Introduction

API overview

Configuration / options

The Zend_Ldap component accepts an array of options either supplied to the constructor or through the setOptions() method. The permitted options are as follows:

Zend_Ldap Options
Name Description
host The default hostname of LDAP server if not supplied to connect() (also may be used when trying to canonicalize usernames in bind()).
port Default port of LDAP server if not supplied to connect().
useStartTls Whether or not the LDAP client should use TLS (aka SSLv2) encrypted transport. A value of TRUE is strongly favored in production environments to prevent passwords from be transmitted in clear text. The default value is FALSE, as servers frequently require that a certificate be installed separately after installation. The useSsl and useStartTls options are mutually exclusive. The useStartTls option should be favored over useSsl but not all servers support this newer mechanism.
useSsl Whether or not the LDAP client should use SSL encrypted transport. The useSsl and useStartTls options are mutually exclusive.
username The default credentials username. Some servers require that this be in DN form. This must be given in DN form if the LDAP server requires a DN to bind and binding should be possible with simple usernames.
password The default credentials password (used only with username above).
bindRequiresDn If TRUE, this instructs Zend_Ldap to retrieve the DN for the account used to bind if the username is not already in DN form. The default value is FALSE.
baseDn The default base DN used for searching (e.g., for accounts). This option is required for most account related operations and should indicate the DN under which accounts are located.
accountCanonicalForm A small integer indicating the form to which account names should be canonicalized. See the Account Name Canonicalization section below.
accountDomainName The FQDN domain for which the target LDAP server is an authority (e.g., example.com).
accountDomainNameShort The 'short' domain for which the target LDAP server is an authority. This is usually used to specify the NetBIOS domain name for Windows networks but may also be used by non-AD servers.
accountFilterFormat The LDAP search filter used to search for accounts. This string is a » sprintf() style expression that must contain one '%s' to accommodate the username. The default value is '(&(objectClass=user)(sAMAccountName=%s))' unless bindRequiresDn is set to TRUE, in which case the default is '(&(objectClass=posixAccount)(uid=%s))'. Users of custom schemas may need to change this option.
allowEmptyPassword Some LDAP servers can be configured to accept an empty string password as an anonymous bind. This behavior is almost always undesirable. For this reason, empty passwords are explicitly disallowed. Set this value to TRUE to allow an empty string password to be submitted during the bind.
optReferrals If set to TRUE, this option indicates to the LDAP client that referrals should be followed. The default value is FALSE.
tryUsernameSplit If set to FALSE, this option indicates that the given username should not be split at the first @ or \ character to separate the username from the domain during the binding-procedure. This allows the user to use usernames that contain an @ or \ character that do not inherit some domain-information, e.g. using email-addresses for binding. The default value is TRUE.

API Reference

Note: Method names in italics are static methods.

Zend_Ldap

Zend_Ldap is the base interface into a LDAP server. It provides connection and binding methods as well as methods to operate on the LDAP tree.

Zend_Ldap API
Method Description
string filterEscape(string $str) Escapes a value to be used in a LDAP filter according to RFC 2254. This method is deprecated, please use Zend_Ldap_Filter_Abstract::escapeValue() instead.
boolean explodeDn($dn, array &$keys = null, array &$vals = null) Checks if a given DN $dn is malformed. If $keys or $keys and $vals are given, these arrays will be filled with the appropriate DN keys and values. This method is deprecated, please use Zend_Ldap_Dn::checkDn() instead.
__construct($options) Constructor. The $options parameter is optional and can be set to an array or a Zend_Config instance. If no options are provided at instantiation, the connection parameters must be passed to the instance using Zend_Ldap::setOptions(). The allowed options are specified in Zend_Ldap Options
resource getResource() Returns the raw LDAP extension (ext/ldap) resource.
integer getLastErrorCode() Returns the LDAP error number of the last LDAP command.
string getLastError(integer &$errorCode, array &$errorMessages) Returns the LDAP error message of the last LDAP command. The optional $errorCode parameter is set to the LDAP error number when given. The optional $errorMessages array will be filled with the raw error messages when given. The various LDAP error retrieval functions can return different things, so they are all collected if $errorMessages is given.
Zend_Ldap setOptions($options) Sets the LDAP connection and binding parameters. $options can be an array or an instance of Zend_Config. The allowed options are specified in Zend_Ldap Options
array getOptions() Returns the current connection and binding parameters.
string getBaseDn() Returns the base DN this LDAP connection is bound to.
string getCanonicalAccountName(string $acctname, integer $form) Returns the canonical account name of the given account name $acctname. $form specifies the format into which the account name is canonicalized. See Account Name Canonicalization for more details.
Zend_Ldap disconnect() Disconnects the Zend_Ldap instance from the LDAP server.
Zend_Ldap connect(string $host, integer $port, boolean $useSsl, boolean $useStartTls) Connects the Zend_Ldap instance to the given LDAP server. All parameters are optional and will be taken from the LDAP connection and binding parameters passed to the instance via the construtor or via Zend_Ldap::setOptions() when set to NULL.
Zend_Ldap bind(string $username, string $password) Authenticates $username with $password at the LDAP server. If both paramaters are omitted the binding will be carried out with the credentials given in the connection and binding parameters. If no credentials are given in the connection and binding parameters an anonymous bind will be performed. Note that this requires anonymous binds to be allowed on the LDAP server. An empty string '' can be passed as $password together with a username if, and only if, allowEmptyPassword is set to TRUE in the connection and binding parameters.
Zend_Ldap_Collection search(string|Zend_Ldap_Filter_Abstract $filter, string|Zend_Ldap_Dn $basedn, integer $scope, array $attributes, string $sort, string $collectionClass) Searches the LDAP tree with the given $filter and the given search parameters.
string|Zend_Ldap_Filter_Abstract $filter

The filter string to be used in the search, e.g. (objectClass=posixAccount).

string|Zend_Ldap_Dn $basedn

The search base for the search. If omitted or NULL, the baseDn from the connection and binding parameters is used.

integer $scope

The search scope. Zend_Ldap::SEARCH_SCOPE_SUB searches the complete subtree including the $baseDn node. Zend_Ldap::SEARCH_SCOPE_ONE restricts search to one level below $baseDn. Zend_Ldap::SEARCH_SCOPE_BASE restricts search to the $baseDn itself; this can be used to efficiently retrieve a single entry by its DN. The default value is Zend_Ldap::SEARCH_SCOPE_SUB.

