: void { error_clear_last(); $result = \ldap_parse_exop($link, $result, $retdata, $retoid); if ($result === false) { throw LdapException::createFromPhpError(); } } /** * Parses an LDAP search result. * * @param resource $link An LDAP link identifier, returned by ldap_connect. * @param resource $result An LDAP result resource, returned by ldap_list or * ldap_search. * @param int|null $errcode A reference to a variable that will be set to the LDAP error code in * the result, or 0 if no error occurred. * @param string|null $matcheddn A reference to a variable that will be set to a matched DN if one was * recognised within the request, otherwise it will be set to NULL. * @param string|null $errmsg A reference to a variable that will be set to the LDAP error message in * the result, or an empty string if no error occurred. * @param array|null $referrals A reference to a variable that will be set to an array set * to all of the referral strings in the result, or an empty array if no * referrals were returned. * @param array|null $serverctrls An array of LDAP Controls which have been sent with the response. * @throws LdapException * */ function ldap_parse_result($link, $result, ?int &$errcode, ?string &$matcheddn = null, ?string &$errmsg = null, ?array &$referrals = null, ?array &$serverctrls = null): void { error_clear_last(); $result = \ldap_parse_result($link, $result, $errcode, $matcheddn, $errmsg, $referrals, $serverctrls); if ($result === false) { throw LdapException::createFromPhpError(); } } /** * Performs the search for a specified filter on the * directory with the scope LDAP_SCOPE_BASE. So it is * equivalent to reading an entry from the directory. * * @param resource $link_identifier An LDAP link identifier, returned by ldap_connect. * @param string $base_dn The base DN for the directory. * @param string $filter An empty filter is not allowed. If you want to retrieve absolutely all * information for this entry, use a filter of * objectClass=*. If you know which entry types are * used on the directory server, you might use an appropriate filter such * as objectClass=inetOrgPerson. * @param array $attributes An array of the required attributes, e.g. array("mail", "sn", "cn"). * Note that the "dn" is always returned irrespective of which attributes * types are requested. * * Using this parameter is much more efficient than the default action * (which is to return all attributes and their associated values). * The use of this parameter should therefore be considered good * practice. * @param int $attrsonly Should be set to 1 if only attribute types are wanted. If set to 0 * both attributes types and attribute values are fetched which is the * default behaviour. * @param int $sizelimit Enables you to limit the count of entries fetched. Setting this to 0 * means no limit. * * This parameter can NOT override server-side preset sizelimit. You can * set it lower though. * * Some directory server hosts will be configured to return no more than * a preset number of entries. If this occurs, the server will indicate * that it has only returned a partial results set. This also occurs if * you use this parameter to limit the count of fetched entries. * @param int $timelimit Sets the number of seconds how long is spend on the search. Setting * this to 0 means no limit. * * This parameter can NOT override server-side preset timelimit. You can * set it lower though. * @param int $deref Specifies how aliases should be handled during the search. It can be * one of the following: * * * * LDAP_DEREF_NEVER - (default) aliases are never * dereferenced. * * * * * LDAP_DEREF_SEARCHING - aliases should be * dereferenced during the search but not when locating the base object * of the search. * * * * * LDAP_DEREF_FINDING - aliases should be * dereferenced when locating the base object but not during the search. * * * * * LDAP_DEREF_ALWAYS - aliases should be dereferenced * always. * * * * @param array $serverctrls Array of LDAP Controls to send with the request. * @return resource Returns a search result identifier. * @throws LdapException * */ function ldap_read($link_identifier, string $base_dn, string $filter, array $attributes = null, int $attrsonly = 0, int $sizelimit = -1, int $timelimit = -1, int $deref = LDAP_DEREF_NEVER, array $serverctrls = null) { error_clear_last(); if ($serverctrls !== null) { $result = \ldap_read($link_identifier, $base_dn, $filter, $attributes, $attrsonly, $sizelimit, $timelimit, $deref, $serverctrls); } elseif ($deref !== LDAP_DEREF_NEVER) { $result = \ldap_read($link_identifier, $base_dn, $filter, $attributes, $attrsonly, $sizelimit, $timelimit, $deref); } elseif ($timelimit !== -1) { $result = \ldap_read($link_identifier, $base_dn, $filter, $attributes, $attrsonly, $sizelimit, $timelimit); } elseif ($sizelimit !== -1) { $result = \ldap_read($link_identifier, $base_dn, $filter, $attributes, $attrsonly, $sizelimit); } elseif ($attrsonly !== 0) { $result = \ldap_read($link_identifier, $base_dn, $filter, $attributes, $attrsonly); } elseif ($attributes !