/**
* Batch modifies the specified LDAP entry.
*
* @param string $dn
* @param array $entry
*
* @return bool
*/
public function modifyBatch($dn, array $entry)
{
if ($this->suppressErrors) {
return @ldap_modify_batch($this->getConnection(), $dn, $entry);
}
return ldap_modify_batch($this->getConnection(), $dn, $entry);
}
/**
* {@inheritdoc}
*/
public function modifyBatch($dn, array $values)
{
return ldap_modify_batch($this->getConnection(), $dn, $values);
}
<?php
require "connect.inc";
$link = ldap_connect_and_bind($host, $port, $user, $passwd, $protocol_version);
insert_dummy_data($link);
$mods = array(array("attrib" => "telephoneNumber", "modtype" => LDAP_MODIFY_BATCH_ADD, "values" => array("+1 555 5551717")), array("attrib" => "sn", "modtype" => LDAP_MODIFY_BATCH_REPLACE, "values" => array("Brown-Smith")), array("attrib" => "description", "modtype" => LDAP_MODIFY_BATCH_REMOVE_ALL));
var_dump(ldap_modify_batch($link, "cn=userA,dc=my-domain,dc=com", $mods), ldap_get_entries($link, ldap_search($link, "dc=my-domain,dc=com", "(sn=Brown-Smith)")));
?>
===DONE===
<?php
require "connect.inc";
$link = ldap_connect_and_bind($host, $port, $user, $passwd, $protocol_version);
remove_dummy_data($link);
<?php
require "connect.inc";
$link = ldap_connect_and_bind($host, $port, $user, $passwd, $protocol_version);
$addGivenName = array(array("attrib" => "givenName", "modtype" => LDAP_MODIFY_BATCH_ADD, "values" => array("Jack")));
// Too few parameters
var_dump(ldap_modify_batch());
var_dump(ldap_modify_batch($link));
var_dump(ldap_modify_batch($link, "{$base}"));
// Too many parameters
var_dump(ldap_modify_batch($link, "{$base}", $addGivenName, "Invalid additional parameter"));
// DN not found
var_dump(ldap_modify_batch($link, "cn=not-found,{$base}", $addGivenName));
// Invalid DN
var_dump(ldap_modify_batch($link, "weirdAttribute=val", $addGivenName));
// prepare
$entry = array("objectClass" => array("top", "dcObject", "organization"), "dc" => "my-domain", "o" => "my-domain");
ldap_add($link, "dc=my-domain,{$base}", $entry);
// invalid domain
$mods = array(array("attrib" => "dc", "modtype" => LDAP_MODIFY_BATCH_REPLACE, "values" => array("Wrong Domain")));
var_dump(ldap_modify_batch($link, "dc=my-domain,{$base}", $mods));
// invalid attribute
$mods = array(array("attrib" => "weirdAttribute", "modtype" => LDAP_MODIFY_BATCH_ADD, "values" => array("weirdVal", "anotherWeirdval")));
var_dump(ldap_modify_batch($link, "dc=my-domain,{$base}", $mods));
?>
===DONE===
<?php
require "connect.inc";
$link = ldap_connect_and_bind($host, $port, $user, $passwd, $protocol_version);
$addGivenName = array(array("attrib" => "givenName", "modtype" => LDAP_MODIFY_BATCH_ADD, "values" => array("Jack")));
// Too few parameters
var_dump(ldap_modify_batch());
var_dump(ldap_modify_batch($link));
var_dump(ldap_modify_batch($link, "dc=my-domain,dc=com"));
// Too many parameters
var_dump(ldap_modify_batch($link, "dc=my-domain,dc=com", $addGivenName, "Invalid additional parameter"));
// DN not found
var_dump(ldap_modify_batch($link, "dc=my-domain,dc=com", $addGivenName));
// Invalid DN
var_dump(ldap_modify_batch($link, "weirdAttribute=val", $addGivenName));
// prepare
$entry = array("objectClass" => array("top", "dcObject", "organization"), "dc" => "my-domain", "o" => "my-domain");
ldap_add($link, "dc=my-domain,dc=com", $entry);
// invalid domain
$mods = array(array("attrib" => "dc", "modtype" => LDAP_MODIFY_BATCH_REPLACE, "values" => array("Wrong Domain")));
var_dump(ldap_modify_batch($link, "dc=my-domain,dc=com", $mods));
// invalid attribute
$mods = array(array("attrib" => "weirdAttribute", "modtype" => LDAP_MODIFY_BATCH_ADD, "values" => array("weirdVal", "anotherWeirdval")));
var_dump(ldap_modify_batch($link, "dc=my-domain,dc=com", $mods));
?>
===DONE===
<?php
require "connect.inc";
$link = ldap_connect_and_bind($host, $port, $user, $passwd, $protocol_version);
ldap_delete($link, "dc=my-domain,dc=com");
/**
* Modify an existing entry in the LDAP directory
*
* Allows detailed specification of the modifications to perform.