array $attributes

Specifies the attributes contained in the returned entries. To include all possible attributes (ACL restrictions can disallow certain attribute to be retrieved by a given user) pass either an empty array array() or array('*') to the method. On some LDAP servers you can retrieve special internal attributes by passing array('*', '+') to the method.

string $sort

If given the result collection will be sorted after the attribute $sort. Results can only be sorted after one single attribute as this parameter uses the ext/ldap function ldap_sort().

string $collectionClass

If given the result will be wrapped in an object of type $collectionClass. By default an object of type Zend_Ldap_Collection will be returned. The custom class must extend Zend_Ldap_Collection and will be passed a Zend_Ldap_Collection_Iterator_Default on instantiation.

integer count(string|Zend_Ldap_Filter_Abstract $filter, string|Zend_Ldap_Dn $basedn, integer $scope) Counts the elements returned by the given search parameters. See Zend_Ldap::search() for a detailed description of the method parameters.
integer countChildren(string|Zend_Ldap_Dn $dn) Counts the direct descendants (children) of the entry identified by the given $dn.
boolean exists(string|Zend_Ldap_Dn $dn) Checks whether the entry identified by the given $dn exists.
array searchEntries(string|Zend_Ldap_Filter_Abstract $filter, string|Zend_Ldap_Dn $basedn, integer $scope, array $attributes, string $sort) Performs a search operation and returns the result as an PHP array. This is essentially the same method as Zend_Ldap::search() except for the return type. See Zend_Ldap::search() for a detailed description of the method parameters.
array getEntry(string|Zend_Ldap_Dn $dn, array $attributes, boolean $throwOnNotFound) Retrieves the LDAP entry identified by $dn with the attributes specified in $attributes. if $attributes is ommitted, all attributes ( array()) are included in the result. $throwOnNotFound is FALSE by default, so the method will return NULL if the specified entry cannot be found. If set to TRUE, a Zend_Ldap_Exception will be thrown instead.
void prepareLdapEntryArray(array &$entry) Prepare an array for the use in LDAP modification operations. This method does not need to be called by the end-user as it's implicitly called on every data modification method.
Zend_Ldap add(string|Zend_Ldap_Dn $dn, array $entry) Adds the entry identified by $dn with its attributes $entry to the LDAP tree. Throws a Zend_Ldap_Exception if the entry could not be added.
Zend_Ldap update(string|Zend_Ldap_Dn $dn, array $entry) Updates the entry identified by $dn with its attributes $entry to the LDAP tree. Throws a Zend_Ldap_Exception if the entry could not be modified.
Zend_Ldap save(string|Zend_Ldap_Dn $dn, array $entry) Saves the entry identified by $dn with its attributes $entry to the LDAP tree. Throws a Zend_Ldap_Exception if the entry could not be saved. This method decides by querying the LDAP tree if the entry will be added or updated.
Zend_Ldap delete(string|Zend_Ldap_Dn $dn, boolean $recursively) Deletes the entry identified by $dn from the LDAP tree. Throws a Zend_Ldap_Exception if the entry could not be deleted. $recursively is FALSE by default. If set to TRUE the deletion will be carried out recursively and will effectively delete a complete subtree. Deletion will fail if $recursively is FALSE and the entry $dn is not a leaf entry.
Zend_Ldap moveToSubtree(string|Zend_Ldap_Dn $from, string|Zend_Ldap_Dn $to, boolean $recursively, boolean $alwaysEmulate) Moves the entry identified by $from to a location below $to keeping its RDN unchanged. $recursively specifies if the operation will be carried out recursively (FALSE by default) so that the entry $from and all its descendants will be moved. Moving will fail if $recursively is FALSE and the entry $from is not a leaf entry. $alwaysEmulate controls whether the ext/ldap function ldap_rename() should be used if available. This can only work for leaf entries and for servers and for ext/ldap supporting this function. Set to TRUE to always use an emulated rename operation.

Note: All move-operations are carried out by copying and then deleting the corresponding entries in the LDAP tree. These operations are not atomic so that failures during the operation will result in an inconsistent state on the LDAP server. The same is true for all recursive operations. They also are by no means atomic. Please keep this in mind.

Zend_Ldap move(string|Zend_Ldap_Dn $from, string|Zend_Ldap_Dn $to, boolean $recursively, boolean $alwaysEmulate) This is an alias for Zend_Ldap::rename().
Zend_Ldap rename(string|Zend_Ldap_Dn $from, string|Zend_Ldap_Dn $to, boolean $recursively, boolean $alwaysEmulate) Renames the entry identified by $from to $to. $recursively specifies if the operation will be carried out recursively (FALSE by default) so that the entry $from and all its descendants will be moved. Moving will fail if $recursively is FALSE and the entry $from is not a leaf entry. $alwaysEmulate controls whether the ext/ldap function ldap_rename() should be used if available. This can only work for leaf entries and for servers and for ext/ldap supporting this function. Set to TRUE to always use an emulated rename operation.
Zend_Ldap copyToSubtree(string|Zend_Ldap_Dn $from, string|Zend_Ldap_Dn $to, boolean $recursively) Copies the entry identified by $from to a location below $to keeping its RDN unchanged. $recursively specifies if the operation will be carried out recursively (FALSE by default) so that the entry $from and all its descendants will be copied. Copying will fail if $recursively is FALSE and the entry $from is not a leaf entry.
Zend_Ldap copy(string|Zend_Ldap_Dn $from, string|Zend_Ldap_Dn $to, boolean $recursively) Copies the entry identified by $from to $to. $recursively specifies if the operation will be carried out recursively (FALSE by default) so that the entry $from and all its descendants will be copied. Copying will fail if $recursively is FALSE and the entry $from is not a leaf entry.
Zend_Ldap_Node getNode(string|Zend_Ldap_Dn $dn) Returns the entry $dn wrapped in a Zend_Ldap_Node.
Zend_Ldap_Node getBaseNode() Returns the entry for the base DN $baseDn wrapped in a Zend_Ldap_Node.
Zend_Ldap_Node_RootDse getRootDse() Returns the RootDSE for the current server.
Zend_Ldap_Node_Schema getSchema() Returns the LDAP schema for the current server.

