This abstract class provides variables and methods for LDAP datastores for use by PLA.

package phpLDAPadmin
subpackage DataStore

 Methods

Returns an array of MatchingRule objects for the specified server.

MatchingRules($method, $dn) 
Inherited

The key of each entry is the OID of the matching rule.

inherited_from \myldap::MatchingRules()

Parameters

$method

$dn

Gets an associative array of AttributeType objects for the specified server.

SchemaAttributes($method, string $dn) : array
Inherited

Each array entry's key is the name of the attributeType in lower-case and the value is an AttributeType object.

inherited_from \myldap::SchemaAttributes()

Parameters

$method

$dn

string

(optional) It is easier to fetch schema if a DN is provided which defines the subschemaSubEntry attribute (all entries should).

Returns

arrayAn array of AttributeType objects.

Gets an associative array of ObjectClass objects for the specified server.

SchemaObjectClasses($method, string $dn) : array
Inherited

Each array entry's key is the name of the objectClass in lower-case and the value is an ObjectClass object.

see \global\ObjectClass
see \global\getSchemaObjectClass
inherited_from \myldap::SchemaObjectClasses()

Parameters

$method

$dn

string

(optional) It is easier to fetch schema if a DN is provided which defines the subschemaSubEntry attribute (all entries should).

Returns

arrayAn array of ObjectClass objects.

Returns an array of Syntax objects that this LDAP server uses mapped to their descriptions.

SchemaSyntaxes($method, $dn) 
Inherited

The key of each entry is the OID of the Syntax.

inherited_from \myldap::SchemaSyntaxes()

Parameters

$method

$dn

__construct()

__construct($index) 

Parameters

$index

__get()

__get($key) 

Parameters

$key

Add objects

add($dn, $entry_array, $method) 

Parameters

$dn

$entry_array

$method

This function will check whether the value for an attribute being changed is already assigned to another DN.

checkUniqueAttrs(\dn $dn, string $attrs) 

Returns the bad value, or null if all values are OK

Parameters

$dn

\dn

DN that is being changed

$attrs

string

Attribute being changed

Delete objects

delete($dn, $method) 

Parameters

$dn

$method

Gets whether an entry exists based on its DN.

dnExists(string $dn, string $method) : boolean
Inherited

If the entry exists, returns true. Otherwise returns false.

inherited_from \myldap::dnExists()

Parameters

$dn

string

The DN of the entry of interest.

$method

string

Which connection method resource to use

Returns

boolean

Return the authentication type for this object

getAuthType() 
Inherited

inherited_from \DS::getAuthType()
inherited_from \myldap::getAuthType()

Gets the root DN of the specified LDAPServer, or null if it can't find it (ie, the server won't give it to us, or it isnt specified in the configuration file).

getBaseDN(string $method) : array
Inherited

Tested with OpenLDAP 2.0, Netscape iPlanet, and Novell eDirectory 8.7 (nldap.com) Please report any and all bugs!!

Please note: On FC systems, it seems that php_ldap uses /etc/openldap/ldap.conf in the search base if it is blank - so edit that file and comment out the BASE line.

inherited_from \myldap::getBaseDN()

Parameters

$method

string

Which connection method resource to use

Returns

arraydn|null The root DN of the server on success (string) or null on error.

Given a DN string, this returns the parent container portion of the string.

getContainer(string $dn) : string
Inherited

For example. given 'cn=Manager,dc=example,dc=com', this function returns 'dc=example,dc=com'.

inherited_from \myldap::getContainer()

Parameters

$dn

string

The DN whose container string to return.

Returns

stringThe container

Gets a list of child entries for an entry.

getContainerContents(string $dn, string $method, int $size_limit, string $filter, \constant $deref) : array
Inherited

Given a DN, this function fetches the list of DNs of child entries one level beneath the parent. For example, for the following tree:

dc=example,dc=com
    ou=People
        cn=Dave
        cn=Fred
        cn=Joe
    ou=More People
        cn=Mark
        cn=Bob

Calling

getContainerContents("ou=people,dc=example,dc=com")

would return the following list:

cn=Dave
cn=Fred
cn=Joe
ou=More People

inherited_from \myldap::getContainerContents()

Parameters

$dn

string

The DN of the entry whose children to return.