== null) { $result = \ldap_read($link_identifier, $base_dn, $filter, $attributes); } else { $result = \ldap_read($link_identifier, $base_dn, $filter); } if ($result === false) { throw LdapException::createFromPhpError(); } return $result; } /** * Does the same thing as ldap_rename but returns the LDAP result resource to be parsed with ldap_parse_result. * * @param resource $link_identifier * @param string $dn * @param string $newrdn * @param string $newparent * @param bool $deleteoldrdn * @param array $serverctrls * @return resource Returns an LDAP result identifier. * @throws LdapException * */ function ldap_rename_ext($link_identifier, string $dn, string $newrdn, string $newparent, bool $deleteoldrdn, array $serverctrls = null) { error_clear_last(); $result = \ldap_rename_ext($link_identifier, $dn, $newrdn, $newparent, $deleteoldrdn, $serverctrls); if ($result === false) { throw LdapException::createFromPhpError(); } return $result; } /** * The entry specified by dn is renamed/moved. * * @param resource $link_identifier An LDAP link identifier, returned by ldap_connect. * @param string $dn The distinguished name of an LDAP entity. * @param string $newrdn The new RDN. * @param string $newparent The new parent/superior entry. * @param bool $deleteoldrdn If TRUE the old RDN value(s) is removed, else the old RDN value(s) * is retained as non-distinguished values of the entry. * @param array $serverctrls Array of LDAP Controls to send with the request. * @throws LdapException * */ function ldap_rename($link_identifier, string $dn, string $newrdn, string $newparent, bool $deleteoldrdn, array $serverctrls = null): void { error_clear_last(); $result = \ldap_rename($link_identifier, $dn, $newrdn, $newparent, $deleteoldrdn, $serverctrls); if ($result === false) { throw LdapException::createFromPhpError(); } } /** * * * @param resource $link * @param string $binddn * @param string $password * @param string $sasl_mech * @param string $sasl_realm * @param string $sasl_authc_id * @param string $sasl_authz_id * @param string $props * @throws LdapException * */ function ldap_sasl_bind($link, string $binddn = null, string $password = null, string $sasl_mech = null, string $sasl_realm = null, string $sasl_authc_id = null, string $sasl_authz_id = null, string $props = null): void { error_clear_last(); $result = \ldap_sasl_bind($link, $binddn, $password, $sasl_mech, $sasl_realm, $sasl_authc_id, $sasl_authz_id, $props); if ($result === false) { throw LdapException::createFromPhpError(); } } /** * Performs the search for a specified filter on the directory with the scope * of LDAP_SCOPE_SUBTREE. This is equivalent to searching * the entire directory. * * From 4.0.5 on it's also possible to do parallel searches. To do this * you use an array of link identifiers, rather than a single identifier, * as the first argument. If you don't want the same base DN and the * same filter for all the searches, you can also use an array of base DNs * and/or an array of filters. Those arrays must be of the same size as * the link identifier array since the first entries of the arrays are * used for one search, the second entries are used for another, and so * on. When doing parallel searches an array of search result * identifiers is returned, except in case of error, then the entry * corresponding to the search will be FALSE. This is very much like * the value normally returned, except that a result identifier is always * returned when a search was made. There are some rare cases where the * normal search returns FALSE while the parallel search returns an * identifier. * * @param resource|array $link_identifier An LDAP link identifier, returned by ldap_connect. * @param string $base_dn The base DN for the directory. * @param string $filter The search filter can be simple or advanced, using boolean operators in * the format described in the LDAP documentation (see the Netscape Directory SDK or * RFC4515 for full * information on filters). * @param array $attributes An array of the required attributes, e.g. array("mail", "sn", "cn"). * Note that the "dn" is always returned irrespective of which attributes * types are requested. * * Using this parameter is much more efficient than the default action * (which is to return all attributes and their associated values). * The use of this parameter should therefore be considered good * practice. * @param int $attrsonly Should be set to 1 if only attribute types are wanted. If set to 0 * both attributes types and attribute values are fetched which is the * default behaviour. * @param int $sizelimit Enables you to limit the count of entries fetched. Setting this to 0 * means no limit. * * This parameter can NOT override server-side preset sizelimit. You can * set it lower though. * * Some directory server hosts will be configured to return no more than * a preset number of entries. If this occurs, the server will indicate * that it has only returned a partial results set. This also