Zend_Ldap_Collection

Zend_Ldap_Collection implements Iterator to allow for item traversal using foreach() and Countable to be able to respond to count(). With its protected _createEntry() method it provides a simple extension point for developers needing custom result objects.

Zend_Ldap_Collection API
Method Description
__construct(Zend_Ldap_Collection_Iterator_Interface $iterator) Constructor. The constrcutor must be provided by a Zend_Ldap_Collection_Iterator_Interface which does the real result iteration. Zend_Ldap_Collection_Iterator_Default is the default implementation for iterating ext/ldap results.
boolean close() Closes the internal iterator. This is also called in the destructor.
array toArray() Returns all entries as an array.
array getFirst() Returns the first entry in the collection or NULL if the collection is empty.

Zend_Ldap_Attribute

Zend_Ldap_Attribute is a helper class providing only static methods to manipulate arrays suitable to the structure used in Zend_Ldap data modification methods and to the data format required by the LDAP server. PHP data types are converted the following way:

string

No conversion will be done.

integer and float

The value will be converted to a string.

boolean

TRUE will be converted to 'TRUE' and FALSE to 'FALSE'

object and array

The value will be converted to a string by using serialize().

resource

If a stream resource is given, the data will be fetched by calling stream_get_contents().

others

All other data types (namely non-stream resources) will be ommitted.

On reading attribute values the following conversion will take place:

'TRUE'

Converted to TRUE.

'FALSE'

Converted to FALSE.

others

All other strings won't be automatically converted and are passed as they are.

Zend_Ldap_Attribute API
Method Description
void setAttribute(array &$data, string $attribName, mixed $value, boolean $append) Sets the attribute $attribName in $data to the value $value. If $append is TRUE (FALSE by default) $value will be appended to the attribute. $value can be a scalar value or an array of scalar values. Conversion will take place.
array|mixed getAttribute(array $data, string $attribName, integer|null $index) Returns the attribute $attribName from $data. If $index is NULL (default) an array will be returned containing all the values for the given attribute. An empty array will be returned if the attribute does not exist in the given array. If an integer index is specified the corresponding value at the given index will be returned. If the index is out of bounds, NULL will be returned. Conversion will take place.
boolean attributeHasValue(array &$data, string $attribName, mixed|array $value) Checks if the attribute $attribName in $data has the value(s) given in $value. The method returns TRUE only if all values in $value are present in the attribute. Comparison is done strictly (respecting the data type).
void removeDuplicatesFromAttribute(array &$data, string $attribName) Removes all duplicates from the attribute $attribName in $data.
void removeFromAttribute(array &$data, string $attribName, mixed|array $value) Removes the value(s) given in $value from the attribute $attribName in $data.
string|null convertToLdapValue(mixed $value) Converts a PHP data type into its LDAP representation. See introduction for details.
mixed convertFromLdapValue(string $value) Converts an LDAP value into its PHP data type. See introduction for details.
string|null convertToLdapDateTimeValue(integer $value, boolean $utc) Converts a timestamp into its LDAP date/time representation. If $utc is TRUE (FALSE by default) the resulting LDAP date/time string will be in UTC, otherwise a local date/time string will be returned.
integer|null convertFromLdapDateTimeValue(string $value) Converts LDAP date/time representation into a timestamp. The method returns NULL if $value can not be converted back into a PHP timestamp.
void setPassword(array &$data, string $password, string $hashType, string $attribName) Sets a LDAP password for the attribute $attribName in $data. $attribName defaults to 'userPassword' which is the standard password attribute. The password hash can be specified with $hashType. The default value here is Zend_Ldap_Attribute::PASSWORD_HASH_MD5 with Zend_Ldap_Attribute::PASSWORD_HASH_SHA as the other possibilty.
string createPassword(string $password, string $hashType) Creates a LDAP password. The password hash can be specified with $hashType. The default value here is Zend_Ldap_Attribute::PASSWORD_HASH_MD5 with Zend_Ldap_Attribute::PASSWORD_HASH_SHA as the other possibilty.
void setDateTimeAttribute(array &$data, string $attribName, integer|array $value, boolean $utc, boolean $append) Sets the attribute $attribName in $data to the date/time value $value. if $append is TRUE (FALSE by default) $value will be appended to the attribute. $value can be an integer value or an array of integers. Date-time-conversion according to Zend_Ldap_Attribute::convertToLdapDateTimeValue() will take place.
array|integer getDateTimeAttribute(array $data, string $attribName, integer|null $index) Returns the date/time attribute $attribName from $data. If $index is NULL (default) an array will be returned containing all the date/time values for the given attribute. An empty array will be returned if the attribute does not exist in the given array. If an integer index is specified the corresponding date/time value at the given index will be returned. If the index is out of bounds, NULL will be returned. Date-time-conversion according to Zend_Ldap_Attribute::convertFromLdapDateTimeValue() will take place.

Zend_Ldap_Dn

Zend_Ldap_Dn provides an object-oriented interface to manipulating LDAP distinguished names (DN). The parameter $caseFold that is used in several methods determines the way DN attributes are handled regarding their case. Allowed values for this paraneter are:

Zend_Ldap_Dn::ATTR_CASEFOLD_NONE

No case-folding will be done.

Zend_Ldap_Dn::ATTR_CASEFOLD_UPPER

All attributes will be converted to upper-case.

Zend_Ldap_Dn::ATTR_CASEFOLD_LOWER

All attributes will be converted to lower-case.

The default case-folding is Zend_Ldap_Dn::ATTR_CASEFOLD_NONE and can be set with Zend_Ldap_Dn::setDefaultCaseFold(). Each instance of Zend_Ldap_Dn can have its own case-folding-setting. If the $caseFold parameter is ommitted in method-calls it defaults to the instance's case-folding setting.

The class implements ArrayAccess to allow indexer-access to the different parts of the DN. The ArrayAccess-methods proxy to Zend_Ldap_Dn::get($offset, 1, null) for offsetGet(integer $offset), to Zend_Ldap_Dn::set($offset, $value) for offsetSet() and to Zend_Ldap_Dn::remove($offset, 1) for offsetUnset(). offsetExists() simply checks if the index is within the bounds.

