Ldap
What is LDAP
LDAP is a protocol used to publish directory information to many different resources. Usually it is used as a centralized address book, but it can be made more powerful according to the organizer's needs.
The most basic form of LDAP is a standard way to connect to a database. This database is optimized for read queries. So it can get query results very quickly, but in other ways, such as updating, it's much slower. It is important to note that LDAP is typically used as a hierarchal database instead of a relational database. Therefore, its structure is better represented by a tree than by a table. Because of this, you cannot use SQL statements.
In short, LDAP is a quick way to get centralized, static data about people or resources.
LDAP is an abbreviation for the Lightweight Directory Access Protocol (lightweight directories access Protocol), which is actually a number book, similar to what we use, such as the NIS (Network information Service), DNS ( Domain Name Service), and similar to the trees you see in the garden.
LDAP is a special kind of database. However, it is important to understand that LDAP differs from the general database. LDAP optimizes queries, which are much better than write performance for LDAP read performance.
1.1 Storage rules for LDAP
Distinguished Name (dn,distinguished name)
Unlike the trees in the natural world, the filesystem/ldap/has at least one unique attribute for each leaf in the directory, and this attribute can help us to differentiate the foliage.
In the file system, these unique attributes are file names with full paths. For example,/etc/passwd, the file name is unique under this path. Of course we can have/usr/passwd,/opt/passwd, but according to their full path, they are still unique.
In LDAP, the distinguished name of an entry is called a "DN" or a distinction named. This name is always unique in a directory. For example, my DN is "Uid=aghaffar, Ou=people, o=developer.ch". It is not possible to have the same DN, but we can have a DN such as "Uid=aghaffar, Ou=administrators, o=developer.ch". This is similar to the example of/etc/passwd and/USR/PASSWD in the file system above.
We have unique attributes, UID in "ou=administrators, o=developer.ch" and uid in "Ou=people, o=developer.ch". This is not contradictory.
Cn=common name is a user name or server name and can be up to 80 characters long and can be in Chinese;
Ou=organization Unit is an organizational unit, can have a maximum of four levels, a maximum of 32 characters per level, can be Chinese;
O=organization is the name of the organization and can be 3-64 characters in length
C=country is a country name, optional, 2 characters in length
The LDAP directory stores record items in a series of "property pairs", each of which includes attribute types and attribute values (which is fundamentally different from the relational database accessing data using rows and columns).
Mail = testmail@mccc.net
Othermailbox = testmailother@mccc.com
givenname = givenname
sn = Test SN
Property can be added, one of the following properties must be assigned:
Objectclass=person (value: person or server or organization or other custom value)
2 How PHP operates LDAP
2.1 How PHP connects and shuts down with LDAP
$ds =ldap_connect ("ServerName")
ServerName is the server name for LDAP,
Cases:
$ds =ldap_connect ("10.31.172.30:1000")
The return value is: TRUE or False
Close connection
Ldap_close ($DS);
2.2 How to search for user information in PHP
$ds =ldap_connect ("10.31.172.30:1000");
Connect to the server first
$justthese = Array ("CN", "UserPassword", "location");
A parameter in the search function that asks what information to return,
The above returns to Cn,userpassword,location, which all require lowercase
$SR =ldap_search ($ds, "O=jite", "cn=dom*", $justthese);
The first parameter opens the LDAP code.
The second parameter is the most basic DN condition value, for example: "O=JITE,C=CN"
The third parameter, filter, is the Boolean condition, and its syntax allows you to find a dirsdkpg.pdf file on the Netscape station.
' O ' is the name of the organization, ' CN ' is the username and the user name can be used as a wildcard ' * '
echo "DomAdmin surname". Ldap_count_entries ($ds, $SR). "A
";
Ldap_count_entries ($ds, $SR) Total number of records returned
$info = Ldap_get_entries ($ds, $SR);
All data returned by LDAP
echo "Data returned". $info ["Count"]. " Pen:
";
for ($i =0; $i < $info ["Count"]; $i + +) {
echo "DN is:". $info [$i] [dn]. "
";
Echo "CN is:". $info [$i] [CN]][0]. "
"; Show user Name
echo "Email is:". $info [$i] ["Mail"][0]. "
"; Show mail
echo "Email is:". $info [$i] ["UserPassword"][0]. "
"; Show the encrypted password
}
2.3 Adding users
$ds =ldap_connect ("10.31.172.30:1000");
Connect to the server first
$r =ldap_bind ($ds, "Cn=domadmin,o=jite", "password");
Tied to an administrator with write permission
Cn=domadmin,o=jite order cannot be changed
$info ["cn"]= "AAA"; Must fill in
$info ["UserPassword"]= "AAA";
$info ["Location"]= "Shanghai";
$info ["objectclass"] = "person"; Required person is an individual, and the server ...
Ldap_add ($ds, "cn=". $info ["cn"]. ", O=jite", $info);
Ldap_unbind ($DS);
Unbind
Ldap_close ($DS);
Close connection
2.4 Deleting a user
$ds =ldap_connect ("10.31.172.30:1000");
Connect to the server first
Ldap_bind ($ds, "Cn=domadmin,o=jite", "password");
Binding administrator, with delete permission
$DN = "Cn=dingxf,o=jite";
Ldap_delete ($ds, $DN);
Delete User
Ldap_unbind ($DS);
Unbind
Ldap_close ($DS);
Close connection
2.5 Modifying user Profiles
$ds =ldap_connect ("10.31.172.30:1000");
Connect to the server first
Ldap_bind ($ds, "Cn=domadmin,o=jite", "password");
Binding administrator, with modified permissions
$DN = "Cn=dingxf,o=jite";
User DN
$info ["UserPassword"]= "AAA"; The information to be modified, placed in the array variable
$info ["Location"]= "SHANGHAISDAF";
Ldap_modify ($ds, $DN, $info);
modifying functions
Ldap_unbind ($DS);
Unbind
Ldap_close ($DS);
Close connection
2.6 User Login Verification
$ds =ldap_connect ("10.31.172.30:1000");
Connect to the server first
if (Ldap_bind ($ds, "Cn=dingxf,o=jite", "DINGXF")) {
echo "Verification Pass";
}else{
echo "Verification does not pass";
}
Ldap_unbind ($DS);
Unbind
Ldap_close ($DS);
Close connection
Note: This method is relatively simple, practical, it also has shortcomings, if not, ldap_bind () hint it comes with the prompt: "Warning:LDAP:Unable to bind to server:inappropriate authentication IN/HOME/HTDOCS/JLDL.NET/LDAP/TEST.PHP3 on line 16 "