$method

string

Which connection method resource to use

$size_limit

int

(optional) The maximum number of entries to return. If unspecified, no limit is applied to the number of entries in the returned.

$filter

string

(optional) An LDAP filter to apply when fetching children, example: "(objectClass=inetOrgPerson)"

$deref

\constant

(optional) The LDAP deref setting to use in the query

Returns

arrayAn array of DN strings listing the immediate children of the specified entry.

Given a DN string and a path like syntax, this returns the parent container portion of the string.

getContainerPath(string $dn, string $path) : string
Inherited

inherited_from \myldap::getContainerPath()

Parameters

$dn

string

The DN whose container string to return.

$path

string

Either '/', '.' or something like '../../'

Returns

stringThe container

Given a DN string, this returns the top container portion of the string.

getContainerTop(string $dn) : string
Inherited

inherited_from \myldap::getContainerTop()

Parameters

$dn

string

The DN whose container string to return.

Returns

stringThe container

Much like getDNAttrValues(), but only returns the values for one attribute of an object.

getDNAttrValue(string $dn, string $attr, string $method, \constant $deref) : array
Inherited

Example calls:

print_r(getDNAttrValue('cn=Bob,ou=people,dc=example,dc=com','sn'));
Array (
    [0] => Smith
)

print_r(getDNAttrValue('cn=Bob,ou=people,dc=example,dc=com','objectClass'));
Array (
    [0] => top
    [1] => person
)

see \global\getDNAttrValues
inherited_from \myldap::getDNAttrValue()

Parameters

$dn

string

The distinguished name (DN) of the entry whose attributes/values to fetch.

$attr

string

The attribute whose value(s) to return (ie, "objectClass", "cn", "userPassword")

$method

string

Which connection method resource to use

$deref

\constant

For aliases and referrals, this parameter specifies whether to follow references to the referenced DN or to fetch the attributes for the referencing DN. See http://php.net/ldap_search for the 4 valid options.

Returns

array

Gets the attributes/values of an entry.

getDNAttrValues(string $dn, string $method, \constant $deref, $attrs) : array
Inherited

Returns an associative array whose keys are attribute value names and whose values are arrays of values for said attribute.

Optionally, callers may specify true for the parameter $lower_case_attr_names to force all keys in the associate array (attribute names) to be lower case.

Example of its usage:

print_r(getDNAttrValues('cn=Bob,ou=pepole,dc=example,dc=com')
Array (
    [objectClass] => Array (
        [0] => person
        [1] => top
    )
    [cn] => Array (
        [0] => Bob
    )
    [sn] => Array (
        [0] => Jones
    )
    [dn] => Array (
        [0] => cn=Bob,ou=pepole,dc=example,dc=com
    )
)

see \global\getDNSysAttrs
see \global\getDNAttrValue
inherited_from \myldap::getDNAttrValues()

Parameters

$dn

string

The distinguished name (DN) of the entry whose attributes/values to fetch.

$method

string

Which connection method resource to use

$deref

\constant

For aliases and referrals, this parameter specifies whether to follow references to the referenced DN or to fetch the attributes for the referencing DN. See http://php.net/ldap_search for the 4 valid options.