Zend_Ldap_Dn API
Method Description
Zend_Ldap_Dn factory(string|array $dn, string|null $caseFold) Creates a Zend_Ldap_Dn instance from an array or a string. The array must conform to the array structure detailed under Zend_Ldap_Dn::implodeDn().
Zend_Ldap_Dn fromString(string $dn, string|null $caseFold) Creates a Zend_Ldap_Dn instance from a string.
Zend_Ldap_Dn fromArray(array $dn, string|null $caseFold) Creates a Zend_Ldap_Dn instance from an array. The array must conform to the array structure detailed under Zend_Ldap_Dn::implodeDn().
array getRdn(string|null $caseFold) Gets the RDN of the current DN. The return value is an array with the RDN attribute names its keys and the RDN attribute values.
string getRdnString(string|null $caseFold) Gets the RDN of the current DN. The return value is a string.
Zend_Ldap_Dn getParentDn(integer $levelUp) Gets the DN of the current DN's ancestor $levelUp levels up the tree. $levelUp defaults to 1.
array get(integer $index, integer $length, string|null $caseFold) Returns a slice of the current DN determined by $index and $length. $index starts with 0 on the DN part from the left.
Zend_Ldap_Dn set(integer $index, array $value) Replaces a DN part in the current DN. This operation manipulates the current instance.
Zend_Ldap_Dn remove(integer $index, integer $length) Removes a DN part from the current DN. This operation manipulates the current instance. $length defaults to 1
Zend_Ldap_Dn append(array $value) Appends a DN part to the current DN. This operation manipulates the current instance.
Zend_Ldap_Dn prepend(array $value) Prepends a DN part to the current DN. This operation manipulates the current instance.
Zend_Ldap_Dn insert(integer $index, array $value) Inserts a DN part after the index $index to the current DN. This operation manipulates the current instance.
void setCaseFold(string|null $caseFold) Sets the case-folding option to the current DN instance. If $caseFold is NULL the default case-folding setting (Zend_Ldap_Dn::ATTR_CASEFOLD_NONE by default or set via Zend_Ldap_Dn::setDefaultCaseFold() will be set for the current instance.
string toString(string|null $caseFold) Returns DN as a string.
array toArray(string|null $caseFold) Returns DN as an array.
string __toString() Returns DN as a string - proxies to Zend_Ldap_Dn::toString(null).
void setDefaultCaseFold(string $caseFold) Sets the default case-folding option used by all instances on creation by default. Already existing instances are not affected by this setting.
array escapeValue(string|array $values) Escapes a DN value according to RFC 2253.
array unescapeValue(string|array $values) Undoes the conversion done by Zend_Ldap_Dn::escapeValue().
array explodeDn(string $dn, array &$keys, array &$vals, string|null $caseFold)

Explodes the DN $dn into an array containing all parts of the given DN. $keys optinally receive DN keys (e.g. CN, OU, DC, ...). $vals optionally receive DN values. The resulting array will be of type

  1. array("cn" => "name1", "uid" => "user"),
  2. array("cn" => "name2"),
  3. array("dc" => "example"),
  4. array("dc" => "org")
  5. )

for a DN of cn=name1+uid=user,cn=name2,dc=example,dc=org.

boolean checkDn(string $dn, array &$keys, array &$vals, string|null $caseFold) Checks if a given DN $dn is malformed. If $keys or $keys and $vals are given, these arrays will be filled with the appropriate DN keys and values.
string implodeRdn(array $part, string|null $caseFold) Returns a DN part in the form $attribute=$value
string implodeDn(array $dnArray, string|null $caseFold, string $separator)

Implodes an array in the form delivered by Zend_Ldap_Dn::explodeDn() to a DN string. $separator defaults to ',' but some LDAP servers also understand ';'. $dnArray must of type

  1. array("cn" => "name1", "uid" => "user"),
  2. array("cn" => "name2"),
  3. array("dc" => "example"),
  4. array("dc" => "org")
  5. )
boolean isChildOf(string|Zend_Ldap_Dn $childDn, string|Zend_Ldap_Dn $parentDn) Checks if given $childDn is beneath $parentDn subtree.

Zend_Ldap_Filter

Zend_Ldap_Filter API
Method Description
Zend_Ldap_Filter equals(string $attr, string $value) Creates an 'equals' filter: (attr=value).
Zend_Ldap_Filter begins(string $attr, string $value) Creates an 'begins with' filter: (attr=value*).
Zend_Ldap_Filter ends(string $attr, string $value) Creates an 'ends with' filter: (attr=*value).
Zend_Ldap_Filter contains(string $attr, string $value) Creates an 'contains' filter: (attr=*value*).
Zend_Ldap_Filter greater(string $attr, string $value) Creates an 'greater' filter: (attr>value).
Zend_Ldap_Filter greaterOrEqual(string $attr, string $value) Creates an 'greater or equal' filter: (attr>=value).
Zend_Ldap_Filter less(string $attr, string $value) Creates an 'less' filter: (attr<value).
Zend_Ldap_Filter lessOrEqual(string $attr, string $value) Creates an 'less or equal' filter: (attr<=value).
Zend_Ldap_Filter approx(string $attr, string $value) Creates an 'approx' filter: (attr~=value).
Zend_Ldap_Filter any(string $attr) Creates an 'any' filter: (attr=*).
Zend_Ldap_Filter string(string $filter) Creates a simple custom string filter. The user is responsible for all value-escaping as the filter is used as is.
Zend_Ldap_Filter mask(string $mask, string $value,...) Creates a filter from a string mask. All $value parameters will be escaped and substituted into $mask by using » sprintf()
Zend_Ldap_Filter andFilter(Zend_Ldap_Filter_Abstract $filter,...) Creates an 'and' filter from all arguments given.
Zend_Ldap_Filter orFilter(Zend_Ldap_Filter_Abstract $filter,...) Creates an 'or' filter from all arguments given.
__construct(string $attr, string $value, string $filtertype, string|null $prepend, string|null $append) Constructor. Creates an arbitrary filter according to the parameters supplied. The resulting filter will be a concatenation $attr . $filtertype . $prepend . $value . $append. Normally this constructor is not needed as all filters can be created by using the appropriate factory methods.
string toString() Returns a string representation of the filter.
string __toString() Returns a string representation of the filter. Proxies to Zend_Ldap_Filter::toString().
Zend_Ldap_Filter_Abstract negate() Negates the current filter.
Zend_Ldap_Filter_Abstract addAnd(Zend_Ldap_Filter_Abstract $filter,...) Creates an 'and' filter from the current filter and all filters passed in as the arguments.
Zend_Ldap_Filter_Abstract addOr(Zend_Ldap_Filter_Abstract $filter,...) Creates an 'or' filter from the current filter and all filters passed in as the arguments.
string|array escapeValue(string|array $values) Escapes the given $values according to RFC 2254 so that they can be safely used in LDAP filters. If a single string is given, a string is returned - otherwise an array is returned. Any control characters with an ASCII code < 32 as well as the characters with special meaning in LDAP filters "*", "(", ")", and "\" (the backslash) are converted into the representation of a backslash followed by two hex digits representing the hexadecimal value of the character.
string|array unescapeValue(string|array $values) Undoes the conversion done by Zend_Ldap_Filter::escapeValue(). Converts any sequences of a backslash followed by two hex digits into the corresponding character.

