ldap_get_option

(PHP 4 >= 4.0.4, PHP 5, PHP 7)

ldap_get_option — Get the current value for given option

说明

ldap_get_option ( resource $link_identifier , int $option , mixed &$retval ) : bool

Sets retval to the value of the specified option.

参数

link_identifier

An LDAP link identifier, returned by ldap_connect().

option

The parameter option can be one of:

Option	Type	since
`LDAP_OPT_DEREF`	integer
`LDAP_OPT_SIZELIMIT`	integer
`LDAP_OPT_TIMELIMIT`	integer
`LDAP_OPT_NETWORK_TIMEOUT`	integer
`LDAP_OPT_PROTOCOL_VERSION`	integer
`LDAP_OPT_ERROR_NUMBER`	integer
`LDAP_OPT_DIAGNOSTIC_MESSAGE`	integer
`LDAP_OPT_REFERRALS`	bool
`LDAP_OPT_RESTART`	bool
`LDAP_OPT_HOST_NAME`	string
`LDAP_OPT_ERROR_STRING`	string
`LDAP_OPT_MATCHED_DN`	string
`LDAP_OPT_SERVER_CONTROLS`	array
`LDAP_OPT_CLIENT_CONTROLS`	array
`LDAP_OPT_X_KEEPALIVE_IDLE`	int	7.1
`LDAP_OPT_X_KEEPALIVE_PROBES`	int	7.1
`LDAP_OPT_X_KEEPALIVE_INTERVAL`	int	7.1
`LDAP_OPT_X_TLS_CACERTDIR`	string	7.1
`LDAP_OPT_X_TLS_CACERTFILE`	string	7.1
`LDAP_OPT_X_TLS_CERTFILE`	string	7.1
`LDAP_OPT_X_TLS_CIPHER_SUITE`	string	7.1
`LDAP_OPT_X_TLS_CRLCHECK`	integer	7.1
`LDAP_OPT_X_TLS_CRL_NONE`	integer	7.1
`LDAP_OPT_X_TLS_CRL_PEER`	integer	7.1
`LDAP_OPT_X_TLS_CRL_ALL`	integer	7.1
`LDAP_OPT_X_TLS_CRLFILE`	string	7.1
`LDAP_OPT_X_TLS_DHFILE`	string	7.1
`LDAP_OPT_X_TLS_KEYILE`	string	7.1
`LDAP_OPT_X_TLS_PACKAGE`	string	7.1
`LDAP_OPT_X_TLS_PROTOCOL_MIN`	integer	7.1
`LDAP_OPT_X_TLS_RANDOM_FILE`	string	7.1
`LDAP_OPT_X_TLS_REQUIRE_CERT`	integer

retval

This will be set to the option value.

返回值

成功时返回 TRUE，或者在失败时返回 FALSE。

范例

Example #1 Check protocol version


<?php
// $ds is a valid link identifier for a directory server
if (ldap_get_option($ds, LDAP_OPT_PROTOCOL_VERSION, $version)) {
    echo "Using protocol version $version\n";
} else {
    echo "Unable to determine protocol version\n";
}
?>

注释

Note:
This function is only available when using OpenLDAP 2.x.x OR Netscape Directory SDK x.x.

参见

ldap_set_option() - Set the value of the given option

User Contributed Notes

Maarten 11-Jan-2020 09:24


PHP 7.1 added support for configuring the LDAP CA/Cert environment directly, rather than relying on the environment variables. I noticed that a lot of people are having trouble getting this to work.



The correct way is:

$ds=ldap_connect("ldap.google.com");  

ldap_set_option(NULL, LDAP_OPT_X_TLS_CERTFILE, "/path/file.crt");

ldap_set_option(NULL, LDAP_OPT_X_TLS_KEYFILE, "/path/file.key");

ldap_set_option($ds, LDAP_OPT_PROTOCOL_VERSION, 3);

ldap_set_option($ds, LDAP_OPT_REFERRALS, 0);

ldap_start_tls($ds);

...

ldap_close($ds);

Anonymous 27-May-2016 01:03


Following on from Jeremy S's example. 

Instead of defining LDAP_OPT_DIAGNOSTIC_MESSAGE as 0x32 then using it, you can just use the option already defined as that value :)



LDAP_OPT_ERROR_STRING

Jeremy S 02-Jul-2013 11:37


Here is how to tell if an Active Directory user account expired:



define('LDAP_OPT_DIAGNOSTIC_MESSAGE', 0x0032);



ldap_set_option($conn, LDAP_OPT_PROTOCOL_VERSION, 3);

ldap_set_option($conn, LDAP_OPT_REFERRALS, 0);



$bind = ldap_bind($conn, $user, $pass);



ldap_get_option($conn, LDAP_OPT_DIAGNOSTIC_MESSAGE, $extended_error);



if (!empty($extended_error))

{

    $errno = explode(',', $extended_error)[2];

    $errno = explode(' ', $errno)[2];

    $errno = intval($errno);



    if ($errno == 532)

        $err = 'Unable to login: Password expired.';

}