$attrs

Returns

array

Get the last error string

getErrorMessage(string $method) 
Inherited

inherited_from \myldap::getErrorMessage()

Parameters

$method

string

Which connection method resource to use

Get the last error number

getErrorNum(string $method) 
Inherited

inherited_from \myldap::getErrorNum()

Parameters

$method

string

Which connection method resource to use

getIndex()

getIndex() 
Inherited

inherited_from \DS::getIndex()
inherited_from \myldap::getIndex()

Get the login name of the user logged into this datastore's connection method If this returns null, we are not logged in.

getLogin($method) 
Inherited

If this returns '', we are logged in with anonymous

inherited_from \DS::getLogin()
inherited_from \myldap::getLogin()

Parameters

$method

Get a user ID

getLoginID(string $user, $method) 
Inherited

inherited_from \myldap::getLoginID()

Parameters

$user

string

Which connection method resource to use

$method

Get the name of this datastore

getName() 
Inherited

inherited_from \DS::getName()
inherited_from \myldap::getName()

getRootDSE()

getRootDSE($method) 
Inherited

inherited_from \myldap::getRootDSE()

Parameters

$method

Gets a single AttributeType object specified by name.

getSchemaAttribute($attr_name, $method, string $dn) : \AttributeType
Inherited

see \global\AttributeType
see \global\SchemaAttributes
inherited_from \myldap::getSchemaAttribute()

Parameters

$attr_name

$method

$dn

string

(optional) It is easier to fetch schema if a DN is provided which defines the subschemaSubEntry attribute (all entries should).

Returns

\AttributeTypeThe specified AttributeType object or false on error.

Gets a single ObjectClass object specified by name.

getSchemaObjectClass(string $oclass_name, $method, string $dn) : \ObjectClass
Inherited

see \global\ObjectClass
see \global\SchemaObjectClasses
inherited_from \myldap::getSchemaObjectClass()

Parameters

$oclass_name

string

The name of the objectClass to fetch.

$method

$dn

string

(optional) It is easier to fetch schema if a DN is provided which defines the subschemaSubEntry attribute (all entries should).

Returns

\ObjectClassThe specified ObjectClass object or false on error.

Return a configuration value

getValue($key, $setting, $fatal) 
Inherited

inherited_from \DS::getValue()
inherited_from \myldap::getValue()

Parameters

$key

$setting

$fatal

Return the time left in seconds until this connection times out.

inactivityTime() 
Inherited

If there is not timeout, this function will return null.

inherited_from \DS::inactivityTime()
inherited_from \myldap::inactivityTime()

Fetch whether the user has configured a certain server login to be non anonymous

isAnonBindAllowed() : boolean

$servers->setValue('login','anon_bind',true|false);

Returns

boolean

Given an attribute name and server ID number, this function returns whether the attribute may contain binary data.

isAttrBinary(string $attr_name) : boolean
Inherited

This is useful for developers who wish to display the contents of an arbitrary attribute but don't want to dump binary data on the page.

see \global\isJpegPhoto
inherited_from \myldap::isAttrBinary()

Parameters

$attr_name

string

The name of the attribute to test.

Returns

boolean

Given an attribute name and server ID number, this function returns whether the attrbiute contains boolean data.

isAttrBoolean(string $attr_name) : boolean
Inherited

This is useful for developers who wish to display the contents of a boolean attribute with a drop-down.

inherited_from \myldap::isAttrBoolean()

Parameters

$attr_name

string

The name of the attribute to test.

Returns

boolean

Returns true if the specified attribute is configured as hidden in config.php.

isAttrHidden(string $attr) : boolean

Attributes are configured as hidden in config.php thus:

$config->custom->appearance['hide_attrs'] = array('objectClass');

Parameters

$attr

string

The name of the attribute to test.

Returns

boolean

Returns true if the specified attribute is configured as read only in config.php.

isAttrReadOnly(string $attr) : boolean

Attributes are configured as read-only in config.php thus:

$config->custom->appearance['readonly_attrs'] = array('objectClass');

Parameters

$attr

string

The name of the attribute to test.

Returns

boolean

Returns true if the specified attribute is configured as unique in config.php.

isAttrUnique(string $attr) : boolean

Attributes are configured as hidden in config.php thus:

$servers->setValue('unique','attrs',array('mail','uid','uidNumber'));

Parameters

$attr

string

The name of the attribute to test.

