Diese Seite bei php.net
The PHP manual text and comments are covered by the Creative Commons Attribution 3.0 License © the PHP Documentation Group - Impressum - mail("TO:Reinhard Neidl",...)
(PHP 4 >= 4.2.0, PHP 5)
ldap_set_rebind_proc — Set a callback function to do re-binds on referral chasing.
Diese Funktion ist bis jetzt nicht dokumentiert. Es steht nur die Liste der Argumente zur Verfügung.
I have had quite a hard time finding good information about chasing referrals so I am adding my tuppence worth here. I still haven't got my test code working fully so please look further down the page for updates.
The way this appears to have to work is that you use this function to set a callback function of your own to connect and bind to the referral server. you need to set this along with forcing v3 ldap and setting the referral chasing to on as part of setting up the initial connection, so just after the connect but before the bind, you need something like:
<?php
$ds = ldap_connect($server);
ldap_set_option($ds, LDAP_OPT_PROTOCOL_VERSION, 3);
ldap_set_option($ds, LDAP_OPT_REFERRALS, 1);
ldap_set_rebind_proc($ds, "rebind");
ldap_bind($ds,$dn,$pass);
?>
This callback function (called rebind in the above example needs two arguments. These arguments are preset and are supplied when the callback function is called. The first is the ldap link identifier. I assume this is supplied as the function could be used successively by a number of consecutive referrals. The second is the ldap referral URL supplied by the initial server. I have seen notes that say this function must be defined prior to being set by ldap_set_rebind_proc, but as yet I cannot confirm this.
My setup is based on a master - slave ldap server configuration, with the PHP application residing on the slave where it does localhost lookups. When your try to write to the slave ldap server, the server returns a referral URL, and the internal PHP function then calls the callback function.
Despite the code already on this page, which appears to also be used to test the PHP code, I believe it is wrong. I think it simply reconnects to the initial server. I believe that what the callback function should do is to connect to the new server, and bind to it. My test code currently looks like this:
<?php
function rebind($ldap, $referral) {
global $dn;
global $pass;
$server= preg_replace('!^(ldap://[^/]+)/.*$!', '\\1', $referral);
if (!($ldap = ldap_connect($server))){
echo "reconnect failed - <br>";
return 1;
}
ldap_set_option($ldap, LDAP_OPT_PROTOCOL_VERSION, 3);
ldap_set_option($ldap, LDAP_OPT_REFERRALS, 1);
ldap_set_rebind_proc($ldap, "rebind");
if (!ldap_bind($ldap,$dn,$pass)){
echo "rebind failed - <br>";
return 1;
}
return 0;
}
?>
As far as I can tell, a return value of 0 means success and any other value means it has failed. The complete lack of documentation doesn't help.
The above code works all the way to authenticating against the new server, but at the moment I appear to be getting an unbind request before it tries to write the record to the new server, so it fails.
I would also recommend adding a ldap_start_tls before the bind as well.
PHP expects the ldap function ldap_set_rebind_proc to be the one that has tree parameters. As far as I can tell this isn't in the 2.0 release of OpenLDAP. But made it into 2.1. Configure will tell you
checking for 3 arg ldap_set_rebind_proc... no
Couse there was no example code for this function, i had alot of troubles to make it work properly.
So, here is working example:
function rebind_on_ref ($ds, $ldap_url) {
global $binddn; // DN used to bind
global $bindpw; // password used to bind
// required by most modern LDAP servers, use LDAPv3
ldap_set_option($a, LDAP_OPT_PROTOCOL_VERSION, 3);
if (!ldap_bind($a,$binddn,$bindpw)) {
print "Cannot bind";
}
}
If rebind_proc isn't compiled in slapd, your will never get that funtction working. Check out the new alpha release of slapd and rtfm.
Diese Seite bei php.net