Difference between revisions of "PHP Extensions"

From stoney cloud
Jump to: navigation, search
[unchecked revision][unchecked revision]
(PHP Assertion Control)
Line 1: Line 1:
 
Several extensions to the existing PHP LDAP API have been developed to make it more suitable to our needs.
 
Several extensions to the existing PHP LDAP API have been developed to make it more suitable to our needs.
  
== PHP Assertion Control ==
+
== LDAP Assertion Control ==
  
 
To be able to safely change values, the Assertion Control is needed which results in a Compare-and-Set functionality.
 
To be able to safely change values, the Assertion Control is needed which results in a Compare-and-Set functionality.
Line 36: Line 36:
 
* set the new value with the assert that the value must match the previously fetched one
 
* set the new value with the assert that the value must match the previously fetched one
 
* if it succeeds you can safely use the previously set value, if not: repeat the procedure
 
* if it succeeds you can safely use the previously set value, if not: repeat the procedure
 +
 +
== LDAP Session Control ==
 +
 +
The implementation of the assertion is complete, but controls must be added to more PHP LDAP functions to make it useful.
 +
 +
The idea of this control is the possibility of tracking the queries made in the LDAP for a given session in the application:
 +
 +
<source lang='php'>
 +
$link = ldap_connect_and_bind($host, $port, $user, $passwd, $protocol_version);
 +
 +
$entry = array(
 +
    "objectClass"  => array(
 +
        "top",
 +
        "dcObject",
 +
        "organization"),
 +
    "dc"        => "my-domain",
 +
    "o"    => "my-domain",
 +
    "description"  => "Domain description",
 +
);
 +
 +
$control = ldap_control_session_tracking($link, "127.0.0.1", "localhost", LDAP_CONTROL_X_SESSION_TRACKING_USERNAME, "testuser");
 +
 +
ldap_modify($link, "dc=my-domain,dc=com", $entry, $control)
 +
</source>
 +
 +
which results in the following log of the ldap (using <code>loglevel stats</code>):
 +
 +
<pre>
 +
Apr 25 14:59:32 testmachine slapd[4208]: conn=1014 op=5 [IP=127.0.0.1 NAME=localhost USERNAME=testuser] MOD dn="dc=my-domain,dc=com"
 +
Apr 25 14:59:32 testmachine slapd[4208]: conn=1014 op=5 [IP=127.0.0.1 NAME=localhost USERNAME=testuser] MOD attr=objectClass dc o description
 +
Apr 25 14:59:32 testmachine slapd[4208]: conn=1014 op=5 [IP=127.0.0.1 NAME=localhost USERNAME=testuser] RESULT tag=103 err=0 text=
 +
</pre>
  
 
[[Category:Documentation]]
 
[[Category:Documentation]]
 
[[Category:PHP]]
 
[[Category:PHP]]
 
[[Category:LDAP]]
 
[[Category:LDAP]]

Revision as of 19:44, 27 April 2014

Several extensions to the existing PHP LDAP API have been developed to make it more suitable to our needs.

LDAP Assertion Control

To be able to safely change values, the Assertion Control is needed which results in a Compare-and-Set functionality.

Example (taken from ext/ldap/tests/ldap_control_assertion_basic.phpt):

$link = ldap_connect_and_bind($host, $port, $user, $passwd, $protocol_version);
 
$entry = array(
    "objectClass"   => array(
        "top",
        "dcObject",
        "organization"),
    "dc"          => "stoney-cloud",
    "o"           => "stoney-cloud",
    "description" => "stoney cloud root object",
);
 
ldap_modify($link, "dc=stoney-cloud,dc=org", $entry);
 
$assertion_string = "(description=stoney cloud root object)";
$control = ldap_control_assertion($link, $assertion_string);
 
// the following fails if the description has been changed in the meantime
ldap_modify($link, "dc=my-domain,dc=com", $entry, $control);

This can be used to safely increment variables, reserve IP addresses without race conditions.

Given a field in the LDAP which contains the the next free id or IP address:

  • get the current value
  • increment the value
  • set the new value with the assert that the value must match the previously fetched one
  • if it succeeds you can safely use the previously set value, if not: repeat the procedure

LDAP Session Control

The implementation of the assertion is complete, but controls must be added to more PHP LDAP functions to make it useful.

The idea of this control is the possibility of tracking the queries made in the LDAP for a given session in the application:

$link = ldap_connect_and_bind($host, $port, $user, $passwd, $protocol_version);
 
$entry = array(
    "objectClass"   => array(
        "top",
        "dcObject",
        "organization"),
    "dc"        => "my-domain",
    "o"     => "my-domain",
    "description"   => "Domain description",
);
 
$control = ldap_control_session_tracking($link, "127.0.0.1", "localhost", LDAP_CONTROL_X_SESSION_TRACKING_USERNAME, "testuser");
 
ldap_modify($link, "dc=my-domain,dc=com", $entry, $control)

which results in the following log of the ldap (using loglevel stats):

Apr 25 14:59:32 testmachine slapd[4208]: conn=1014 op=5 [IP=127.0.0.1 NAME=localhost USERNAME=testuser] MOD dn="dc=my-domain,dc=com"
Apr 25 14:59:32 testmachine slapd[4208]: conn=1014 op=5 [IP=127.0.0.1 NAME=localhost USERNAME=testuser] MOD attr=objectClass dc o description
Apr 25 14:59:32 testmachine slapd[4208]: conn=1014 op=5 [IP=127.0.0.1 NAME=localhost USERNAME=testuser] RESULT tag=103 err=0 text=