Changes

PHP Extensions

3,734 bytes added, 14:56, 12 June 2014
/* Requirements */
== LDAP Controls ==
Currently, only the add/modify/replace/delete functions have been patched to accept additional parameters for server and client controls.
* [https://github.com/stepping-stone/php-src/tree/ldap-controls Development Branch] (against PHP master)
* [https://github.com/stepping-stone/php-src/tree/ldap-controls-PHP-5.5.10 PHP-5.5.10 Backport Branch]([https://github.com/stepping-stone/php-src/compare/PHP-5.5.10...ldap-controls-PHP-5.5.10.patch patch for PHP-5.5.10])* [https://github.com/php/php-src/pull/652 Pull request @upstream]([https://github.com/php/php-src/pull/652.patch patch for PHP-git-latest])* [http://marc.info/?l=php-internals&m=139843308032437&w=2 RFC Mail request for comments on php-internals mailinglist]
Examples:
</pre>
== LDAP Server Side Sorting Control ==
[https://tools.ietf.org/html/rfc2891 RFC2891]
 
The server side on OpenLDAP is implemented via an overlay: [http://www.openldap.org/software/man.cgi?query=slapo-sssvlv&apropos=0&sektion=0&manpath=OpenLDAP+2.4-Release&format=html slapo-sssvlv] - Server Side Sorting and Virtual List View overlay for slapd.
'''TODO'''
== LDAP Simple Paged Results Modify-Increment Extension ==
[https://tools.ietf.org/html/rfc2696 RFC2696rfc4525 RFC4525]
'''TODO'''
(this isn't a control but a specific type of modification)
 
Together with the Pre Read Control this presents a more elegant way on getting unique monotonic increasing IDs (our UIDs) since this would allow to increment the UID and getting the previous value in the same call.
 
== LDAP Read Entry Controls ==
 
[https://tools.ietf.org/html/rfc4527 RFC4527]
 
'''TODO'''
This may be harder to get into upstream PHP since this requires that the functions pass back the message object such that the caller can get the response control out of it (which contains the entries of the query).
 
== LDAP Tree Delete Control ==
 
[http://tools.ietf.org/html/draft-armijo-ldap-treedelete-02 draft-armijo-ldap-treedelete-02]
 
May be really helpful when deleting tree of objects.
 
== LDAP Scrolling View Browsing of Search Results ==
 
To achieve server side sorting with proper paging, the Server Side Sorting and Virtual List View overlay on the OpenLDAP server needs to be installed (this overlay replaces the built in simple paging mechanism):
* Internet-Draft: [http://www.ietf.org/proceedings/55/I-D/draft-ietf-ldapext-ldapv3-vlv-09.txt draft-ietf-ldapext-ldapv3-vlv-09.txt]
 
This requires [[#LDAP_Server_Side_Sorting_Control | LDAP Server Side Sorting Control]]:
<pre>
5. Client-Server Interaction
The Virtual List View control extends a regular LDAP Search operation
which MUST also include a server-side sorting control [SSS].
[...]
</pre>
 
A Perl example how to set a LDAP control: http://search.cpan.org/~marschap/perl-ldap-0.62/
 
The server side on OpenLDAP is implemented via an overlay: [http://www.openldap.org/software/man.cgi?query=slapo-sssvlv&apropos=0&sektion=0&manpath=OpenLDAP+2.4-Release&format=html slapo-sssvlv] - Server Side Sorting and Virtual List View overlay for slapd.
 
Example Search with server side sorting (ascending):
<pre>
ldapsearch -H ldaps://ldapm.stoney-cloud.org \
-E sss=uid:integerOrderingMatch \
-b "ou=people,dc=stoney-cloud,dc=org" \
-s one \
-D "cn=Manager,dc=stoney-cloud,dc=org" \
-z 5 \
-W -x -LLL \
"(&(sstBelongsToResellerUID=4000000)(uid=*400*))" o sn givenName sstIsActive
</pre>
 
Example Search with server side sorting (descending: check the "-" before the attribute uid):
<pre>
ldapsearch -H ldaps://ldapm.stoney-cloud.org \
-E sss=-uid:integerOrderingMatch \
-b "ou=people,dc=stoney-cloud,dc=org" \
-s one \
-D "cn=Manager,dc=stoney-cloud,dc=org" \
-z 5 \
-W -x -LLL \
"(&(sstBelongsToResellerUID=4000000)(uid=*400*))" o sn givenName sstIsActive
</pre>
 
== Building the patched LDAP extension ==
 
=== Requirements ===
 
* PHP 5.5 (including development tools like <code>phpize</code>)
* OpenLDAP libraries and headers
* libtool
* gcc
* make
* autoconf
* git
* php-ldap extension '''must not be installed''' already, otherwise it will clash with the patched one
 
=== Building & installation ===
 
<source lang='bash'>
git clone -b ldap-controls-PHP-5.5.10 --depth=1 https://github.com/stepping-stone/php-src.git
 
cd php-src/ext/ldap
 
phpize
aclocal
libtoolize -f
autoheader
autoconf
 
./configure
make
 
sudo make install
</source>
 
=== Activation ===
 
Add the following line to the relevant <code>php.ini</code>:
<source lang='ini'>
extension=ldap.so
</source>
[[Category:Documentation]]
[[Category:PHP]]
[[Category:LDAPOpenLDAP directory]]
Tiziano
Bureaucrat, administrator
425
edits