Returns

boolean

Returns true if the user has configured the specified server to enable branch (non-leaf) renames.

isBranchRenameEnabled() : boolean

This is configured in config.php thus:

$servers->setValue('server','branch_rename',true|false);

Returns

boolean

Returns true if the attribute specified is required to take as input a DN.

isDNAttr(string $attr_name, $method) : boolean
Inherited

Some examples include 'distinguishedName', 'member' and 'uniqueMember'.

inherited_from \myldap::isDNAttr()

Parameters

$attr_name

string

The name of the attribute of interest (case insensitive)

$method

Returns

boolean

isDefaultKey()

isDefaultKey($key) 
Inherited

inherited_from \DS::isDefaultKey()
inherited_from \myldap::isDefaultKey()

Parameters

$key

isDefaultSetting()

isDefaultSetting($key, $setting) 
Inherited

inherited_from \DS::isDefaultSetting()
inherited_from \myldap::isDefaultSetting()

Parameters

$key

$setting

This function determines if the specified attribute is contained in the force_may list as configured in config.php.

isForceMay($attr_name) : boolean
Inherited

inherited_from \myldap::isForceMay()

Parameters

$attr_name

Returns

booleanTrue if the specified attribute is in the $force_may list and false otherwise.

Used to determine if the specified attribute is indeed a jpegPhoto.

isJpegPhoto(string $attr_name) : boolean
Inherited

If the specified attribute is one that houses jpeg data, true is returned. Otherwise this function returns false.

see \global\draw_jpeg_photo
inherited_from \myldap::isJpegPhoto()

Parameters

$attr_name

string

The name of the attribute to test.

Returns

boolean

Return if this datastore's connection method has been logged into

isLoggedIn($method) 
Inherited

inherited_from \DS::isLoggedIn()
inherited_from \myldap::isLoggedIn()

Parameters

$method

Determines if an attribute's value can contain multiple lines.

isMultiLineAttr(string $attr_name, string $val) : boolean

Attributes that fall in this multi-line category may be configured in config.php. Hence, this function accesses the global variable $_SESSION[APPCONFIG]->custom->appearance['multi_line_attributes'];

Usage example:

if ($ldapserver->isMultiLineAttr('postalAddress'))
    echo '';
else
    echo '';

Parameters

$attr_name

string

The name of the attribute of interested (case insensivite)

$val

string

(optional) The current value of the attribute (speeds up the process by searching for carriage returns already in the attribute value)

Returns

boolean

isReadOnly()

isReadOnly() 
Inherited

inherited_from \DS::isReadOnly()
inherited_from \myldap::isReadOnly()

Check if the session timeout has occured for this LDAP server.

isSessionValid() 

Gets whether the admin has configured phpLDAPadmin to show the "Create New" link in the tree viewer.

isShowCreateEnabled() : boolean

$servers->setValue('appearance','show_create',true|false);

If NOT set, then default to show the Create New item. If IS set, then return the value (it should be true or false).

The entry creation command must be available.

$config->custom->commands['script'] = array('create' => true);

Returns

booleantrue if the feature is enabled and false otherwise.

Functions that return the condition of the datasource

isVisible() 
Inherited

inherited_from \DS::isVisible()
inherited_from \myldap::isVisible()

Logout of this datastore's connection method

logout($method) 
Inherited

inherited_from \DS::logout()
inherited_from \myldap::logout()

Parameters

$method

Modify objects

modify($dn, $attrs, $method) 

Parameters

$dn

$attrs

$method

Perform a query to the Database

query(string $query, string $method, string $index, boolean $debug) : array | null
Inherited

inherited_from \myldap::query()

Parameters

$query

string

query to perform $query['base'] $query['filter'] $query['scope'] $query['attrs'] = array(); $query['deref']

$method

string

Which connection method resource to use

$index

string

Index items according to this key

$debug

boolean

Enable debugging output

Returns

arraynullResults of query.

