ldap_get_option
(PHP 4 >= 4.0.4, PHP 5)
ldap_get_option — Get the current value for given option
Description
Sets retval to the value of the specified option.
Parameters
-
link_identifier -
An LDAP link identifier, returned by ldap_connect().
-
option -
The parameter
optioncan be one of:Option Type LDAP_OPT_DEREFinteger LDAP_OPT_SIZELIMITinteger LDAP_OPT_TIMELIMITinteger LDAP_OPT_NETWORK_TIMEOUTinteger LDAP_OPT_PROTOCOL_VERSIONinteger LDAP_OPT_ERROR_NUMBERinteger LDAP_OPT_REFERRALSbool LDAP_OPT_RESTARTbool LDAP_OPT_HOST_NAMEstring LDAP_OPT_ERROR_STRINGstring LDAP_OPT_MATCHED_DNstring LDAP_OPT_SERVER_CONTROLSarray LDAP_OPT_CLIENT_CONTROLSarray -
retval -
This will be set to the option value.
Return Values
Returns TRUE on success or FALSE on failure.
Examples
Example #1 Check protocol version
<?php
// $ds is a valid link identifier for a directory server
if (ldap_get_option($ds, LDAP_OPT_PROTOCOL_VERSION, $version)) {
echo "Using protocol version $version\n";
} else {
echo "Unable to determine protocol version\n";
}
?>
Notes
Note:
This function is only available when using OpenLDAP 2.x.x OR Netscape Directory SDK x.x.
- PHP Руководство
- Функции по категориям
- Индекс функций
- Справочник функций
- Другие службы
- Облегчённый протокол доступа к каталогам (LDAP)
- ldap_8859_to_t61
- ldap_add
- ldap_bind
- ldap_close
- ldap_compare
- ldap_connect
- ldap_control_paged_result_response
- ldap_control_paged_result
- ldap_count_entries
- ldap_delete
- ldap_dn2ufn
- ldap_err2str
- ldap_errno
- ldap_error
- ldap_escape
- ldap_explode_dn
- ldap_first_attribute
- ldap_first_entry
- ldap_first_reference
- ldap_free_result
- ldap_get_attributes
- ldap_get_dn
- ldap_get_entries
- ldap_get_option
- ldap_get_values_len
- ldap_get_values
- ldap_list
- ldap_mod_add
- ldap_mod_del
- ldap_mod_replace
- ldap_modify_batch
- ldap_modify
- ldap_next_attribute
- ldap_next_entry
- ldap_next_reference
- ldap_parse_reference
- ldap_parse_result
- ldap_read
- ldap_rename
- ldap_sasl_bind
- ldap_search
- ldap_set_option
- ldap_set_rebind_proc
- ldap_sort
- ldap_start_tls
- ldap_t61_to_8859
- ldap_unbind
Коментарии
Here is how to tell if an Active Directory user account expired:
define('LDAP_OPT_DIAGNOSTIC_MESSAGE', 0x0032);
ldap_set_option($conn, LDAP_OPT_PROTOCOL_VERSION, 3);
ldap_set_option($conn, LDAP_OPT_REFERRALS, 0);
$bind = ldap_bind($conn, $user, $pass);
ldap_get_option($conn, LDAP_OPT_DIAGNOSTIC_MESSAGE, $extended_error);
if (!empty($extended_error))
{
$errno = explode(',', $extended_error)[2];
$errno = explode(' ', $errno)[2];
$errno = intval($errno);
if ($errno == 532)
$err = 'Unable to login: Password expired.';
}
Following on from Jeremy S's example.
Instead of defining LDAP_OPT_DIAGNOSTIC_MESSAGE as 0x32 then using it, you can just use the option already defined as that value :)
LDAP_OPT_ERROR_STRING
PHP 7.1 added support for configuring the LDAP CA/Cert environment directly, rather than relying on the environment variables. I noticed that a lot of people are having trouble getting this to work.
The correct way is:
$ds=ldap_connect("ldap.google.com");
ldap_set_option(NULL, LDAP_OPT_X_TLS_CERTFILE, "/path/file.crt");
ldap_set_option(NULL, LDAP_OPT_X_TLS_KEYFILE, "/path/file.key");
ldap_set_option($ds, LDAP_OPT_PROTOCOL_VERSION, 3);
ldap_set_option($ds, LDAP_OPT_REFERRALS, 0);
ldap_start_tls($ds);
...
ldap_close($ds);