Following on from Jeremy S's example.
Instead of defining LDAP_OPT_DIAGNOSTIC_MESSAGE as 0x32 then using it, you can just use the option already defined as that value :)
LDAP_OPT_ERROR_STRING
PHP - Manual: ldap_get_option
2024-12-21
(PHP 4 >= 4.0.4, PHP 5, PHP 7, PHP 8)
ldap_get_option — Get the current value for given option
Sets value
to the value of the specified option.
ldap
通过 ldap_connect() 返回的 LDAP\Connection 实例。
option
The parameter option
can be one of:
Option | Type | since |
---|---|---|
LDAP_OPT_DEREF |
int | |
LDAP_OPT_SIZELIMIT |
int | |
LDAP_OPT_TIMELIMIT |
int | |
LDAP_OPT_NETWORK_TIMEOUT |
int | |
LDAP_OPT_PROTOCOL_VERSION |
int | |
LDAP_OPT_ERROR_NUMBER |
int | |
LDAP_OPT_DIAGNOSTIC_MESSAGE |
int | |
LDAP_OPT_REFERRALS |
int | |
LDAP_OPT_RESTART |
int | |
LDAP_OPT_HOST_NAME |
string | |
LDAP_OPT_ERROR_STRING |
string | |
LDAP_OPT_MATCHED_DN |
string | |
LDAP_OPT_SERVER_CONTROLS |
array | |
LDAP_OPT_CLIENT_CONTROLS |
array | |
LDAP_OPT_X_KEEPALIVE_IDLE |
int | 7.1 |
LDAP_OPT_X_KEEPALIVE_PROBES |
int | 7.1 |
LDAP_OPT_X_KEEPALIVE_INTERVAL |
int | 7.1 |
LDAP_OPT_X_TLS_CACERTDIR |
string | 7.1 |
LDAP_OPT_X_TLS_CACERTFILE |
string | 7.1 |
LDAP_OPT_X_TLS_CERTFILE |
string | 7.1 |
LDAP_OPT_X_TLS_CIPHER_SUITE |
string | 7.1 |
LDAP_OPT_X_TLS_CRLCHECK |
int | 7.1 |
LDAP_OPT_X_TLS_CRL_NONE |
int | 7.1 |
LDAP_OPT_X_TLS_CRL_PEER |
int | 7.1 |
LDAP_OPT_X_TLS_CRL_ALL |
int | 7.1 |
LDAP_OPT_X_TLS_CRLFILE |
string | 7.1 |
LDAP_OPT_X_TLS_DHFILE |
string | 7.1 |
LDAP_OPT_X_TLS_KEYFILE |
string | 7.1 |
LDAP_OPT_X_TLS_PACKAGE |
string | 7.1 |
LDAP_OPT_X_TLS_PROTOCOL_MIN |
int | 7.1 |
LDAP_OPT_X_TLS_RANDOM_FILE |
string | 7.1 |
LDAP_OPT_X_TLS_REQUIRE_CERT |
int |
value
This will be set to the option value.
成功时返回 true
, 或者在失败时返回 false
。
版本 | 说明 |
---|---|
8.1.0 |
现在 ldap 参数接受 LDAP\Connection
实例,之前接受 资源(resource)。
|
示例 #1 Check protocol version
<?php
// $ds is a valid link identifier for a directory server
if (ldap_get_option($ds, LDAP_OPT_PROTOCOL_VERSION, $version)) {
echo "Using protocol version $version\n";
} else {
echo "Unable to determine protocol version\n";
}
?>
注意:
This function is only available when using OpenLDAP 2.x.x OR Netscape Directory SDK x.x.
Following on from Jeremy S's example.
Instead of defining LDAP_OPT_DIAGNOSTIC_MESSAGE as 0x32 then using it, you can just use the option already defined as that value :)
LDAP_OPT_ERROR_STRING
Here is how to tell if an Active Directory user account expired:
define('LDAP_OPT_DIAGNOSTIC_MESSAGE', 0x0032);
ldap_set_option($conn, LDAP_OPT_PROTOCOL_VERSION, 3);
ldap_set_option($conn, LDAP_OPT_REFERRALS, 0);
$bind = ldap_bind($conn, $user, $pass);
ldap_get_option($conn, LDAP_OPT_DIAGNOSTIC_MESSAGE, $extended_error);
if (!empty($extended_error))
{
$errno = explode(',', $extended_error)[2];
$errno = explode(' ', $errno)[2];
$errno = intval($errno);
if ($errno == 532)
$err = 'Unable to login: Password expired.';
}
PHP 7.1 added support for configuring the LDAP CA/Cert environment directly, rather than relying on the environment variables. I noticed that a lot of people are having trouble getting this to work.
The correct way is:
$ds=ldap_connect("ldap.google.com");
ldap_set_option(NULL, LDAP_OPT_X_TLS_CERTFILE, "/path/file.crt");
ldap_set_option(NULL, LDAP_OPT_X_TLS_KEYFILE, "/path/file.key");
ldap_set_option($ds, LDAP_OPT_PROTOCOL_VERSION, 3);
ldap_set_option($ds, LDAP_OPT_REFERRALS, 0);
ldap_start_tls($ds);
...
ldap_close($ds);
官方地址:https://www.php.net/manual/en/function.ldap-get-option.php