Rename objects

rename($dn, $new_rdn, $container, $deleteoldrdn, $method) 

Parameters

$dn

$new_rdn

$container

$deleteoldrdn

$method

Functions that set and verify object configuration details

setDefaults($defaults) 
Inherited

inherited_from \DS::setDefaults()
inherited_from \myldap::setDefaults()

Parameters

$defaults

Set a configuration value

setValue($key, $setting, $value) 
Inherited

inherited_from \DS::setValue()
inherited_from \myldap::setValue()

Parameters

$key

$setting

$value

Return the untested config items

untested() 
Inherited

inherited_from \DS::untested()
inherited_from \myldap::untested()

This function will test if a user is a member of a group.

userIsMember(string $user, \dn $group) : bool
Inherited

Inputs:

inherited_from \myldap::userIsMember()

Parameters

$user

string

membership value that is being checked

$group

\dn

DN to see if user is a member

Returns

booltrue|false

Connect and Bind to the Database

connect(string $method, $debug, $new) : resource | null
Inherited

inherited_from \myldap::connect()

Parameters

$method

string

Which connection method resource to use

$debug

$new

Returns

resourcenullConnection resource if successful, null if not.

Parse a DN and escape any special characters

escapeDN($dn) 
Inherited

inherited_from \myldap::escapeDN()

Parameters

$dn

Work out which connection method to use.

getMethod(int $method) : string
Inherited

If a method is passed, then it will be passed back. If no method is passed, then we'll check to see if the user is logged in. If they are, then 'user' is used, otherwise 'anon' is used.

inherited_from \DS::getMethod()
inherited_from \myldap::getMethod()

Parameters

$method

int

Server ID

Returns

stringConnection Method

Get the login password of the user logged into this datastore's connection method

getPassword($method) 
Inherited

inherited_from \DS::getPassword()
inherited_from \myldap::getPassword()

Parameters

$method

Set the login details of the user logged into this datastore's connection method

setLogin($user, $pass, $method) 
Inherited

inherited_from \DS::setLogin()
inherited_from \myldap::setLogin()

Parameters

$user

$pass

$method

This function will determine if the user is allowed to login based on a filter

userIsAllowedLogin($dn) 
Inherited

inherited_from \myldap::userIsAllowedLogin()

Parameters

$dn

Explode a DN into an array of its RDN parts.

explodeDN(string $dn, int $with_attributes) : array
Inherited

inherited_from \myldap::explodeDN()

Parameters

$dn

string

The DN to explode.

$with_attributes

int

(optional) Whether to include attribute names (see http://php.net/ldap_explode_dn for details)

Returns

arrayAn array of RDN parts of this format: Array ( [0] => uid=ppratt [1] => ou=People [2] => dc=example [3] => dc=com ) NOTE: When a multivalue RDN is passed to ldap_explode_dn, the results returns with 'value + value';

Return the login base DNs If no login base DNs are defined, then the LDAP server Base DNs are used.

getLoginBaseDN() 
Inherited

inherited_from \myldap::getLoginBaseDN()

Return the login classes that a user must have to login

getLoginClass() 
Inherited

inherited_from \myldap::getLoginClass()

Fetches the raw schema array for the subschemaSubentry of the server.

getRawSchema(string $method, string $schema_to_fetch, \dn $dn) : array
Inherited

Note, this function has grown many hairs to accomodate more LDAP servers. It is needfully complicated as it now supports many popular LDAP servers that don't necessarily expose their schema "the right way".

Please note: On FC systems, it seems that php_ldap uses /etc/openldap/ldap.conf in the search base if it is blank - so edit that file and comment out the BASE line.

inherited_from \myldap::getRawSchema()

Parameters

$method

string

Which connection method resource to use

$schema_to_fetch

string

A string indicating which type of schema to fetch. Five valid values: 'objectclasses', 'attributetypes', 'ldapsyntaxes', 'matchingruleuse', or 'matchingrules'. Case insensitive.