*
* Example:
*
* $modifs = array(
* array(
* "attrib" => "telephoneNumber",
* "modtype" => Ldap::MODIFY_BATCH_ADD,
* "values" => array("+420 777 111 222")
* )
* );
* $ldap->modifyBatch("cn=Robert Rossmann,dc=example,dc=com", $modifs);
*
* @since PHP ~5.4.26, >=5.5.10
* @param string $dn The distinguished name of an LDAP entity
* @param array $entry Modification specifications
* @return self
*
* @see https://wiki.php.net/rfc/ldap_modify_batch
*/
public function modifyBatch($dn, array $entry)
{
if (!function_exists('ldap_modify_batch')) {
// Bail out, can't work our magic!
trigger_error('ldap_modify_batch() is only available in PHP ~5.4.26 or >=5.5.10', E_USER_ERROR);
}
@ldap_modify_batch($this->resource, $dn, $entry);
$this->verifyOperation();
return $this;
}
"attrib" => "telephoneNumber",
"modtype" => LDAP_MODIFY_BATCH_ADD,
"values" => array(
"+1 555 5551717"
)
),
array(
"attrib" => "sn",
"modtype" => LDAP_MODIFY_BATCH_REPLACE,
"values" => array("Brown-Smith")
),
array(
"attrib" => "description",
"modtype" => LDAP_MODIFY_BATCH_REMOVE_ALL
)
);
var_dump(
ldap_modify_batch($link, "cn=userA,$base", $mods),
ldap_get_entries($link, ldap_search($link, "$base", "(sn=Brown-Smith)"))
);
?>
===DONE===
<?php
require "connect.inc";
$link = ldap_connect_and_bind($host, $port, $user, $passwd, $protocol_version);
remove_dummy_data($link, $base);
?>
<?php
require "connect.inc";
$link = ldap_connect_and_bind($host, $port, $user, $passwd, $protocol_version);
insert_dummy_data($link, $base);
$mods = array(array("attrib" => "telephoneNumber", "modtype" => LDAP_MODIFY_BATCH_ADD, "values" => array("+1 555 5551717")), array("attrib" => "sn", "modtype" => LDAP_MODIFY_BATCH_REPLACE, "values" => array("Brown-Smith")), array("attrib" => "description", "modtype" => LDAP_MODIFY_BATCH_REMOVE_ALL));
var_dump(ldap_modify_batch($link, "cn=userA,{$base}", $mods), ldap_get_entries($link, ldap_search($link, "{$base}", "(sn=Brown-Smith)")));
?>
===DONE===
/**
* @link http://php.net/manual/en/function.ldap-modify-batch.php
* @param $linkIdentifier
* @param $dn
* @param $entry
*/
public function modifyBatch($linkIdentifier, $dn, $entry)
{
ldap_modify_batch($linkIdentifier, $dn, $entry);
}
/**
* Batch modifies an existing entry on the current connection.
* The types of modifications:
* LDAP_MODIFY_BATCH_ADD - Each value specified through values is added.
* LDAP_MODIFY_BATCH_REMOVE - Each value specified through values is removed.
* Any value of the attribute not contained in the values array will remain untouched.
* LDAP_MODIFY_BATCH_REMOVE_ALL - All values are removed from the attribute named by attrib.
* LDAP_MODIFY_BATCH_REPLACE - All current values are replaced by new one.
* @param string $dn
* @param array $values array associative with three keys: "attrib", "modtype" and "values".
