Skip to content

MLdap

Overview

MLdap is an object-oriented wrapper for native PHP LDAP functions. It simplifies access and manipulation of LDAP directories by providing a more intuitive interface than PHP's native functions.

This class allows you to:
- Connect to an LDAP server
- Perform searches with filters
- Add, modify, and delete entries and attributes
- Manage user authentication
- Handle binary attributes

Prerequisites

  • The PHP LDAP extension must be installed and enabled

Connection to the LDAP server

use mlib\net\ldap\MLdap;
use mlib\net\ldap\MLdapException;

try {
    // Anonymous connection
    $ldap = new MLdap('ldap.mydomain.com');

    // Or with authentication
    $ldap = new MLdap(
        'ldap.mydomain.com', // LDAP server
        389,                   // Port (default: 389)
        'cn=admin,dc=mydomain,dc=com', // User DN
        'password'           // Password
    );

    // Set the default search base
    $ldap->setDefaultBase('ou=users,dc=mydomain,dc=com');

} catch (MLdapException $e) {
    echo "LDAP connection error: " . $e->getMessage();
}

Searching for entries

// Search for all users
$results = $ldap->search('(objectClass=person)');

// Display results
foreach ($results as $i => $entry) {
    if ($i === 'count') continue;
    echo "DN: " . $entry['dn'] . "\n";
    echo "Name: " . $entry['cn'][0] . "\n";
    echo "Email: " . ($entry['mail'][0] ?? 'Not defined') . "\n\n";
}

Search with filters and specific attributes

// Search only names and emails of users whose name starts with 'Dupont'
$filter = '(&(objectClass=person)(sn=Dupont*))';
$attributes = ['cn', 'mail'];
$results = $ldap->search($filter, $attributes);

Retrieve an entry by its DN

$user = $ldap->get('uid=jdupont,ou=users,dc=mydomain,dc=com', ['cn', 'mail', 'telephoneNumber']);
if ($user) {
    echo "Full name: " . $user['cn'][0] . "\n";
    echo "Email: " . $user['mail'][0] . "\n";
}

Managing entries

Add an entry

$new_user = [
    'objectClass' => ['inetOrgPerson', 'organizationalPerson', 'person', 'top'],
    'cn' => ['John Dupont'],
    'sn' => ['Dupont'],
    'givenName' => ['John'],
    'mail' => ['john.dupont@example.com'],
    'userPassword' => ['password'], // Password must be encoded according to LDAP schema specifications
    'uid' => ['jdupont']
];

$ldap->add('uid=jdupont,ou=users,dc=mydomain,dc=com', $new_user);

Modify an entry

// Modify email and add a phone number
$modifications = [
    'mail' => ['new.email@example.com'],
    'telephoneNumber' => ['+33123456789']
];

$ldap->modify('uid=jdupont,ou=users,dc=mydomain,dc=com', $modifications);

Delete an entry

$ldap->delete('uid=jdupont,ou=users,dc=mydomain,dc=com');

Managing multi-valued attributes

Add values to an existing attribute

The modifyAdd method allows adding values to a multi-valued attribute without overwriting existing values.

// Add additional email addresses to a user
$additions = [
    'mail' => ['john.dupont@domain.fr', 'j.dupont@company.com']
];

$ldap->modifyAdd('uid=jdupont,ou=users,dc=mydomain,dc=com', $additions);

// Add multiple phone numbers
$numbers = [
    'telephoneNumber' => ['+33123456789', '+33612345678']
];

$ldap->modifyAdd('uid=jdupont,ou=users,dc=mydomain,dc=com', $numbers);

Delete values from an attribute

The modifyDel method allows deleting specific values from a multi-valued attribute.

// Delete a specific email address
$deletions = [
    'mail' => ['old.email@example.com']
];

$ldap->modifyDel('uid=jdupont,ou=users,dc=mydomain,dc=com', $deletions);

// Delete multiple phone numbers
$deletions = [
    'telephoneNumber' => ['+33123456789', '+33612345678']
];

$ldap->modifyDel('uid=jdupont,ou=users,dc=mydomain,dc=com', $deletions);

Comparison with the modify method

It's important to note the difference between modify and modifyAdd/modifyDel:

  • modify: Completely replaces attribute values
  • modifyAdd: Adds values to an existing attribute
  • modifyDel: Deletes specific values from an attribute

Example of difference:

// Suppose the 'mail' attribute contains: ['user@example.com', 'user@domain.com']

// With modify (replaces all values)
$ldap->modify('uid=user,dc=example,dc=com', ['mail' => ['new@example.com']]);
// Result: mail = ['new@example.com']

// With modifyAdd (adds values)
$ldap->modifyAdd('uid=user,dc=example,dc=com', ['mail' => ['other@example.com']]);
// Result: mail = ['user@example.com', 'user@domain.com', 'other@example.com']

User authentication

Authentication configuration

// Configure authentication parameters
$ldap->setAuthParameters(
    'uid',  // Attribute used for authentication (usually 'uid' or 'sAMAccountName')
    'ou=users,dc=mydomain,dc=com',  // Search base
    '(objectClass=person)'  // Optional filter to restrict authorized users
);

Verify credentials

$login = 'jdupont';
$password = 'password';

if ($ldap->authenticate($login, $password)) {
    echo "Authentication successful!";
} else {
    echo "Authentication failed";
}

Handling binary attributes

Retrieve a binary attribute (like a photo)

$photo = $ldap->getBinaryAttribute('uid=jdupont,ou=users,dc=mydomain,dc=com', 'jpegPhoto');
if (!empty($photo)) {
    file_put_contents('photo.jpg', $photo[0]);
}