6. Querying Oak LDAP from PHP

The instructions in this section assume that you have configured your system according to Common Client Configuration.

Install PHP support for SASL and LDAP. On Debian, these are provided by the packages php5-sasl and php5-ldap.

You will also need to be running with access to the kerberos credentials (eg by running kinit as described in the introductory documentation above).

If running with a web server, you could use k5start to maintain a credentials cache separately, and set the KRB5CCNAME environment variable in the PHP code.

Sample code:

    #!/usr/bin/php
    <?php
    $base = 'ou=people,dc=oak,dc=ox,dc=ac,dc=uk';
    $ldap = false;
    $ldap = ldap_connect('ldaps://ldap.oak.ox.ac.uk');
    if ( $ldap === false ) {
        print "Could not contact LDAP server\n";
        die;
    }
    ldap_set_option($ldap,LDAP_OPT_PROTOCOL_VERSION,3);
    putenv("KRB5CCNAME=/PATH/TO/YOUR/service_ccache");
    $ldap_bind_result = ldap_sasl_bind($ldap, NULL, NULL, 'GSSAPI');
    if ( $ldap_bind_result === false ) {
        print "Could not bind to LDAP server\n";
        die;
    }
    $search = ldap_search($ldap, $base, '(sn=hargreaves)');
    if ($search) {
        $entries = ldap_get_entries($ldap,$search);
        for($i=0; $i < $entries["count"];$i++) {
            print "dn is: " . $entries[$i]["dn"] . "\n";
            print "first cn entry is: " . $entries[$i]["cn"][0] . "\n";
            print "first email is: " . $entries[$i]["mail"][0] . "\n";
        }
    }
    ?>

Note that PHP's ldap_get_entries function returns an associative array where the LDAP attributes are given in lower case. For example, the LDAP attribute givenName is obtained using

    $entries[$i]["givenname"][0]
rather than
    $entries[$i]["givenName"][0]

Up: Contents Previous: 5. Querying Oak LDAP From Perl Next: 7. Querying Oak LDAP from Python