Class: Net_LDAP2_Util

Net_LDAP2_Util __construct( )

Constructor

string asc2hex32( string $string)

Converts all ASCII chars < 32 to "\HEX"

Parameters:

false|string canonical_dn( array|string $dn, [array $options = array('casefold' => 'upper', 'separator' => ',')])

Returns the given DN in a canonical form

Returns false if DN is not a valid Distinguished Name. DN can either be a string or an array as returned by ldap_explode_dn, which is useful when constructing a DN. The DN array may have be indexed (each array value is a OCL=VALUE pair) or associative (array key is OCL and value is VALUE).

It performs the following operations on the given DN:

• Removes the leading 'OID.' characters if the type is an OID instead of a name.
• Escapes all RFC 2253 special characters (",", "+", """, "\", "<", ">", ";", "#", "="), slashes ("/"), and any other character where the ASCII code is < 32 as \hexpair.
• Converts all leading and trailing spaces in values to be \20.
• If an RDN contains multiple parts, the parts are re-ordered so that the attribute type names are in alphabetical order.

OPTIONS is a list of name/value pairs, valid options are: casefold Controls case folding of attribute type names. Attribute values are not affected by this option. The default is to uppercase. Valid values are: lower Lowercase attribute type names. upper Uppercase attribute type names. This is the default. none Do not change attribute type names. [NOT IMPLEMENTED] mbcescape If TRUE, characters that are encoded as a multi-octet UTF-8 sequence will be escaped as \(hexpair){2,*}. reverse If TRUE, the RDN sequence is reversed. separator Separator to use between RDNs. Defaults to comma (',').

Note: The empty string "" is a valid DN, so be sure not to do a "$can_dn == false" test, because an empty string evaluates to false. Use the "===" operator instead.

Parameters:

array correct_dn_splitting( [array $dn = array()], [array $separator = ','])

Corrects splitting of dn parts

Parameters:

array escape_dn_value( [array $values = array()])

Escapes a DN value according to RFC 2253

Escapes the given VALUES according to RFC 2253 so that they can be safely used in LDAP DNs. The characters ",", "+", """, "\", "<", ">", ";", "#", "=" with a special meaning in RFC 2252 are preceeded by ba backslash. Control characters with an ASCII code < 32 are represented as \hexpair. Finally all leading and trailing spaces are converted to sequences of \20.

Parameters:

array escape_filter_value( [array $values = array()])

Escapes the given VALUES according to RFC 2254 so that they can be safely used in LDAP filters.

Any control characters with an ACII code < 32 as well as the characters with special meaning in LDAP filters "*", "(", ")", and "\" (the backslash) are converted into the representation of a backslash followed by two hex digits representing the hexadecimal value of the character.

Parameters:

string hex2asc( string $string)

Converts all Hex expressions ("\HEX") to their original ASCII characters

Parameters:

array ldap_explode_dn( string $dn, [array $options = array('casefold' => 'upper')])

Explodes the given DN into its elements

RFC 2253 says, a Distinguished Name is a sequence of Relative Distinguished Names (RDNs), which themselves are sets of Attributes. For each RDN a array is constructed where the RDN part is stored.

For example, the DN 'OU=Sales+CN=J. Smith,DC=example,DC=net' is exploded to: array( [0] => array([0] => 'OU=Sales', [1] => 'CN=J. Smith'), [2] => 'DC=example', [3] => 'DC=net' )

[NOT IMPLEMENTED] DNs might also contain values, which are the bytes of the BER encoding of the X.500 AttributeValue rather than some LDAP string syntax. These values are hex-encoded and prefixed with a #. To distinguish such BER values, ldap_explode_dn uses references to the actual values, e.g. '1.3.6.1.4.1.1466.0=#04024869,DC=example,DC=com' is exploded to: [ { '1.3.6.1.4.1.1466.0' => "\004\002Hi" }, { 'DC' => 'example' }, { 'DC' => 'com' } ]; See http://www.vijaymukhi.com/vmis/berldap.htm for more information on BER.

It also performs the following operations on the given DN:

• Unescape "\" followed by ",", "+", """, "\", "<", ">", ";", "#", "=", " ", or a hexpair and strings beginning with "#".
• Removes the leading 'OID.' characters if the type is an OID instead of a name.
• If an RDN contains multiple parts, the parts are re-ordered so that the attribute type names are in alphabetical order.

OPTIONS is a list of name/value pairs, valid options are: casefold Controls case folding of attribute types names. Attribute values are not affected by this option. The default is to uppercase. Valid values are: lower Lowercase attribute types names. upper Uppercase attribute type names. This is the default. none Do not change attribute type names. reverse If TRUE, the RDN sequence is reversed. onlyvalues If TRUE, then only attributes values are returned ('foo' instead of 'cn=foo')

Parameters:

array split_attribute_string( string $attr, [boolean $extended = false], [boolean $withDelim = false])

Splits an attribute=value syntax into an array

If escaped delimeters are used, they are returned escaped as well. The split will occur at the first unescaped delimeter character. In case an invalid delimeter is given, no split will be performed and an one element array gets returned. Optional also filter-assertion delimeters can be considered (>, <, >=, <=, ~=).

Parameters:

array split_rdn_multival( string $rdn)

Split an multivalued RDN value into an Array

A RDN can contain multiple values, spearated by a plus sign. This function returns each separate ocl=value pair of the RDN part.

If no multivalued RDN is detected, an array containing only the original rdn part is returned.

For example, the multivalued RDN 'OU=Sales+CN=J. Smith' is exploded to: array([0] => 'OU=Sales', [1] => 'CN=J. Smith')

The method trys to be smart if it encounters unescaped "+" characters, but may fail, so ensure escaped "+"es in attr names and attr values.

[BUG] If you have a multivalued RDN with unescaped plus characters and there is a unescaped plus sign at the end of an value followed by an attribute name containing an unescaped plus, then you will get wrong splitting: $rdn = 'OU=Sales+C+N=J. Smith'; returns: array('OU=Sales+C', 'N=J. Smith'); The "C+" is treaten as value of the first pair instead as attr name of the second pair. To prevent this, escape correctly.

Parameters:

array unescape_dn_value( [array $values = array()])

Undoes the conversion done by escape_dn_value().

Any escape sequence starting with a baskslash - hexpair or special character - will be transformed back to the corresponding character.

Parameters:

array unescape_filter_value( [array $values = array()])

Undoes the conversion done by escape_filter_value().

Converts any sequences of a backslash followed by two hex digits into the corresponding character.

Parameters: