PHP: Hypertext Preprocessor (original) (raw)

ldap_set_option

(PHP 4 >= 4.0.4, PHP 5, PHP 7, PHP 8)

ldap_set_option — Set the value of the given option

Description

Return Values

Returns [true](reserved.constants.php#constant.true) on success or [false](reserved.constants.php#constant.false) on failure.

Changelog

Version Description
8.1.0 The ldap parameter expects an LDAP\Connection instance now; previously, a valid ldap link resource was expected.

Examples

Example #1 Set protocol version

<?php // $ds is a valid LDAP\Connection instance for a directory server if (ldap_set_option($ds, LDAP_OPT_PROTOCOL_VERSION, 3)) { echo "Using LDAPv3"; } else { echo "Failed to set protocol version to 3"; } ?>

Example #2 Set server controls

<?php // $ds is a valid LDAP\Connection instance for a directory server // control with no value $ctrl1 = array("oid" => "1.2.752.58.10.1", "iscritical" => true); // iscritical defaults to FALSE $ctrl2 = array("oid" => "1.2.752.58.1.10", "value" => "magic"); // try to set both controls if (!ldap_set_option($ds, LDAP_OPT_SERVER_CONTROLS, array($ctrl1, $ctrl2))) { echo "Failed to set server controls"; } ?>

Notes

Note:

This function is only available when using OpenLDAP 2.x.x OR Netscape Directory SDK x.x.

Found A Problem?

soulbros at yahoo dot com

23 years ago

`As john.hallam@compaq.com above mentioned ,one has to set option LDAP_OPT_PROTOCOL_VERSION=3
ldap_set_option($ds,LDAP_OPT_PROTOCOL_VERSION,3);
to use the ldap_rename function.

However, the ldap_set_option() line has to be written immediately after ldap_connect() and before ldap_bind() statements.

Christos Soulios

`

hansfn at gmail dot com

18 years ago

`Luckily you can turn on debugging before you open a connection:

ldap_set_option(NULL, LDAP_OPT_DEBUG_LEVEL, 7);

This way you at least can see in the logs if the connection fails...

`

php at richardneill dot org

2 years ago

`If you want to disable the TLS cert check (e.g. because you are doing an SSH port-forward, and ldaps is pointing to localhost), then you must invoke:

ldap_set_option(NULL, LDAP_OPT_X_TLS_REQUIRE_CERT,0)
before calling ldap_connect()

If you try:

$ds = ldap_connect(...)
ldap_set_option($ds, LDAP_OPT_X_TLS_REQUIRE_CERT,0)

then the option won't actually take effect, and the certificate will be checked anyway, and a TLS failure will happen..

`

technosophos

18 years ago

`The following flags are valid integer values for the LDAP_OPT_DEREF (as taken from the documentation for ldap_read()):

LDAP_DEREF_NEVER (int 0) - (default) aliases are never dereferenced.

LDAP_DEREF_SEARCHING (int 1) - aliases should be dereferenced during the search but not when locating the base object of the search.

LDAP_DEREF_FINDING (int 2) - aliases should be dereferenced when locating the base object but not during the search.

LDAP_DEREF_ALWAYS (int 3) - aliases should be dereferenced always.

Example:

These are defined in the draft C API (presumably from the original LDAP API). See draft-ietf-ldapext-ldap-c-api-xx.txt included in the OpenLDAP source code distribution.

`

Maarten at Aerobe

5 years ago

`PHP 7.1 added support for configuring the LDAP CA/Cert environment directly, rather than relying on the environment variables. I noticed that a lot of people are having trouble getting this to work.

The correct way is:
$ds=ldap_connect("ldap.google.com");
ldap_set_option(NULL, LDAP_OPT_X_TLS_CERTFILE, "/path/file.crt");
ldap_set_option(NULL, LDAP_OPT_X_TLS_KEYFILE, "/path/file.key");
ldap_set_option($ds, LDAP_OPT_PROTOCOL_VERSION, 3);
ldap_set_option($ds, LDAP_OPT_REFERRALS, 0);
ldap_start_tls($ds);
...
ldap_close($ds);

`

badbo_5834 at hotmail dot com

11 years ago

`I have the following code, but you do not rename the cn, that may be?

$TheDN = "cn=Nombre,ou=Addressbook,dc=axia-ldap,dc=net";
$newRDN = "cn=bill";
$newParent = "ou=Addressbook,dc=axia-ldap,dc=net";
ldap_set_option($ds,LDAP_OPT_PROTOCOL_VERSION,3);
result=ldaprename(result = ldap_rename(result=ldaprename(ds, TheDN,TheDN, TheDN,newRDN, $newParent, TRUE);

`

john dot hallam at compaq dot com

23 years ago

`To get this to work I had to set the LDAP version to 3 using ldap_set_option. Here is an example that might help:

$TheDN = "cn=john smith,ou=users,dc=acme,dc=com";
$newRDN = "cn=bill brown";
$newParent = "ou=users,dc=acme,dc=com";
ldap_set_option($ds,LDAP_OPT_PROTOCOL_VERSION,3);
@$result = ldap_rename($ds, TheDN,TheDN, TheDN,newRDN, $newParent, TRUE);

`

minusf at gmail dot com

19 years ago

`it seems that ldap_set_option returns 1 for bogus ldap_connect -ions also.
ldap_connect always returns a resource (documented in the
comments of ldap_connect) so it is not possible to check if the
ldap server is there or alive or what. and because ldap_set_option
must be between ldap_connect and ldap_bind, there seems to
be no sense in checking the return value.

it is a bit strange that ldap_bind is the first function which can
really check if a ldap resource is usable because it is the third
function in line to use when working with openldap.

set=ldapsetoption(set = ldap_set_option(set=ldapsetoption(connect, LDAP_OPT_PROTOCOL_VERSION, 3); echo $set; ?>

`