$dn

\dn

(optional) This paremeter is the DN of the entry whose schema you would like to fetch. Entries have the option of specifying their own subschemaSubentry that points to the DN of the system schema entry which applies to this attribute. If unspecified, this will try to retrieve the schema from the RootDSE subschemaSubentry. Failing that, we use some commonly known schema DNs. Default value is the Root DSE DN (zero-length string)

Returns

arrayan array of strings of this form: Array ( [0] => "(1.3.6.1.4.1.7165.1.2.2.4 NAME 'gidPool' DESC 'Pool ... [1] => "(1.3.6.1.4.1.7165.2.2.3 NAME 'sambaAccount' DESC 'Sa ... etc.

This function will query the ldap server and request the subSchemaSubEntry which should be the Schema DN.

getSchemaDN(string $method, \dn $dn) : array | false
Inherited

If we cant connect to the LDAP server, we'll return false. If we can connect but cant get the entry, then we'll return null.

inherited_from \myldap::getSchemaDN()

Parameters

$method

string

Which connection method resource to use

$dn

\dn

The DN to use to obtain the schema

Returns

arrayfalseSchema if available, null if its not or false if we cant connect.

Returns true if the specified attribute is configured according to the test enabled in config.php

isAttrTest(string $attr, array $attrs, \dn $except_dn) : boolean

Parameters

$attr

string

The name of the attribute to test.

$attrs

array

The attributes to test against.

$except_dn

\dn

A DN that is exempt from these tests.

Returns

boolean

Fetches whether PROXY AUTH has been configured for use with a certain server.

isProxyEnabled() : boolean
Inherited

Users may configure phpLDAPadmin to use PROXY AUTH in config,php thus:

$servers->setValue('login','auth_type','proxy');

inherited_from \myldap::isProxyEnabled()

Returns

boolean

Fetches whether SASL has been configured for use with a certain server.

isSASLEnabled() : boolean
Inherited

Users may configure phpLDAPadmin to use SASL in config,php thus:

$servers->setValue('server','sasl',true|false);

inherited_from \myldap::isSASLEnabled()

Returns

boolean

Fetches whether TLS has been configured for use with a certain server.

isTLSEnabled() : boolean
Inherited

Users may configure phpLDAPadmin to use TLS in config,php thus:

$servers->setValue('server','tls',true|false);

inherited_from \myldap::isTLSEnabled()

Returns

boolean

If PROXY AUTH is configured, then start it

startProxy($resource, $method) 
Inherited

inherited_from \myldap::startProxy()

Parameters

$resource

$method

If SASL is configured, then start it To be able to use SASL, PHP should have been compliled with --with-ldap-sasl=DIR

startSASL($resource, $method) 
Inherited

inherited_from \myldap::startSASL()

Parameters

$resource

$method

If TLS is configured, then start it

startTLS($resource) 
Inherited

inherited_from \myldap::startTLS()

Parameters

$resource

Parse a DN and unescape any special characters

unescapeDN($dn) 
Inherited

inherited_from \myldap::unescapeDN()

Parameters

$dn

 Properties

 

$custom

$custom 
Inherited

inherited_from \DS::$$custom
inherited_from \myldap::$$custom
 

$default

$default 
Inherited

inherited_from \DS::$$default
inherited_from \myldap::$$default
 

$index

$index 
Inherited

inherited_from \DS::$$index
inherited_from \myldap::$$index
 

$type

$type 
Inherited

inherited_from \DS::$$type
inherited_from \myldap::$$type
 

$_schemaDN

$_schemaDN 
Inherited

inherited_from \myldap::$$_schemaDN
 

$_schema_entries

$_schema_entries 
Inherited

inherited_from \myldap::$$_schema_entries
 

$force_may

$force_may 

 

$noconnect

$noconnect 
Inherited

inherited_from \myldap::$$noconnect