $entry_id);
$return[$dn]['dn'] = $dn;
# Get the attributes of the entry
$attrs = ldap_get_attributes($resource, $entry_id);
# Get the first attribute of the entry
if ($attr = ldap_first_attribute($resource, $entry_id, $attrs)) {
# Iterate over the attributes
while ($attr) {
if ($this->isAttrBinary($attr)) {
$values = ldap_get_values_len($resource, $entry_id, $attr);
} else {
$values = ldap_get_values($resource, $entry_id, $attr);
}
# Get the number of values for this attribute
$count = $values['count'];
unset($values['count']);
if ($count == 1) {
$return[$dn][$attr] = $values[0];
} else {
$return[$dn][$attr] = $values;
}
$attr = ldap_next_attribute($resource, $entry_id, $attrs);
}
}
# end while attr
$entry_id = ldap_next_entry($resource, $entry_id);
}
}
# End while entry_id
if ($sort_results && is_array($return)) {
ksort($return);
}
if (DEBUG_ENABLED) {
debug_log('%s::search(): Returning (%s)', 17, get_class($this), $return);
}
return $return;
}
<?php
$ldap_server = "ldaps://ldap.tufts.edu";
$ldap_conn = ldap_connect($ldap_server, 389) or die("Could not connect");
$base = "ou=people,dc=tufts,dc=edu";
$filter = "uid=" . $_POST["user"];
$attr = array("cn");
$search = ldap_search($ldap_conn, $base, $filter);
$first = ldap_first_entry($ldap_conn, $search);
$cn = ldap_first_attribute($ldap_conn, $first);
$dn = ldap_get_dn($ldap_conn, $first);
if (ldap_bind($ldap_conn, $dn, $_POST["pass"])) {
session_start();
$_SESSION['user'] = $_POST["user"];
$_SESSION['name'] = $cn;
header("Location: index.php");
} else {
header("Location: login.html");
exit;
}
/**
* @link http://php.net/manual/en/function.ldap-first-attribute.php
* @param $linkIdentifier
* @param $resultEntryIdentifier
* @return string
*/
public function firstAttribute($linkIdentifier, $resultEntryIdentifier)
{
return ldap_first_attribute($linkIdentifier, $resultEntryIdentifier);
}
/**
* Retrieves the ldap first entry attribute.
* @param resource $entry
* @return string
*/
public function getFirstAttribute($entry)
{
return ldap_first_attribute($this->resource, $entry);
}
<?php require "connect.inc"; $link = ldap_connect($host, $port); var_dump(ldap_first_attribute($link)); var_dump(ldap_first_attribute($link, $link)); ?> ===DONE===
/**
* Return the current result item
* Implements Iterator
*
* @return array|null
* @throws Zend_Ldap_Exception
*/
public function current()
{
if (!is_resource($this->_current)) {
$this->rewind();
}
if (!is_resource($this->_current)) {
return null;
}
$entry = array('dn' => $this->key());
$ber_identifier = null;
$name = @ldap_first_attribute($this->_ldap->getResource(), $this->_current, $ber_identifier);
while ($name) {
$data = @ldap_get_values_len($this->_ldap->getResource(), $this->_current, $name);
unset($data['count']);
switch ($this->_attributeNameTreatment) {
case self::ATTRIBUTE_TO_LOWER:
$attrName = strtolower($name);
break;
case self::ATTRIBUTE_TO_UPPER:
$attrName = strtoupper($name);
break;
case self::ATTRIBUTE_NATIVE:
$attrName = $name;
break;
default:
$attrName = call_user_func($this->_attributeNameTreatment, $name);
break;
}
$entry[$attrName] = $data;
$name = @ldap_next_attribute($this->_ldap->getResource(), $this->_current, $ber_identifier);
}
ksort($entry, SORT_LOCALE_STRING);
return $entry;
}
/**
* Return the name of the first attribute
*
* Returns the name of the first attribute in the entry on success or failure on error
*
* @link http://www.php.net/ldap_first_attribute
* @return string
*/
function getFirstAttribute()
{
unset($this->berid);
// Make sure we start over, might not be needed
if ($string = @ldap_first_attribute($this->connection, $this->entry, $this->berid)) {
return $string;
}
$this->setErrVars();
return false;
}
/**
* Return the current result item
* Implements Iterator
*
* @return array|null
* @throws \Zend\Ldap\Exception\LdapException
*/
public function current()
{
if (!is_resource($this->current)) {
$this->rewind();
}
if (!is_resource($this->current)) {
return;
}
$entry = ['dn' => $this->key()];
$resource = $this->ldap->getResource();
ErrorHandler::start();
$name = ldap_first_attribute($resource, $this->current);
ErrorHandler::stop();
while ($name) {
ErrorHandler::start();
$data = ldap_get_values_len($resource, $this->current, $name);
ErrorHandler::stop();
if (!$data) {
$data = [];
}
if (isset($data['count'])) {
unset($data['count']);
}
switch ($this->attributeNameTreatment) {
case self::ATTRIBUTE_TO_LOWER:
$attrName = strtolower($name);
break;
case self::ATTRIBUTE_TO_UPPER:
$attrName = strtoupper($name);
break;
case self::ATTRIBUTE_NATIVE:
$attrName = $name;
break;
default:
$attrName = call_user_func($this->attributeNameTreatment, $name);
break;
}
$entry[$attrName] = $data;
ErrorHandler::start();
$name = ldap_next_attribute($resource, $this->current);
ErrorHandler::stop();
}
ksort($entry, SORT_LOCALE_STRING);
return $entry;
}
<?php
require 'common.php';
$server_id = $_GET['server_id'];
$dn = rawurldecode($_GET['dn']);
$attr = $_GET['attr'];
// if there are multiple values in this attribute, which one do you want to see?
$value_num = isset($_GET['value_num']) ? $_GET['value_num'] : 0;
check_server_id($server_id) or pla_error("Bad server_id: " . htmlspecialchars($server_id));
have_auth_info($server_id) or pla_error("Not enough information to login to server. Please check your configuration.");
$ds = pla_ldap_connect($server_id) or pla_error("Coult not connect to LDAP server.");
$search = ldap_read($ds, $dn, "(objectClass=*)", array($attr), 0, 200, 0, LDAP_DEREF_ALWAYS);
$entry = ldap_first_entry($ds, $search);
$attrs = ldap_get_attributes($ds, $entry);
$attr = ldap_first_attribute($ds, $entry, $attrs);
$values = ldap_get_values_len($ds, $entry, $attr);
$count = $values['count'];
unset($values['count']);
Header("Content-type: octet-stream");
Header("Content-disposition: attachment; filename={$attr}");
header("Expires: Mon, 26 Jul 1997 05:00:00 GMT");
header("Last-Modified: " . gmdate("D, d M Y H:i:s") . " GMT");
echo $values[$value_num];