Following on from Jeremy S's example. Instead of defining LDAP_OPT_DIAGNOSTIC_MESSAGE as 0x32 then using it, you can just use the option already defined as that value :)LDAP_OPT_ERROR_STRING
(PHP 4 >= 4.0.4, PHP 5, PHP 7, PHP 8)
ldap_get_option — Lee/escrit el valor actual de una opción
Establece el valor value
a la opción especificada.
ldap
An LDAP\Connection instance, returned by ldap_connect().
option
El parámetro option
puede tomar uno de los siguientes valores:
value
Valor a establecer para la opción.
Versión | Descripción |
---|---|
8.1.0 |
The ldap parameter expects an LDAP\Connection
instance now; previously, a valid ldap link resource was expected.
|
Ejemplo #1 Verificación de la versión del protocolo
<?php
// $ds debe ser una instancia válida de LDAP\Connection
if (ldap_get_option($ds, LDAP_OPT_PROTOCOL_VERSION, $version)) {
echo "Estamos utilizando el protocolo versión $version\n";
} else {
echo "No es posible determinar la versión del protocolo.\n";
}
?>
Nota:
Esta función solo está disponible con OpenLDAP 2.x.x O Netscape Directory SDK x.x, y fue añadida en PHP 4.0.4.
Following on from Jeremy S's example. Instead of defining LDAP_OPT_DIAGNOSTIC_MESSAGE as 0x32 then using it, you can just use the option already defined as that value :)LDAP_OPT_ERROR_STRING
Here is how to tell if an Active Directory user account expired:define('LDAP_OPT_DIAGNOSTIC_MESSAGE', 0x0032);ldap_set_option($conn, LDAP_OPT_PROTOCOL_VERSION, 3);ldap_set_option($conn, LDAP_OPT_REFERRALS, 0);$bind = ldap_bind($conn, $user, $pass);ldap_get_option($conn, LDAP_OPT_DIAGNOSTIC_MESSAGE, $extended_error);if (!empty($extended_error)){ $errno = explode(',', $extended_error)[2]; $errno = explode(' ', $errno)[2]; $errno = intval($errno); if ($errno == 532) $err = 'Unable to login: Password expired.';}
PHP 7.1 added support for configuring the LDAP CA/Cert environment directly, rather than relying on the environment variables. I noticed that a lot of people are having trouble getting this to work.The correct way is:$ds=ldap_connect("ldap.google.com"); ldap_set_option(NULL, LDAP_OPT_X_TLS_CERTFILE, "/path/file.crt");ldap_set_option(NULL, LDAP_OPT_X_TLS_KEYFILE, "/path/file.key");ldap_set_option($ds, LDAP_OPT_PROTOCOL_VERSION, 3);ldap_set_option($ds, LDAP_OPT_REFERRALS, 0);ldap_start_tls($ds);...ldap_close($ds);