What is LDAP

What is LDAP?
LDAP is a protocol used to publish directory information to many different resources. Usually it is used as a centralized address book, but it can be more powerful depending on the needs of the organizer.
The most basic form of LDAP is a standard way to connect to a database. The database is optimized for read queries. So it can get the results of the query quickly, but in other ways, such as updates, it's much slower. It is particularly noteworthy that LDAP is typically used as a hierarchal database rather than as a relational database. Therefore, its structure is better represented by a tree than by a table. Because of this, you cannot use SQL statements.

In short, LDAP is a quick way to get centralized, static data about people or resources.

LDAP is the abbreviation for Lightweight Directory Access Protocol (Lightweight Directory Access Protocol), in fact a phonebook, similar to what we use such as NIS (Network information Service), DNS ( Domain Name Service), and similar to the trees you see in the garden.
LDAP is a special kind of database. But it's important to understand that LDAP is different from the general database. LDAP optimizes queries and has a much better read performance than write performance.
1.1 Storage rules for LDAP
Distinguished Name (dn,distinguished name)
Unlike the trees in nature, the file system/ldap/each piece of the phone book directory has at least one unique attribute that can help us to differentiate between the branches and leaves.
In the file system, these unique properties are the file names with the full path. For example/ETC/PASSWD, the filename is unique under the path. Of course we can have/usr/passwd,/opt/passwd, but according to their full path, they are still unique.
In LDAP, the distinguished name of an entry is called "DN" or is called a distinguished name. This name is always unique in a directory. For example, my DN is "Uid=aghaffar, Ou=people, o=developer.ch". It is impossible to have the same DN, but we can have a DN such as "Uid=aghaffar, Ou=administrators, o=developer.ch". This is similar to the example of/etc/passwd and/USR/PASSWD in the file system above.
We have unique attributes, UID in "ou=administrators, o=developer.ch" and uid in "Ou=people, o=developer.ch". This is not contradictory.
Cn=common name is the username or server name, up to 80 characters long, can be Chinese;
Ou=organization Unit for organizational units, up to four levels, each level of up to 32 characters, can be Chinese;
O=organization is an organization name and can be 3-64 characters in length
C=country is a country name, optional, 2 characters in length

The LDAP directory stores record entries in the form of a series of "property pairs", each of which includes attribute types and property values (which are fundamentally different from accessing data with rows and columns in relational databases).
Mail = testmail@mccc.net
Othermailbox = testmailother@mccc.com
givenname = givenname
sn = Test SN
Property can be added, one of the following properties must be assigned a value:
Objectclass=person (value: person or server or organization or other custom value)

2 How PHP operates LDAP
2.1 How PHP connects and shuts down with LDAP
$ds =ldap_connect ("ServerName")
ServerName is the name of the LDAP server,

Cases:
$ds =ldap_connect ("10.31.172.30:1000")
The return value is: TRUE or False

Close connection
Ldap_close ($DS);

2.2 How to search for user information in PHP

$ds =ldap_connect ("10.31.172.30:1000");
Connect to the server first
$justthese = Array ("CN", "UserPassword", "location");
Search for a parameter in a function that asks what information to return.
The above is returned to cn,userpassword,location, which requires lowercase
$SR =ldap_search ($ds, "O=jite", "cn=dom*", $justthese);
The first parameter opens the LDAP code
The second parameter most basic DN condition value, Example: "O=JITE,C=CN"
The third parameter, filter, is a Boolean condition, and its syntax can be found on a dirsdkpg.pdf file at Netscape station.
' O ' for organization name, ' CN ' for username, user name available wildcard ' * '
echo "DomAdmin surname has". Ldap_count_entries ($ds, $SR). "<p>";
Ldap_count_entries ($ds, $SR) returns the total number of records

$info = Ldap_get_entries ($ds, $SR);
Full return of LDAP data
echo "Data returns". $info [Count]. " Pen:<p> ";
for ($i =0; $i < $info [Count]; $i + +) {
echo "DN is:". $info [$i] [dn]. " <br> ";
Echo "CN is:". $info [$i] ["cn"][0]. " <br> "; Display user Name
echo "Email is:". $info [$i] ["Mail"][0]. " <p> "; Show mail
echo "Email is:". $info [$i] ["UserPassword"][0]. " <p> "; Display the encrypted password
}
2.3 Adding users
$ds =ldap_connect ("10.31.172.30:1000");
Connect to the server first
$r =ldap_bind ($ds, "Cn=domadmin,o=jite", "password");
Fasten an admin, have write permission
Cn=domadmin,o=jite order cannot be changed
$info ["cn"]= "AAA"; Must fill
$info ["UserPassword"]= "AAA";
$info ["Location"]= "Shanghai";
$info ["objectclass"] = "person"; Must fill in person for personal, also have server ...
Ldap_add ($ds, "cn=". $info ["cn"]. ", O=jite", $info);
Ldap_unbind ($DS);
Unbind
Ldap_close ($DS);
Close connection
2.4 Delete User
$ds =ldap_connect ("10.31.172.30:1000");
Connect to the server first
Ldap_bind ($ds, "Cn=domadmin,o=jite", "password");
Binding administrator, with permission to delete
$DN = "Cn=dingxf,o=jite";
Ldap_delete ($ds, $DN);
Delete User
Ldap_unbind ($DS);
Unbind
Ldap_close ($DS);
Close connection
2.5 Modify User Information
$ds =ldap_connect ("10.31.172.30:1000");
Connect to the server first
Ldap_bind ($ds, "Cn=domadmin,o=jite", "password");
Binding administrator, with modified permissions
$DN = "Cn=dingxf,o=jite";
User DN
$info ["UserPassword"]= "AAA"; The information to be modified, placed in the array variable
$info ["Location"]= "SHANGHAISDAF";

Ldap_modify ($ds, $DN, $info);
modifying functions
Ldap_unbind ($DS);
Unbind
Ldap_close ($DS);
Close connection
2.6 User logon authentication
$ds =ldap_connect ("10.31.172.30:1000");
Connect to the server first
if (Ldap_bind ($ds, "Cn=dingxf,o=jite", "DINGXF")) {
echo "Validate through";
}else{
echo "Validation does not pass";
}
Ldap_unbind ($DS);
Unbind
Ldap_close ($DS);
Close connection




Note: This method is relatively simple, practical, it also has deficiencies, if not through, ldap_bind () prompted it with the prompt: "Warning:LDAP:Unable to bind to server:inappropriate authentication IN/HOME/HTDOCS/JLDL.NET/LDAP/TEST.PHP3 on line 16 "