8 Aug 07
PHP ldap_search and its search base parameter:
- If you pass null LDAP base to PHP’s ldap_search, then it searches the whole tree – that is, all containers.
PHP and regex – regular expressions
- Perl-like pcre functions are faster than Posix ereg functions
- use str-replace if you don’t need regex
Clearing PHP sessions
<?
session_start();
session_destroy();
echo “Session destroyed OK.”;
/*
The following doesn’t clear the session – don’t use session_id() to test whether there
is any out-of-date data in the session. You need to call session_start() first.
if( session_id() ) {
session_destroy();
echo “Session destroyed OK.”;
}
else {
echo “There was no previous session or it timed out already.”;
}
*/
?>
PHP LDAP search by groupMembership or attributes of ‘Distinguished Name’ syntax
There are situations when you want to have a DN in the search *filter* – e.g. when you search by groupMembership attribute or by an attribute whose syntax is Distinguished Name. Then you need to escape all occurrences of ‘=’ in that attribute’s value by a backslash and its hexadecimal code – i.e. ‘\3D’.
Example: Following works with unix/Mac OS ldap_search command – you use apostrophes to separate the DN part of the filter:
ldap_search -x -h my-server -D ‘cn=my-user,ou=my-container,o=users’ -w my-password -b ou=my-search-container,o=users groupMembership=’cn=my-admin-group,ou=MyApplication,ou=Applications,o=services’
But if you need a similar search in PHP, then you need to pass the following filter to ldap_seach() and its alternatives:
<? ‘groupMembership=cn\3Dmy-admin-group,ou\3DMyApplication,ou\3DApplications,o\3Dservices’
?>