occurs if * you use this parameter to limit the count of fetched entries. * @param int $timelimit Sets the number of seconds how long is spend on the search. Setting * this to 0 means no limit. * * This parameter can NOT override server-side preset timelimit. You can * set it lower though. * @param int $deref Specifies how aliases should be handled during the search. It can be * one of the following: * * * * LDAP_DEREF_NEVER - (default) aliases are never * dereferenced. * * * * * LDAP_DEREF_SEARCHING - aliases should be * dereferenced during the search but not when locating the base object * of the search. * * * * * LDAP_DEREF_FINDING - aliases should be * dereferenced when locating the base object but not during the search. * * * * * LDAP_DEREF_ALWAYS - aliases should be dereferenced * always. * * * * @param array $serverctrls Array of LDAP Controls to send with the request. * @return resource Returns a search result identifier. * @throws LdapException * */ function ldap_search($link_identifier, string $base_dn, string $filter, array $attributes = null, int $attrsonly = 0, int $sizelimit = -1, int $timelimit = -1, int $deref = LDAP_DEREF_NEVER, array $serverctrls = null) { error_clear_last(); if ($serverctrls !== null) { $result = \ldap_search($link_identifier, $base_dn, $filter, $attributes, $attrsonly, $sizelimit, $timelimit, $deref, $serverctrls); } elseif ($deref !== LDAP_DEREF_NEVER) { $result = \ldap_search($link_identifier, $base_dn, $filter, $attributes, $attrsonly, $sizelimit, $timelimit, $deref); } elseif ($timelimit !== -1) { $result = \ldap_search($link_identifier, $base_dn, $filter, $attributes, $attrsonly, $sizelimit, $timelimit); } elseif ($sizelimit !== -1) { $result = \ldap_search($link_identifier, $base_dn, $filter, $attributes, $attrsonly, $sizelimit); } elseif ($attrsonly !== 0) { $result = \ldap_search($link_identifier, $base_dn, $filter, $attributes, $attrsonly); } elseif ($attributes !== null) { $result = \ldap_search($link_identifier, $base_dn, $filter, $attributes); } else { $result = \ldap_search($link_identifier, $base_dn, $filter); } if ($result === false) { throw LdapException::createFromPhpError(); } return $result; } /** * Sets the value of the specified option to be newval. * * @param resource|null $link_identifier An LDAP link identifier, returned by ldap_connect. * @param int $option The parameter option can be one of: * * * * * Option * Type * Available since * * * * * LDAP_OPT_DEREF * integer * * * * LDAP_OPT_SIZELIMIT * integer * * * * LDAP_OPT_TIMELIMIT * integer * * * * LDAP_OPT_NETWORK_TIMEOUT * integer * PHP 5.3.0 * * * LDAP_OPT_PROTOCOL_VERSION * integer * * * * LDAP_OPT_ERROR_NUMBER * integer * * * * LDAP_OPT_REFERRALS * bool * * * * LDAP_OPT_RESTART * bool * * * * LDAP_OPT_HOST_NAME * string * * * * LDAP_OPT_ERROR_STRING * string * * * * LDAP_OPT_DIAGNOSTIC_MESSAGE * string * * * * LDAP_OPT_MATCHED_DN * string * * * * LDAP_OPT_SERVER_CONTROLS * array * * * * LDAP_OPT_CLIENT_CONTROLS * array * * * * LDAP_OPT_X_KEEPALIVE_IDLE * int * PHP 7.1.0 * * * LDAP_OPT_X_KEEPALIVE_PROBES * int * PHP 7.1.0 * * * LDAP_OPT_X_KEEPALIVE_INTERVAL * int * PHP 7.1.0 * * * LDAP_OPT_X_TLS_CACERTDIR * string * PHP 7.1.0 * * * LDAP_OPT_X_TLS_CACERTFILE * string * PHP 7.1.0 * * * LDAP_OPT_X_TLS_CERTFILE * string * PHP 7.1.0 * * * LDAP_OPT_X_TLS_CIPHER_SUITE * string * PHP 7.1.0 * * * LDAP_OPT_X_TLS_CRLCHECK * integer * PHP 7.1.0 * * * LDAP_OPT_X_TLS_CRLFILE * string * PHP 7.1.0 * * * LDAP_OPT_X_TLS_DHFILE * string * PHP 7.1.0 * * * LDAP_OPT_X_TLS_KEYFILE * string * PHP 7.1.0 * * * LDAP_OPT_X_TLS_PROTOCOL_MIN * integer * PHP 7.1.0 * * * LDAP_OPT_X_TLS_RANDOM_FILE * string * PHP 7.1.0 * * * LDAP_OPT_X_TLS_REQUIRE_CERT * integer * PHP 7.0.5 * * * * * * LDAP_OPT_SERVER_CONTROLS and * LDAP_OPT_CLIENT_CONTROLS require a list of * controls, this means that the value must be an array of controls. A * control consists of an oid identifying the control, * an optional value, and an optional flag for * criticality. In PHP a control is given by an * array containing an element with the key oid * and string value, and two optional elements. The optional * elements are key value with string value * and key iscritical with boolean value. * iscritical defaults to FALSE * if not supplied. See draft-ietf-ldapext-ldap-c-api-xx.txt * for details. See also the second example below. * @param mixed $newval The new value for the specified option. * @throws LdapException * */ function ldap_set_option($link_identifier, int $option, $newval): void { error_clear_last(); $result = \ldap_set_option($link_identifier, $option, $newval); if ($result === false) { throw LdapException::createFromPhpError(); } } /** * Unbinds from the LDAP directory. * * @param resource $link_identifier An LDAP link identifier, returned by ldap_connect. * @throws LdapException * */ function ldap_unbind($link_identifier): void { error_clear_last(); $result = \ldap_unbind($link_identifier); if ($result === false) { throw LdapException::createFromPhpError(); } }