====== LDAP ======
~~NOTOC~~
Use of ADODB_FETCH_NUM is strongly discouraged because AD records returned in queries may not all contain the same number of fields
== Specification ==
^Driver Name|ldap|
^Data Provider|ldap|
^Status|Active((This driver is actively supported or enhanced by ADOdb project members))|
^Windows|Yes|
^Unix|Perhaps((We have never tried it except against Microsoft LDAP servers from Windows))|
^ADOdb V5|Yes|
^ADOdb V6|Yes|
===== Description =====
From ADOdb Versions 5.22.8 and 5.23.0, the LDAP driver can be used in the same way as all the other drivers. Simply replace the SQL statement with a valid AD Query String
===== Usage =====
You must use standard [[https://ldap.com/ldap-filters/|LDAP filter terms]] rather than SQL statements when executing a query. Any value provided in the //$bindvars// parameter is ignored,
------------------------------------------------------------
DEFINE('ADODB_ASSOC_CASE',ADODB_ASSOC_CASE_UPPER);
$db = ADOnewConnection('ldap');
$db->setFetchMode(ADODB_FETCH_ASSOC);
$baseDN = 'dc=example,dc=com';
$adServer = 'example.com';
$user = 'adodb@example.com';
$password = 'adodb!';
$db->connect($adServer,$user,$password,$baseDN);
/*
* Find the first 2 records where the given name is adodb
*/
$result = $db->selectLimit('(givenname=adodb)',2);
while ($r = $result->fetchRow())
{
print_r($r);
}
Returns the following data. Note that some elements may contain **array** or **binary** data. In this example, the 1st record contains 29 columns, and the second 30.
Array
(
[CN] => ADODb Tester
[SN] => Tester
[GIVENNAME] => ADODb
[DISTINGUISHEDNAME] => CN=ADODb Tester,CN=Users,DC=test,DC=loc
[INSTANCETYPE] => 4
[WHENCREATED] => 20231116231826.0Z
[WHENCHANGED] => 20231116231828.0Z
[DISPLAYNAME] => ADODb Tester
[USNCREATED] => 12794
[USNCHANGED] => 12801
[NAME] => ADODb Tester
[OBJECTGUID] =>
[USERACCOUNTCONTROL] => 66048
[BADPWDCOUNT] => 0
[CODEPAGE] => 0
[COUNTRYCODE] => 0
[BADPASSWORDTIME] => 0
[LASTLOGOFF] => 0
[LASTLOGON] => 0
[PWDLASTSET] => 133446503074682533
[PRIMARYGROUPID] => 513
[OBJECTSID] =>
[ACCOUNTEXPIRES] => 9223372036854775807
[LOGONCOUNT] => 0
[SAMACCOUNTNAME] => adodb
[SAMACCOUNTTYPE] => 805306368
[USERPRINCIPALNAME] => adodb@test.loc
[OBJECTCATEGORY] => CN=Person,CN=Schema,CN=Configuration,DC=test,DC=loc
[DSCOREPROPAGATIONDATA] => Array
(
[0] => 20231116231827.0Z
[1] => 16010101000000.0Z
)
[OBJECTCLASS] => Array
(
[0] => top
[1] => person
[2] => organizationalPerson
[3] => user
)
)
Array
(
[CN] => ADOdb N. Tester
[SN] => Tester
[GIVENNAME] => ADOdb
[INITIALS] => N
[DISTINGUISHEDNAME] => CN=ADOdb N. Tester,CN=Users,DC=test,DC=loc
[INSTANCETYPE] => 4
[WHENCREATED] => 20231118172808.0Z
[WHENCHANGED] => 20231118172809.0Z
[DISPLAYNAME] => ADOdb N. Tester
[USNCREATED] => 16413
[USNCHANGED] => 16420
[NAME] => ADOdb N. Tester
[OBJECTGUID] =>
[USERACCOUNTCONTROL] => 66048
[BADPWDCOUNT] => 0
[CODEPAGE] => 0
[COUNTRYCODE] => 0
[BADPASSWORDTIME] => 0
[LASTLOGOFF] => 0
[LASTLOGON] => 0
[PWDLASTSET] => 133448020890659722
[PRIMARYGROUPID] => 513
[OBJECTSID] =>
[ACCOUNTEXPIRES] => 9223372036854775807
[LOGONCOUNT] => 0
[SAMACCOUNTNAME] => adodb2
[SAMACCOUNTTYPE] => 805306368
[USERPRINCIPALNAME] => adodb2@test.loc
[OBJECTCATEGORY] => CN=Person,CN=Schema,CN=Configuration,DC=test,DC=loc
[DSCOREPROPAGATIONDATA] => Array
(
[0] => 20231118172809.0Z
[1] => 16010101000000.0Z
)
[OBJECTCLASS] => Array
(
[0] => top
[1] => person
[2] => organizationalPerson
[3] => user
)
)
==== URI Connections ====
The **//Server//** definition can be set in the form ''ldap://server-name''. You must use this if you want to:
- Use an alternate connection port ''ldap:⁄⁄server-name:3389''
- Use ldap over SSL - ''ldaps:⁄⁄server-name''
===== Connection Parameters =====
The following values may be injected into the connection via the use of [[v5:reference:connection:getrowassoc|setConnectionParameter()]]
^ OPTION_NAME ^ Type ^
| ''LDAP_OPT_DEREF'' | integer |
| ''LDAP_OPT_SIZELIMIT'' | integer |
| ''LDAP_OPT_TIMELIMIT'' | integer |
| ''LDAP_OPT_PROTOCOL_VERSION'' | integer |
| ''LDAP_OPT_ERROR_NUMBER'' | integer |
| ''LDAP_OPT_REFERRALS'' | boolean |
| ''LDAP_OPT_RESTART'' | boolean |
| ''LDAP_OPT_HOST_NAME'' | string |
| ''LDAP_OPT_ERROR_STRING'' | string |
| ''LDAP_OPT_MATCHED_DN'' | string |
| ''LDAP_OPT_SERVER_CONTROLS'' | array |
| ''LDAP_OPT_CLIENT_CONTROLS'' | array |
From ADOdb 5.22.8 and 5.23.0, default values set are as follows
^Parameter^Value^
|LDAP_OPT_PROTOCOL_VERSION|3|
|LDAP_OPT_REFERRALS|0|
These values can be changed with **//setConnectionParameter()//**
The following usage method is deprecated in PHP8.2 and will not work with PHP 8.3. Use **//setConnectionParameter()//** instead.
$LDAP_CONNECT_OPTIONS = Array(
Array (
"OPTION_NAME"=>LDAP_OPT_DEREF,
"OPTION_VALUE"=>2
),
Array (
"OPTION_NAME"=>LDAP_OPT_SIZELIMIT,
"OPTION_VALUE"=>100
),
Array (
"OPTION_NAME"=>LDAP_OPT_TIMELIMIT,
"OPTION_VALUE"=>30
),
Array (
"OPTION_NAME"=>,
"OPTION_VALUE"=>3
),
Array (
"OPTION_NAME"=>LDAP_OPT_ERROR_NUMBER,
"OPTION_VALUE"=>13
),
Array (
"OPTION_NAME"=>LDAP_OPT_REFERRALS,
"OPTION_VALUE"=>FALSE
),
Array (
"OPTION_NAME"=>LDAP_OPT_RESTART,
"OPTION_VALUE"=>FALSE
)
);
{{tag>[ active tier2 ]}}