Difference between revisions of "PHP Extensions"
| [unchecked revision] | [unchecked revision] |
(→LDAP Session Control) |
|||
| Line 1: | Line 1: | ||
Several extensions to the existing PHP LDAP API have been developed to make it more suitable to our needs. | Several extensions to the existing PHP LDAP API have been developed to make it more suitable to our needs. | ||
| + | |||
| + | Currently, the add/modify/replace/delete functions have been patched to accept additional parameters for server and client controls. | ||
| + | |||
| + | Examples: | ||
| + | |||
| + | Single control: | ||
| + | <source lang='php'> | ||
| + | ldap_modify($link, $dn, $entry, $control); | ||
| + | </source> | ||
| + | |||
| + | Multiple controls: | ||
| + | <source lang='php'> | ||
| + | ldap_modify($link, $dn, $entry, [$control1, $control2]); | ||
| + | </source> | ||
== LDAP Assertion Control == | == LDAP Assertion Control == | ||
Revision as of 21:21, 27 April 2014
Several extensions to the existing PHP LDAP API have been developed to make it more suitable to our needs.
Currently, the add/modify/replace/delete functions have been patched to accept additional parameters for server and client controls.
Examples:
Single control:
ldap_modify($link, $dn, $entry, $control);
Multiple controls:
ldap_modify($link, $dn, $entry, [$control1, $control2]);
LDAP Assertion Control
To be able to safely change values, the Assertion Control is needed which results in a Compare-and-Set functionality.
Example (taken from ext/ldap/tests/ldap_control_assertion_basic.phpt):
$link = ldap_connect_and_bind($host, $port, $user, $passwd, $protocol_version); $entry = array( "objectClass" => array( "top", "dcObject", "organization"), "dc" => "stoney-cloud", "o" => "stoney-cloud", "description" => "stoney cloud root object", ); ldap_modify($link, "dc=stoney-cloud,dc=org", $entry); $assertion_string = "(description=stoney cloud root object)"; $control = ldap_control_assertion($link, $assertion_string); // the following fails if the description has been changed in the meantime ldap_modify($link, "dc=my-domain,dc=com", $entry, $control);
This can be used to safely increment variables, reserve IP addresses without race conditions.
Given a field in the LDAP which contains the the next free id or IP address:
- get the current value
- increment the value
- set the new value with the assert that the value must match the previously fetched one
- if it succeeds you can safely use the previously set value, if not: repeat the procedure
LDAP Session Control
The implementation of the control creation is complete, but controls can currently only be passed to the add/modify/replace/delete functions.
The idea of this control is the possibility of tracking the queries made in the LDAP for a given session in the application:
$link = ldap_connect_and_bind($host, $port, $user, $passwd, $protocol_version); $entry = array( "objectClass" => array( "top", "dcObject", "organization"), "dc" => "my-domain", "o" => "my-domain", "description" => "Domain description", ); $ip = "127.0.0.1"; $ $control = ldap_control_session_tracking($link, "127.0.0.1", "localhost", LDAP_CONTROL_X_SESSION_TRACKING_USERNAME, "testuser"); ldap_modify($link, "dc=my-domain,dc=com", $entry, $control)
which results in the following log of the ldap (using loglevel stats):
Apr 25 14:59:32 testmachine slapd[4208]: conn=1014 op=5 [IP=127.0.0.1 NAME=localhost USERNAME=testuser] MOD dn="dc=my-domain,dc=com" Apr 25 14:59:32 testmachine slapd[4208]: conn=1014 op=5 [IP=127.0.0.1 NAME=localhost USERNAME=testuser] MOD attr=objectClass dc o description Apr 25 14:59:32 testmachine slapd[4208]: conn=1014 op=5 [IP=127.0.0.1 NAME=localhost USERNAME=testuser] RESULT tag=103 err=0 text=
