It may be possible that restricted characters (",", "+", """, "\", "<", ">", ";", "#", "=", space or a hexpair) are used in attributes or values inside the DN. You should have a look to the APIdoc of Net_LDAP2_Util::escape_dn_value(), Net_LDAP2_Util::unescape_dn_value(), Net_LDAP2_Util::ldap_explode_dn() and Net_LDAP2_Util::canonical_dn(). These functions can be used to safely handle DNs.
After connecting to the server, you can use Net_LDAP2's search() method to search the directory. The method takes three parameters:
$base
is the base search DN. If kept
null
, the default base DN configured when connecting
is used.
$filter
is the query filter that determines which
results are returned. It is either a string (experts use only) or better a Net_LDAP2_Filter-object.
Net_LDAP2_Filter automatically deals with LDAP-Filter escaping issues.
LDAP filters are extensively explained at the chapter LDAP filters.
$params
is an array of configuration options for
the current query.
Name | Description | Default |
---|---|---|
scope |
The scope used for searching:
|
sub |
sizelimit |
Number of entries returned at maximum | 0 (no limit) |
timelimit |
Seconds to spent for searching | 0 (no limit) |
attrsonly |
If true , only attribute names are returned |
false |
attributes |
Array of attribute names, which the entry should contain. It is good practice to limit this to just the ones you need. | array() (all attributes) |
The search() method will return either a Net_LDAP2_Search object or a Net_LDAP2_Error. You can use the Net_LDAP2_Search-object to trigger further actions like counting how many entries where found or to retrieve the found entries.
Making a search query
<?php
// Building a very basic filter
// we want to find all Entries whose surnames start with "Joe":
$filter = Net_LDAP2_Filter::create('sn', 'begins', 'Joe');
// We define a custom searchbase here. If you pass NULL, the basedn provided
// in the Net_LDAP2 configuration will be used. This is often not what you want.
$searchbase = 'ou=addressbook,dc=example,dc=org';
// Some options:
// We search all subtrees beneath 'ou=addressbook,dc=example,dc=org'
// and we select the attribute 'sn'. It is a good practice to limit the
// requested attributes to only those you actually want to use later.
// However, note that it is faster to select unneeded attributes than
// refetching an entry later to just get those attributes.
$options = array(
'scope' => 'sub',
'attributes' => array('sn')
);
// Perform the search!
$search = $ldap->search($searchbase, $filter, $options);
// Test for search errors:
if (PEAR::isError($search)) {
die($search->getMessage() . "\n");
}
// Say how many entries we have found:
echo "Found " . $search->count() . " entries!";
?>