1 |
85ad3d82
|
Assos Assos
|
|
2 |
|
|
General LDAP Project Notes
|
3 |
|
|
|
4 |
|
|
LDAP Servers is base module or api module. General LDAP functions belong in
|
5 |
|
|
LDAP Servers.
|
6 |
|
|
|
7 |
|
|
--------------------------------------------------------
|
8 |
|
|
Case Sensitivity and Character Escaping in LDAP Modules
|
9 |
|
|
--------------------------------------------------------
|
10 |
|
|
|
11 |
|
|
The function ldap_server_massage_text() should be used for dealing with case sensitivity
|
12 |
|
|
and character escaping consistently.
|
13 |
|
|
|
14 |
|
|
The general rule is codified in ldap_server_massage_text() which is:
|
15 |
|
|
- escape filter values and attribute values when querying ldap
|
16 |
|
|
- use unescaped, lower case attribute names when storing attribute names in arrays (as keys or values), databases, or object properties.
|
17 |
|
|
- use unescaped, mixed case attribute values when storing attribute values in arrays (as keys or values), databases, or object properties.
|
18 |
|
|
|
19 |
|
|
So a filter might be built as follows:
|
20 |
|
|
|
21 |
|
|
$username = ldap_server_massage_text($username, 'attr_value', LDAP_SERVER_MASSAGE_QUERY_LDAP)
|
22 |
|
|
$objectclass = ldap_server_massage_text($objectclass, 'attr_value', LDAP_SERVER_MASSAGE_QUERY_LDAP)
|
23 |
|
|
$filter = "(&(cn=$username)(objectClass=$objectclass))";
|
24 |
|
|
|
25 |
|
|
|
26 |
|
|
The following functions are also available:
|
27 |
|
|
ldap_pear_escape_dn_value()
|
28 |
|
|
ldap_pear_unescape_dn_value()
|
29 |
|
|
ldap_pear_unescape_filter_value()
|
30 |
|
|
ldap_pear_unescape_filter_value()
|
31 |
|
|
|
32 |
|
|
|
33 |
|
|
--------------------------------------------------------
|
34 |
|
|
common variables used in ldap_* and their structures
|
35 |
|
|
--------------------------------------------------------
|
36 |
|
|
|
37 |
|
|
!Structure of $ldap_user and $ldap_entry are different!
|
38 |
|
|
|
39 |
|
|
-----------
|
40 |
|
|
$ldap_user
|
41 |
|
|
-----------
|
42 |
|
|
@see LdapServer::userUserNameToExistingLdapEntry() return
|
43 |
|
|
|
44 |
|
|
-----------
|
45 |
|
|
$ldap_entry and $ldap_*_entry.
|
46 |
|
|
-----------
|
47 |
|
|
@see LdapServer::ldap_search() return array
|
48 |
|
|
|
49 |
|
|
|
50 |
|
|
--------------
|
51 |
|
|
$user_attr_key
|
52 |
|
|
key of form <attr_type>.<attr_name>[:<instance>] such as field.lname, property.mail, field.aliases:2
|
53 |
|
|
-------------- |