* ```php
* [
* "attrib" => "attribute",
* "modtype" => LDAP_MODIFY_BATCH_ADD,
* "values" => ["attribute value one"],
* ],
* ```
* @return mixed
*/
public function modify($dn, array $values)
{
return ldap_modify_batch($this->resource, $dn, $values);
}
/**
* @param string $dn
* @param Modification[] $modifications
* @throws FeatureUnavailableException
* @throws UnavailableException
* @throws WriteFailureException
*/
public function modifyBatch($dn, array $modifications)
{
if (!function_exists('ldap_modify_batch')) {
throw new FeatureUnavailableException('The ldap_modify_batch() function is not available on this system');
}
$this->checkBound();
$ops = [];
foreach ($modifications as $key => $modification) {
if (!$modification instanceof Modification) {
throw new InvalidValueSetException('$modifications must be an array of Modification instances');
} else {
if (!isset($modification->attributeName)) {
throw new IncompleteModificationException('Modification ' . $key . ' does not define an attribute');
} else {
if (!isset($modification->operation)) {
throw new IncompleteModificationException('Modification ' . $key . ' does not define an operation');
}
}
}
$op = ['attrib' => $modification->attributeName, 'modtype' => $modification->operation];
if (!isset($modification->values) && $modification->operation !== Modification::OP_REMOVE_ALL) {
throw new IncompleteModificationException('Modification ' . $key . ' does not define a value set');
}
if (isset($modification->values)) {
$op['values'] = $modification->values;
}
$ops[] = $op;
}
if (!ldap_modify_batch($this->link, $dn, $ops)) {
throw new WriteFailureException(ldap_error($this->link), ldap_errno($this->link));
}
}
function change_password($ldap, $dn, $password, $ad_mode, $ad_options, $samba_mode, $samba_options, $shadow_options, $hash, $hash_options, $who_change_password, $oldpassword)
{
$result = "";
$time = time();
# Set Samba password value
if ($samba_mode) {
$userdata["sambaNTPassword"] = make_md4_password($password);
$userdata["sambaPwdLastSet"] = $time;
if (isset($samba_options['min_age']) && $samba_options['min_age'] > 0) {
$userdata["sambaPwdCanChange"] = $time + $samba_options['min_age'] * 86400;
}
if (isset($samba_options['max_age']) && $samba_options['max_age'] > 0) {
$userdata["sambaPwdMustChange"] = $time + $samba_options['max_age'] * 86400;
}
}
# Get hash type if hash is set to auto
if (!$ad_mode && $hash == "auto") {
$search_userpassword = ldap_read($ldap, $dn, "(objectClass=*)", array("userPassword"));
if ($search_userpassword) {
$userpassword = ldap_get_values($ldap, ldap_first_entry($ldap, $search_userpassword), "userPassword");
if (isset($userpassword)) {
if (preg_match('/^\\{(\\w+)\\}/', $userpassword[0], $matches)) {
$hash = strtoupper($matches[1]);
}
}
}
}
# Transform password value
if ($ad_mode) {
$password = make_ad_password($password);
} else {
# Hash password if needed
if ($hash == "SSHA") {
$password = make_ssha_password($password);
}
if ($hash == "SHA") {
$password = make_sha_password($password);
}
if ($hash == "SMD5") {
$password = make_smd5_password($password);
}
if ($hash == "MD5") {
$password = make_md5_password($password);
}
if ($hash == "CRYPT") {
$password = make_crypt_password($password, $hash_options);
}
}
# Set password value
if ($ad_mode) {
$userdata["unicodePwd"] = $password;
if ($ad_options['force_unlock']) {
$userdata["lockoutTime"] = 0;
}
if ($ad_options['force_pwd_change']) {
$userdata["pwdLastSet"] = 0;
}
} else {
$userdata["userPassword"] = $password;
}
# Shadow options
if ($shadow_options['update_shadowLastChange']) {
$userdata["shadowLastChange"] = floor($time / 86400);
}
# Commit modification on directory
# Special case: AD mode with password changed as user
if ($ad_mode and $who_change_password === "user") {
# The AD password change procedure is modifying the attribute unicodePwd by
# first deleting unicodePwd with the old password and them adding it with the
# the new password
$oldpassword = make_ad_password($oldpassword);
$modifications = array(array("attrib" => "unicodePwd", "modtype" => LDAP_MODIFY_BATCH_REMOVE, "values" => array($oldpassword)), array("attrib" => "unicodePwd", "modtype" => LDAP_MODIFY_BATCH_ADD, "values" => array($password)));
$bmod = ldap_modify_batch($ldap, $dn, $modifications);
} else {
# Else just replace with new password
$replace = ldap_mod_replace($ldap, $dn, $userdata);
}
$errno = ldap_errno($ldap);
if ($errno) {
$result = "passworderror";
error_log("LDAP - Modify password error {$errno} (" . ldap_error($ldap) . ")");
} else {
$result = "passwordchanged";
}
return $result;
}