Zend_Ldap_Node

Zend_Ldap_Node includes the magic property accessors __set(), __get(), __unset() and __isset() to access the attributes by their name. They proxy to Zend_Ldap_Node::setAttribute(), Zend_Ldap_Node::getAttribute(), Zend_Ldap_Node::deleteAttribute() and Zend_Ldap_Node::existsAttribute() respectively. Furthermore the class implements ArrayAccess for array-style-access to the attributes. Zend_Ldap_Node also implements Iterator and RecursiveIterato to allow for recursive tree-traversal.

Zend_Ldap_Node API
Method Description
Zend_Ldap getLdap() Returns the current LDAP connection. Throws Zend_Ldap_Exception if current node is in detached mode (not connected to a Zend_Ldap instance).
Zend_Ldap_Node attachLdap(Zend_Ldap $ldap) Attach the current node to the $ldap Zend_Ldap instance. Throws Zend_Ldap_Exception if $ldap is not responsible for the current node (node is not a child of the $ldap base DN).
Zend_Ldap_Node detachLdap() Detach node from LDAP connection.
boolean isAttached() Checks if the current node is attached to a LDAP connection.
Zend_Ldap_Node create(string|array|Zend_Ldap_Dn $dn, array $objectClass) Factory method to create a new detached Zend_Ldap_Node for a given DN. Creates a new Zend_Ldap_Node with the DN $dn and the object-classes $objectClass.
Zend_Ldap_Node fromLdap(string|array|Zend_Ldap_Dn $dn, Zend_Ldap $ldap) Factory method to create an attached Zend_Ldap_Node for a given DN. Loads an existing Zend_Ldap_Node with the DN $dn from the LDAP connection $ldap.
Zend_Ldap_Node fromArray((array $data, boolean $fromDataSource) Factory method to create a detached Zend_Ldap_Node from array data $data. if $fromDataSource is TRUE (FALSE by default), the data is treated as beeing present in a LDAP tree.
boolean isNew() Tells if the node is consiedered as new (not present on the server). Please note, that this doesn't tell if the node is really present on the server. Use Zend_Ldap_Node::exists() to see if a node is already there.
boolean willBeDeleted() Tells if this node is going to be deleted once Zend_Ldap_Node::update() is called.
Zend_Ldap_Node delete() Marks this node as to be deleted. Node will be deleted on calling Zend_Ldap_Node::update() if Zend_Ldap_Node::willBeDeleted() is TRUE.
boolean willBeMoved() Tells if this node is going to be moved once Zend_Ldap_Node::update() is called.
Zend_Ldap_Node update(Zend_Ldap $ldap) Sends all pending changes to the LDAP server. If $ldap is omitted the current LDAP connection is used. If the current node is detached from a LDAP connection a Zend_Ldap_Exception will be thrown. If $ldap is provided the current node will be attached to the given LDAP connection.
Zend_Ldap_Dn getCurrentDn() Gets the current DN of the current node as a Zend_Ldap_Dn. This does not reflect possible rename-operations.
Zend_Ldap_Dn getDn() Gets the original DN of the current node as a Zend_Ldap_Dn. This reflects possible rename-operations.
string getDnString(string $caseFold) Gets the original DN of the current node as a string. This reflects possible rename-operations.
array getDnArray(string $caseFold) Gets the original DN of the current node as an array. This reflects possible rename-operations.
string getRdnString(string $caseFold) Gets the RDN of the current node as a string. This reflects possible rename-operations.
array getRdnArray(string $caseFold) Gets the RDN of the current node as an array. This reflects possible rename-operations.
Zend_Ldap_Node setDn(Zend_Ldap_Dn|string|array $newDn) Sets the new DN for this node effectively moving the node once Zend_Ldap_Node::update() is called.
Zend_Ldap_Node move(Zend_Ldap_Dn|string|array $newDn) This is an alias for Zend_Ldap_Node::setDn().
Zend_Ldap_Node rename(Zend_Ldap_Dn|string|array $newDn) This is an alias for Zend_Ldap_Node::setDn().
array getObjectClass() Returns the objectClass of the node.
Zend_Ldap_Node setObjectClass(array|string $value) Sets the objectClass attribute.
Zend_Ldap_Node appendObjectClass(array|string $value) Appends to the objectClass attribute.
string toLdif(array $options) Returns a LDIF representation of the current node. $options will be passed to the Zend_Ldap_Ldif_Encoder.
array getChangedData() Gets changed node data. The array contains all changed attributes. This format can be used in Zend_Ldap::add() and Zend_Ldap::update().
array getChanges() Returns all changes made.
string toString() Returns the DN of the current node - proxies to Zend_Ldap_Dn::getDnString().
string __toString() Casts to string representation - proxies to Zend_Ldap_Dn::toString().
array toArray(boolean $includeSystemAttributes) Returns an array representation of the current node. If $includeSystemAttributes is FALSE (defaults to TRUE) the system specific attributes are stripped from the array. Unlike Zend_Ldap_Node::getAttributes() the resulting array contains the DN with key 'dn'.
string toJson(boolean $includeSystemAttributes) Returns a JSON representation of the current node using Zend_Ldap_Node::toArray().
array getData(boolean $includeSystemAttributes) Returns the node's attributes. The array contains all attributes in its internal format (no conversion).
boolean existsAttribute(string $name, boolean $emptyExists) Checks whether a given attribute exists. If $emptyExists is FALSE empty attributes (containing only array()) are treated as non-existent returning FALSE. If $emptyExists is TRUE empty attributes are treated as existent returning TRUE. In this case the method returns FALSE only if the attribute name is missing in the key-collection.
boolean attributeHasValue(string $name, mixed|array $value) Checks if the given value(s) exist in the attribute. The method returns TRUE only if all values in $value are present in the attribute. Comparison is done strictly (respecting the data type).
integer count() Returns the number of attributes in the node. Implements Countable.
mixed getAttribute(string $name, integer|null $index) Gets a LDAP attribute. Data conversion is applied using Zend_Ldap_Attribute::getAttribute().
array getAttributes(boolean $includeSystemAttributes) Gets all attributes of node. If $includeSystemAttributes is FALSE (defaults to TRUE) the system specific attributes are stripped from the array.
Zend_Ldap_Node setAttribute(string $name, mixed $value) Sets a LDAP attribute. Data conversion is applied using Zend_Ldap_Attribute::setAttribute().
Zend_Ldap_Node appendToAttribute(string $name, mixed $value) Appends to a LDAP attribute. Data conversion is applied using Zend_Ldap_Attribute::setAttribute().
array|integer getDateTimeAttribute(string $name, integer|null $index) Gets a LDAP date/time attribute. Data conversion is applied using Zend_Ldap_Attribute::getDateTimeAttribute().
Zend_Ldap_Node setDateTimeAttribute(string $name, integer|array $value, boolean $utc) Sets a LDAP date/time attribute. Data conversion is applied using Zend_Ldap_Attribute::setDateTimeAttribute().
Zend_Ldap_Node appendToDateTimeAttribute(string $name, integer|array $value, boolean $utc) Appends to a LDAP date/time attribute. Data conversion is applied using Zend_Ldap_Attribute::setDateTimeAttribute().
Zend_Ldap_Node setPasswordAttribute(string $password, string $hashType, string $attribName) Sets a LDAP password on $attribName (defaults to 'userPassword') to $password with the hash type $hashType (defaults to Zend_Ldap_Attribute::PASSWORD_HASH_MD5).
Zend_Ldap_Node deleteAttribute(string $name) Deletes a LDAP attribute.
void removeDuplicatesFromAttribute(string$name) Removes duplicate values from a LDAP attribute.
void removeFromAttribute(string $attribName, mixed|array $value) Removes the given values from a LDAP attribute.
boolean exists(Zend_Ldap $ldap) Checks if the current node exists on the given LDAP server (current server is used if NULL is passed).
Zend_Ldap_Node reload(Zend_Ldap $ldap) Reloads the current node's attributes from the given LDAP server (current server is used if NULL is passed).
Zend_Ldap_Node_Collection searchSubtree(string|Zend_Ldap_Filter_Abstract $filter, integer $scope, string $sort) Searches the nodes's subtree with the given $filter and the given search parameters. See Zend_Ldap::search() for details on the parameters $scope and $sort.
integer countSubtree(string|Zend_Ldap_Filter_Abstract $filter, integer $scope) Count the nodes's subtree items matching the given $filter and the given search scope. See Zend_Ldap::search() for details on the $scope parameter.
integer countChildren() Count the nodes's children.
Zend_Ldap_Node_Collection searchChildren(string|Zend_Ldap_Filter_Abstract $filter, string $sort) Searches the nodes's children matching the given $filter. See Zend_Ldap::search() for details on the $sort parameter.
boolean hasChildren() Returns whether the current node has children.
Zend_Ldap_Node_ChildrenIterator getChildren() Returns all children of the current node.
Zend_Ldap_Node getParent(Zend_Ldap $ldap) Returns the parent of the current node using the LDAP connection $ldap (uses the current LDAP connection if omitted).

