The Ldap Component

The Ldap component provides a means to connect to an LDAP server (OpenLDAP or Active Directory).

Installation

  1. $ composer require symfony/ldap

Note

If you install this component outside of a Symfony application, you mustrequire the vendor/autoload.php file in your code to enable the classautoloading mechanism provided by Composer. Readthis article for more details.

Usage

The Ldap class provides methods to authenticateand query against an LDAP server.

The Ldap class uses an AdapterInterfaceto communicate with an LDAP server. The adapterfor PHP's built-in LDAP extension, for example, can be configured using thefollowing options:

  • host
  • IP or hostname of the LDAP server
  • port
  • Port used to access the LDAP server
  • version
  • The version of the LDAP protocol to use
  • encryption
  • The encryption protocol: ssl, tls or none (default)
  • connection_string
  • You may use this option instead of host and port to connect to theLDAP server
  • optReferrals
  • Specifies whether to automatically follow referrals returned by the LDAP server
  • options
  • LDAP server's options as defined inConnectionOptionsFor example, to connect to a start-TLS secured LDAP server:
  1. use Symfony\Component\Ldap\Ldap;
  2.  
  3. $ldap = Ldap::create('ext_ldap', [
  4.     'host' => 'my-server',
  5.     'encryption' => 'ssl',
  6. ]);

Or you could directly specify a connection string:

  1. use Symfony\Component\Ldap\Ldap;
  2.  
  3. $ldap = Ldap::create('ext_ldap', ['connection_string' => 'ldaps://my-server:636']);

The bind() methodauthenticates a previously configured connection using both thedistinguished name (DN) and the password of a user:

  1. use Symfony\Component\Ldap\Ldap;
  2. // ...
  3.  
  4. $ldap->bind($dn, $password);

Once bound (or if you enabled anonymous authentication on yourLDAP server), you may query the LDAP server using thequery() method:

  1. use Symfony\Component\Ldap\Ldap;
  2. // ...
  3.  
  4. $query = $ldap->query('dc=symfony,dc=com', '(&(objectclass=person)(ou=Maintainers))');
  5. $results = $query->execute();
  6.  
  7. foreach ($results as $entry) {
  8.     // Do something with the results
  9. }

By default, LDAP entries are lazy-loaded. If you wish to fetchall entries in a single call and do something with the results'array, you may use thetoArray() method:

  1. use Symfony\Component\Ldap\Ldap;
  2. // ...
  3.  
  4. $query = $ldap->query('dc=symfony,dc=com', '(&(objectclass=person)(ou=Maintainers))');
  5. $results = $query->execute()->toArray();
  6.  
  7. // Do something with the results array

By default, LDAP queries use the Symfony\Component\Ldap\Adapter::SCOPE_SUBscope, which corresponds to the LDAP_SCOPE_SUBTREE scope of theldap_search function. You can also use SCOPE_BASE (relatedto the LDAP_SCOPE_BASE scope of ldap_read) and SCOPE_ONE(related to the LDAP_SCOPE_ONELEVEL scope of ldap_list):

  1. use Symfony\Component\Ldap\Adapter;
  2.  
  3. $query = $ldap->query('dc=symfony,dc=com', '...', ['scope' => Adapter::SCOPE_ONE]);

Creating or Updating Entries

The Ldap component provides means to create new LDAP entries, update or evendelete existing ones:

  1. use Symfony\Component\Ldap\Entry;
  2. use Symfony\Component\Ldap\Ldap;
  3. // ...
  4.  
  5. $entry = new Entry('cn=Fabien Potencier,dc=symfony,dc=com', [
  6.     'sn' => ['fabpot'],
  7.     'objectClass' => ['inetOrgPerson'],
  8. ]);
  9.  
  10. $entryManager = $ldap->getEntryManager();
  11.  
  12. // Creating a new entry
  13. $entryManager->add($entry);
  14.  
  15. // Finding and updating an existing entry
  16. $query = $ldap->query('dc=symfony,dc=com', '(&(objectclass=person)(ou=Maintainers))');
  17. $result = $query->execute();
  18. $entry = $result[0];
  19. $entry->setAttribute('email', ['[email protected]']);
  20. $entryManager->update($entry);
  21.  
  22. // Adding or removing values to a multi-valued attribute is more efficient than using update()
  23. $entryManager->addAttributeValues($entry, 'telephoneNumber', ['+1.111.222.3333', '+1.222.333.4444']);
  24. $entryManager->removeAttributeValues($entry, 'telephoneNumber', ['+1.111.222.3333', '+1.222.333.4444']);
  25.  
  26. // Removing an existing entry
  27. $entryManager->remove(new Entry('cn=Test User,dc=symfony,dc=com'));

Batch Updating

Use the entry manager's applyOperations()method to update multiple attributes at once:

  1. use Symfony\Component\Ldap\Entry;
  2. use Symfony\Component\Ldap\Ldap;
  3. // ...
  4.  
  5. $entry = new Entry('cn=Fabien Potencier,dc=symfony,dc=com', [
  6.     'sn' => ['fabpot'],
  7.     'objectClass' => ['inetOrgPerson'],
  8. ]);
  9.  
  10. $entryManager = $ldap->getEntryManager();
  11.  
  12. // Adding multiple email addresses at once
  13. $entryManager->applyOperations($entry->getDn(), [
  14.     new UpdateOperation(LDAP_MODIFY_BATCH_ADD, 'mail', '[email protected]'),
  15.     new UpdateOperation(LDAP_MODIFY_BATCH_ADD, 'mail', '[email protected]'),
  16. ]);

Possible operation types are LDAP_MODIFY_BATCH_ADD, LDAP_MODIFY_BATCH_REMOVE,LDAP_MODIFY_BATCH_REMOVE_ALL, LDAP_MODIFY_BATCH_REPLACE. Parameter$values must be NULL when using LDAP_MODIFY_BATCH_REMOVE_ALLoperation type.