ldap_read

    (PHP 4, PHP 5, PHP 7, PHP 8)

    ldap_readRead an entry

    Description

    ldap_read(
        LDAP\Connection|array $ldap,
        array|string $base,
        array|string $filter,
        array $attributes = [],
        int $attributes_only = 0,
        int $sizelimit = -1,
        int $timelimit = -1,
        int $deref = LDAP_DEREF_NEVER,
        ?array $controls = null
    ): LDAP\Result|array|false

    Performs the search for a specified filter on the directory with the scope LDAP_SCOPE_BASE. So it is equivalent to reading an entry from the directory.

    It is also possible to perform parallel searches. In this case, the first argument should be an array of LDAP\Connection instances, rather than a single one. If the searches should not all use the same base DN and filter, an array of base DNs and/or an array of filters can be passed as arguments instead. These arrays must be of the same size as the LDAP\Connection instances array, since the first entries of the arrays are used for one search, the second entries are used for another, and so on. When doing parallel searches an array of LDAP\Result instances is returned, except in case of error, when the return value will be false.

    Parameters

    ldap

    An LDAP\Connection instance, returned by ldap_connect().

    base

    The base DN for the directory.

    filter

    An empty filter is not allowed. If you want to retrieve absolutely all information for this entry, use a filter of objectClass=*. If you know which entry types are used on the directory server, you might use an appropriate filter such as objectClass=inetOrgPerson.

    attributes

    An array of the required attributes, e.g. array("mail", "sn", "cn"). Note that the "dn" is always returned irrespective of which attributes types are requested.

    Using this parameter is much more efficient than the default action (which is to return all attributes and their associated values). The use of this parameter should therefore be considered good practice.

    attributes_only

    Should be set to 1 if only attribute types are wanted. If set to 0 both attributes types and attribute values are fetched which is the default behaviour.

    sizelimit

    Enables you to limit the count of entries fetched. Setting this to 0 means no limit.

    Note:

    This parameter can NOT override server-side preset sizelimit. You can set it lower though.

    Some directory server hosts will be configured to return no more than a preset number of entries. If this occurs, the server will indicate that it has only returned a partial results set. This also occurs if you use this parameter to limit the count of fetched entries.

    timelimit

    Sets the number of seconds how long is spend on the search. Setting this to 0 means no limit.

    Note:

    This parameter can NOT override server-side preset timelimit. You can set it lower though.

    deref

    Specifies how aliases should be handled during the search. It can be one of the following:

    • LDAP_DEREF_NEVER - (default) aliases are never dereferenced.
    • LDAP_DEREF_SEARCHING - aliases should be dereferenced during the search but not when locating the base object of the search.
    • LDAP_DEREF_FINDING - aliases should be dereferenced when locating the base object but not during the search.
    • LDAP_DEREF_ALWAYS - aliases should be dereferenced always.

    controls

    Array of LDAP Controls to send with the request.

    Return Values

    Returns an LDAP\Result instance, an array of LDAP\Result instances, or false on failure.

    Changelog

    Version Description
    8.1.0 The ldap parameter expects an LDAP\Connection instance now; previously, a valid ldap link resource was expected.
    8.1.0 Returns an LDAP\Result instance now; previously, a resource was returned.
    8.0.0 controls is nullable now; previously, it defaulted to [].
    7.3.0 Support for controls added

    Improve This Page

    Learn How To Improve This PageSubmit a Pull RequestReport a Bug
    add a note

    User Contributed Notes 5 notes

    up
    12
    cnicholl at yahoo dot com
    18 years ago
    Clarification of the ldap_read command syntax:

    If you just want to pull certain attributes from an object and you already know it's dn, the ldap_read command can do this as illustrated below. It will be less overhead than ldap_search.

    The string base_dn which is normally used to set the top context for a recursive ldap_search is used slightly differently with this command. It is used to specify the actual object with the full dn. (Hopefully this saves someone else a couple hours trying this command out.)

    <?php
    $ds     = ldap.myserver.com // your ldap server
    $dn = "cn=username,o=My Company, c=US"; //the object itself instead of the top search level as in ldap_search
    $filter="(objectclass=*)"; // this command requires some filter
    $justthese = array("ou", "sn", "givenname", "mail"); //the attributes to pull, which is much more efficient than pulling all attributes if you don't do this
    $sr=ldap_read($ds, $dn, $filter, $justthese);
    $entry = ldap_get_entries($ds, $sr);

    echo     $entry[0]["mail"][0] . "is the email address of the cn your requested";
    echo     $entry[0]["sn"][0] . "is the sn of the cn your requested";
    ldap_close($ds);
    ?>

    This prints out the specified users mail and surname for example.
    up
    5
    me at example dot com
    17 years ago
    In the previous example the

    $ds = ldap.myserver.com // your ldap server

    should be

    $ds = ldap_connect( "ldap.myserver.com" ) ; // your ldap server
    up
    3
    ronny at nxc dot no
    11 years ago
    The array in the attributes parameter needs to be an indexed array with numeric keys in ascending order. Like this:

    Array
    (
    [0] => this
    [1] => is
    [2] => a
    [3] => test
    )

    If there are missing keys in the array, then no result will be returned. This will not work:

    Array
    (
    [0] => this
    [1] => is
    [3] => test
    )
    up
    0
    ehalls at gmail dot com
    6 years ago
    For those debugging a wrapper, akin to symfony's client wrapper for these functions and since there is crap documentation on a full cycle of pulling a single record vs multiple, etc.

    For this one:
    YOU MUST call ldap_get_entries after this function call.

    AND PLEASE if you implement a wrapper, prime it with the initial entry else it makes no sense to execute without returning something easily visible as successful.

    WHEN query->execute() and you get a collection.. make sure the entry field in the collection has at least the first entry primed.. wasted so much time because it was looking empty.

    AND this entire adapter needs to be wrapped with a less retarded usage pattern via an STL lib wrapper, mysticism( bad design) begone.
    123.. not 4290234~"wds

    Thanks for your time
    up
    -1
    sbarnum at mac dot com
    23 years ago
    This differs from ldap_search() by not recursing down to sub-entries. if you know the dn of the item you're looking for and only want info on that entry, use ldap_read() and pass it the full dn of the item you want.

    It also seems that you'd alway want something like objectclass=* for the filter, since you're only searching on one entry.
    add a note
    To Top