Zend_Ldap_Node_RootDse

The following methods are available on all vendor-specific subclasses.

Zend_Ldap_Node_RootDse includes the magic property accessors __get() and __isset() to access the attributes by their name. They proxy to Zend_Ldap_Node_RootDse::getAttribute() and Zend_Ldap_Node_RootDse::existsAttribute() respectively. __set() and __unset() are also implemented but they throw a BadMethodCallException as modifications are not allowed on RootDSE nodes. Furthermore the class implements ArrayAccess for array-style-access to the attributes. offsetSet() and offsetUnset() also throw a BadMethodCallException due ro obvious reasons.

Zend_Ldap_Node_RootDse API
Method Description
Zend_Ldap_Dn getDn() Gets the DN of the current node as a Zend_Ldap_Dn.
string getDnString(string $caseFold) Gets the DN of the current node as a string.
array getDnArray(string $caseFold) Gets the DN of the current node as an array.
string getRdnString(string $caseFold) Gets the RDN of the current node as a string.
array getRdnArray(string $caseFold) Gets the RDN of the current node as an array.
array getObjectClass() Returns the objectClass of the node.
string toString() Returns the DN of the current node - proxies to Zend_Ldap_Dn::getDnString().
string __toString() Casts to string representation - proxies to Zend_Ldap_Dn::toString().
array toArray(boolean $includeSystemAttributes) Returns an array representation of the current node. If $includeSystemAttributes is FALSE (defaults to TRUE) the system specific attributes are stripped from the array. Unlike Zend_Ldap_Node_RootDse::getAttributes() the resulting array contains the DN with key 'dn'.
string toJson(boolean $includeSystemAttributes) Returns a JSON representation of the current node using Zend_Ldap_Node_RootDse::toArray().
array getData(boolean $includeSystemAttributes) Returns the node's attributes. The array contains all attributes in its internal format (no conversion).
boolean existsAttribute(string $name, boolean $emptyExists) Checks whether a given attribute exists. If $emptyExists is FALSE, empty attributes (containing only array()) are treated as non-existent returning FALSE. If $emptyExists is TRUE, empty attributes are treated as existent returning TRUE. In this case the method returns FALSE only if the attribute name is missing in the key-collection.
boolean attributeHasValue(string $name, mixed|array $value) Checks if the given value(s) exist in the attribute. The method returns TRUE only if all values in $value are present in the attribute. Comparison is done strictly (respecting the data type).
integer count() Returns the number of attributes in the node. Implements Countable.
mixed getAttribute(string $name, integer|null $index) Gets a LDAP attribute. Data conversion is applied using Zend_Ldap_Attribute::getAttribute().
array getAttributes(boolean $includeSystemAttributes) Gets all attributes of node. If $includeSystemAttributes is FALSE (defaults to TRUE) the system specific attributes are stripped from the array.
array|integer getDateTimeAttribute(string $name, integer|null $index) Gets a LDAP date/time attribute. Data conversion is applied using Zend_Ldap_Attribute::getDateTimeAttribute().
Zend_Ldap_Node_RootDse reload(Zend_Ldap $ldap) Reloads the current node's attributes from the given LDAP server.
Zend_Ldap_Node_RootDse create(Zend_Ldap $ldap) Factory method to create the RootDSE.
array getNamingContexts() Gets the namingContexts.
string|null getSubschemaSubentry() Gets the subschemaSubentry.
boolean supportsVersion(string|int|array $versions) Determines if the LDAP version is supported.
boolean supportsSaslMechanism(string|array $mechlist) Determines if the sasl mechanism is supported.
integer getServerType() Gets the server type. Returns
Zend_Ldap_Node_RootDse::SERVER_TYPE_GENERIC

