6. Querying Oak LDAP from PHP
The instructions in this section assume that you have configured your system according to Common Client Configuration.
Install PHP support for SASL and LDAP. On Debian, these
are provided by the packages php5-sasl
and php5-ldap.
You will also need to be running with access to the kerberos credentials
(eg by running kinit
as described in the introductory documentation above).
If running with a web server, you could use k5start
to maintain a credentials cache separately, and set the KRB5CCNAME
environment variable in the PHP code.
#!/usr/bin/php
<?php
$base = 'ou=people,dc=oak,dc=ox,dc=ac,dc=uk';
$ldap = false;
$ldap = ldap_connect('ldaps://ldap.oak.ox.ac.uk');
if ( $ldap === false ) {
print "Could not contact LDAP server\n";
die;
}
ldap_set_option($ldap,LDAP_OPT_PROTOCOL_VERSION,3);
putenv("KRB5CCNAME=/PATH/TO/YOUR/service_ccache");
$ldap_bind_result = ldap_sasl_bind($ldap, NULL, NULL, 'GSSAPI');
if ( $ldap_bind_result === false ) {
print "Could not bind to LDAP server\n";
die;
}
$search = ldap_search($ldap, $base, '(sn=hargreaves)');
if ($search) {
$entries = ldap_get_entries($ldap,$search);
for($i=0; $i < $entries["count"];$i++) {
print "dn is: " . $entries[$i]["dn"] . "\n";
print "first cn entry is: " . $entries[$i]["cn"][0] . "\n";
print "first email is: " . $entries[$i]["mail"][0] . "\n";
}
}
?>
Note that PHP's ldap_get_entries function returns an associative array where the
LDAP attributes are given in lower case. For example, the LDAP attribute
givenName is obtained using
$entries[$i]["givenname"][0]
rather than
$entries[$i]["givenName"][0]
Up: Contents Previous: 5. Querying Oak LDAP From Perl Next: 7. Querying Oak LDAP from Python