for unknown LDAP servers

Zend_Ldap_Node_RootDse::SERVER_TYPE_OPENLDAP

for OpenLDAP servers

Zend_Ldap_Node_RootDse::SERVER_TYPE_ACTIVEDIRECTORY

for Microsoft ActiveDirectory servers

Zend_Ldap_Node_RootDse::SERVER_TYPE_EDIRECTORY

For Novell eDirectory servers

Zend_Ldap_Dn getSchemaDn() Returns the schema DN.

OpenLDAP

Additionally the common methods above apply to instances of Zend_Ldap_Node_RootDse_OpenLdap.

Note: Refer to » LDAP Operational Attributes and Objectsfor information on the attributes of OpenLDAP RootDSE.

Zend_Ldap_Node_RootDse_OpenLdap API
Method Description
integer getServerType() Gets the server type. Returns Zend_Ldap_Node_RootDse::SERVER_TYPE_OPENLDAP
string|null getConfigContext() Gets the configContext.
string|null getMonitorContext() Gets the monitorContext.
boolean supportsControl(string|array $oids) Determines if the control is supported.
boolean supportsExtension(string|array $oids) Determines if the extension is supported.
boolean supportsFeature(string|array $oids) Determines if the feature is supported.

ActiveDirectory

Additionally the common methods above apply to instances of Zend_Ldap_Node_RootDse_ActiveDirectory.

Note: Refer to » RootDSEfor information on the attributes of Microsoft ActiveDirectory RootDSE.

Zend_Ldap_Node_RootDse_ActiveDirectory API
Method Description
integer getServerType() Gets the server type. Returns Zend_Ldap_Node_RootDse::SERVER_TYPE_ACTIVEDIRECTORY
string|null getConfigurationNamingContext() Gets the configurationNamingContext.
string|null getCurrentTime() Gets the currentTime.
string|null getDefaultNamingContext() Gets the defaultNamingContext.
string|null getDnsHostName() Gets the dnsHostName.
string|null getDomainControllerFunctionality() Gets the domainControllerFunctionality.
string|null getDomainFunctionality() Gets the domainFunctionality.
string|null getDsServiceName() Gets the dsServiceName.
string|null getForestFunctionality() Gets the forestFunctionality.
string|null getHighestCommittedUSN() Gets the highestCommittedUSN.
string|null getIsGlobalCatalogReady() Gets the isGlobalCatalogReady.
string|null getIsSynchronized() Gets the isSynchronized.
string|null getLdapServiceName() Gets the ldapServiceName.
string|null getRootDomainNamingContext() Gets the rootDomainNamingContext.
string|null getSchemaNamingContext() Gets the schemaNamingContext.
string|null getServerName() Gets the serverName.
boolean supportsCapability(string|array $oids) Determines if the capability is supported.
boolean supportsControl(string|array $oids) Determines if the control is supported.
boolean supportsPolicy(string|array $policies) Determines if the version is supported.

eDirectory

Additionally the common methods above apply to instances of Zend_Ldap_Node_RootDse_eDirectory.

Note: Refer to » Getting Information about the LDAP Serverfor information on the attributes of Novell eDirectory RootDSE.

Zend_Ldap_Node_RootDse_eDirectory API
Method Description
integer getServerType() Gets the server type. Returns Zend_Ldap_Node_RootDse::SERVER_TYPE_EDIRECTORY
boolean supportsExtension(string|array $oids) Determines if the extension is supported.
string|null getVendorName() Gets the vendorName.
string|null getVendorVersion() Gets the vendorVersion.
string|null getDsaName() Gets the dsaName.
string|null getStatisticsErrors() Gets the server statistics "errors".
string|null getStatisticsSecurityErrors() Gets the server statistics "securityErrors".
string|null getStatisticsChainings() Gets the server statistics "chainings".
string|null getStatisticsReferralsReturned() Gets the server statistics "referralsReturned".
string|null getStatisticsExtendedOps() Gets the server statistics "extendedOps".
string|null getStatisticsAbandonOps() Gets the server statistics "abandonOps".
string|null getStatisticsWholeSubtreeSearchOps() Gets the server statistics "wholeSubtreeSearchOps".

Zend_Ldap_Node_Schema

The following methods are available on all vendor-specific subclasses.

Zend_Ldap_Node_Schema includes the magic property accessors __get() and __isset() to access the attributes by their name. They proxy to Zend_Ldap_Node_Schema::getAttribute() and Zend_Ldap_Node_Schema::existsAttribute() respectively. __set() and __unset() are also implemented, but they throw a BadMethodCallException as modifications are not allowed on RootDSE nodes. Furthermore the class implements ArrayAccess for array-style-access to the attributes. offsetSet() and offsetUnset() also throw a BadMethodCallException due to obvious reasons.

Zend_Ldap_Node_Schema API
Method Description
Zend_Ldap_Dn getDn() Gets the DN of the current node as a Zend_Ldap_Dn.
string getDnString(string $caseFold) Gets the DN of the current node as a string.
array getDnArray(string $caseFold) Gets the DN of the current node as an array.
string getRdnString(string $caseFold) Gets the RDN of the current node as a string.
array getRdnArray(string $caseFold) Gets the RDN of the current node as an array.
array getObjectClass() Returns the objectClass of the node.
string toString() Returns the DN of the current node - proxies to Zend_Ldap_Dn::getDnString().
string __toString() Casts to string representation - proxies to Zend_Ldap_Dn::toString().
array toArray(boolean $includeSystemAttributes) Returns an array representation of the current node. If $includeSystemAttributes is FALSE (defaults to TRUE), the system specific attributes are stripped from the array. Unlike Zend_Ldap_Node_Schema::getAttributes(), the resulting array contains the DN with key 'dn'.
string toJson(boolean $includeSystemAttributes) Returns a JSON representation of the current node using Zend_Ldap_Node_Schema::toArray().
array getData(boolean $includeSystemAttributes) Returns the node's attributes. The array contains all attributes in its internal format (no conversion).
boolean existsAttribute(string $name, boolean $emptyExists) Checks whether a given attribute exists. If $emptyExists is FALSE, empty attributes (containing only array()) are treated as non-existent returning FALSE. If $emptyExists is TRUE, empty attributes are treated as existent returning TRUE. In this case the method returns FALSE only if the attribute name is missing in the key-collection.
boolean attributeHasValue(string $name, mixed|array $value) Checks if the given value(s) exist in the attribute. The method returns TRUE only if all values in $value are present in the attribute. Comparison is done strictly (respecting the data type).
integer count() Returns the number of attributes in the node. Implements Countable.
mixed getAttribute(string $name, integer|null $index) Gets a LDAP attribute. Data conversion is applied using Zend_Ldap_Attribute::getAttribute().
array getAttributes(boolean $includeSystemAttributes) Gets all attributes of node. If $includeSystemAttributes is FALSE (defaults to TRUE) the system specific attributes are stripped from the array.
array|integer getDateTimeAttribute(string $name, integer|null $index) Gets a LDAP date/time attribute. Data conversion is applied using Zend_Ldap_Attribute::getDateTimeAttribute().
Zend_Ldap_Node_Schema reload(Zend_Ldap $ldap) Reloads the current node's attributes from the given LDAP server.
Zend_Ldap_Node_Schema create(Zend_Ldap $ldap) Factory method to create the Schema node.
array getAttributeTypes() Gets the attribute types as an array of .
array getObjectClasses() Gets the object classes as an array of Zend_Ldap_Node_Schema_ObjectClass_Interface.
Zend_Ldap_Node_Schema_AttributeType_Interface API
Method Description
string getName() Gets the attribute name.
string getOid() Gets the attribute OID.
string getSyntax() Gets the attribute syntax.
int|null getMaxLength() Gets the attribute maximum length.
boolean isSingleValued() Returns if the attribute is single-valued.
string getDescription() Gets the attribute description
Zend_Ldap_Node_Schema_ObjectClass_Interface API
Method Description
string getName() Returns the objectClass name.
string getOid() Returns the objectClass OID.
array getMustContain() Returns the attributes that this objectClass must contain.
array getMayContain() Returns the attributes that this objectClass may contain.
string getDescription() Returns the attribute description
integer getType() Returns the objectClass type. The method returns one of the following values:
Zend_Ldap_Node_Schema::OBJECTCLASS_TYPE_UNKNOWN

for unknown class types

Zend_Ldap_Node_Schema::OBJECTCLASS_TYPE_STRUCTURAL

for structural classes

Zend_Ldap_Node_Schema::OBJECTCLASS_TYPE_ABSTRACT

for abstract classes

Zend_Ldap_Node_Schema::OBJECTCLASS_TYPE_AUXILIARY

for auxiliary classes

array getParentClasses() Returns the parent objectClasses of this class. This includes structural, abstract and auxiliary objectClasses.

Classes representing attribute types and object classes extend Zend_Ldap_Node_Schema_Item which provides some core methods to access arbitrary attributes on the underlying LDAP node. Zend_Ldap_Node_Schema_Item includes the magic property accessors __get() and __isset() to access the attributes by their name. Furthermore the class implements ArrayAccess for array-style-access to the attributes. offsetSet() and offsetUnset() throw a BadMethodCallException as modifications are not allowed on schema information nodes.

Zend_Ldap_Node_Schema_Item API
Method Description
array getData() Gets all the underlying data from the schema information node.
integer count() Returns the number of attributes in this schema information node. Implements Countable.

OpenLDAP

Additionally the common methods above apply to instances of Zend_Ldap_Node_Schema_OpenLDAP.

Zend_Ldap_Node_Schema_OpenLDAP API
Method Description
array getLdapSyntaxes() Gets the LDAP syntaxes.
array getMatchingRules() Gets the matching rules.
array getMatchingRuleUse() Gets the matching rule use.
Zend_Ldap_Node_Schema_AttributeType_OpenLDAP API
Method Description
Zend_Ldap_Node_Schema_AttributeType_OpenLdap|null getParent() Returns the parent attribute type in the inheritance tree if one exists.
Zend_Ldap_Node_Schema_ObjectClass_OpenLDAP API
Method Description
array getParents() Returns the parent object classes in the inheritance tree if one exists. The returned array is an array of Zend_Ldap_Node_Schema_ObjectClass_OpenLdap.

ActiveDirectory

Note: Schema browsing on ActiveDirectory servers
Due to restrictions on Microsoft ActiveDirectory servers regarding the number of entries returned by generic search routines and due to the structure of the ActiveDirectory schema repository, schema browsing is currently not available for Microsoft ActiveDirectory servers.

Zend_Ldap_Node_Schema_ActiveDirectory does not provide any additional methods.

Zend_Ldap_Node_Schema_AttributeType_ActiveDirectory API
Zend_Ldap_Node_Schema_AttributeType_ActiveDirectory does not provide any additional methods.
Zend_Ldap_Node_Schema_ObjectClass_ActiveDirectory API
Zend_Ldap_Node_Schema_ObjectClass_ActiveDirectory does not provide any additional methods.

Zend_Ldif_Encoder

Zend_Ldif_Encoder API
Method Description
array decode(string $string) Decodes the string $string into an array of LDIF items.
string encode(scalar|array|Zend_Ldap_Node $value, array $options) Encode $value into a LDIF representation. $options is an array that may contain the following keys:
'sort'

Sort the given attributes with dn following objectClass and following all other attributes sorted alphabetically. TRUE by default.

'version'

The LDIF format version. 1 by default.

'wrap'

The line-length. 78 by default to conform to the LDIF specification.


Introduction