PHP Velho Oeste 2024
    Edit Report a Bug

    ldap_get_option

    (PHP 4 >= 4.0.4, PHP 5, PHP 7, PHP 8)

    ldap_get_optionGet the current value for given option

    Description

    ldap_get_option(LDAP\Connection $ldap, int $option, array|string|int &$value = null): bool

    Sets value to the value of the specified option.

    Parameters

    ldap

    An LDAP\Connection instance, returned by ldap_connect().

    option

    The parameter option can be one of:

    Option Type since
    LDAP_OPT_DEREF int  
    LDAP_OPT_SIZELIMIT int  
    LDAP_OPT_TIMELIMIT int  
    LDAP_OPT_NETWORK_TIMEOUT int  
    LDAP_OPT_PROTOCOL_VERSION int  
    LDAP_OPT_ERROR_NUMBER int  
    LDAP_OPT_DIAGNOSTIC_MESSAGE string  
    LDAP_OPT_REFERRALS int  
    LDAP_OPT_RESTART int  
    LDAP_OPT_HOST_NAME string  
    LDAP_OPT_ERROR_STRING string  
    LDAP_OPT_MATCHED_DN string  
    LDAP_OPT_SERVER_CONTROLS array  
    LDAP_OPT_CLIENT_CONTROLS array  
    LDAP_OPT_X_KEEPALIVE_IDLE int 7.1
    LDAP_OPT_X_KEEPALIVE_PROBES int 7.1
    LDAP_OPT_X_KEEPALIVE_INTERVAL int 7.1
    LDAP_OPT_X_TLS_CACERTDIR string 7.1
    LDAP_OPT_X_TLS_CACERTFILE string 7.1
    LDAP_OPT_X_TLS_CERTFILE string 7.1
    LDAP_OPT_X_TLS_CIPHER_SUITE string 7.1
    LDAP_OPT_X_TLS_CRLCHECK int 7.1
    LDAP_OPT_X_TLS_CRL_NONE int 7.1
    LDAP_OPT_X_TLS_CRL_PEER int 7.1
    LDAP_OPT_X_TLS_CRL_ALL int 7.1
    LDAP_OPT_X_TLS_CRLFILE string 7.1
    LDAP_OPT_X_TLS_DHFILE string 7.1
    LDAP_OPT_X_TLS_KEYFILE string 7.1
    LDAP_OPT_X_TLS_PACKAGE string 7.1
    LDAP_OPT_X_TLS_PROTOCOL_MIN int 7.1
    LDAP_OPT_X_TLS_RANDOM_FILE string 7.1
    LDAP_OPT_X_TLS_REQUIRE_CERT int  

    value

    This will be set to the option value.

    Return Values

    Returns true on success or false on failure.

    Changelog

    Version Description
    8.1.0 The ldap parameter expects an LDAP\Connection instance now; previously, a valid ldap link resource was expected.

    Examples

    Example #1 Check protocol version

    <?php
    // $ds is a valid LDAP\Connection instance for a directory server
    if (ldap_get_option($ds, LDAP_OPT_PROTOCOL_VERSION, $version)) {
    echo     "Using protocol version $version\n";
    } else {
    echo     "Unable to determine protocol version\n";
    }
    ?>

    Notes

    Note:

    This function is only available when using OpenLDAP 2.x.x OR Netscape Directory SDK x.x.

    See Also

    add a note add a note

    User Contributed Notes 3 notes

    up
    8
    Anonymous
    7 years ago
    Following on from Jeremy S's example.
    Instead of defining LDAP_OPT_DIAGNOSTIC_MESSAGE as 0x32 then using it, you can just use the option already defined as that value :)

    LDAP_OPT_ERROR_STRING
    up
    6
    Jeremy S
    10 years ago
    Here is how to tell if an Active Directory user account expired:

    define('LDAP_OPT_DIAGNOSTIC_MESSAGE', 0x0032);

    ldap_set_option($conn, LDAP_OPT_PROTOCOL_VERSION, 3);
    ldap_set_option($conn, LDAP_OPT_REFERRALS, 0);

    $bind = ldap_bind($conn, $user, $pass);

    ldap_get_option($conn, LDAP_OPT_DIAGNOSTIC_MESSAGE, $extended_error);

    if (!empty($extended_error))
    {
        $errno = explode(',', $extended_error)[2];
        $errno = explode(' ', $errno)[2];
        $errno = intval($errno);

        if ($errno == 532)
            $err = 'Unable to login: Password expired.';
    }
    up
    1
    Maarten
    4 years ago
    PHP 7.1 added support for configuring the LDAP CA/Cert environment directly, rather than relying on the environment variables. I noticed that a lot of people are having trouble getting this to work.

    The correct way is:
    $ds=ldap_connect("ldap.google.com"); 
    ldap_set_option(NULL, LDAP_OPT_X_TLS_CERTFILE, "/path/file.crt");
    ldap_set_option(NULL, LDAP_OPT_X_TLS_KEYFILE, "/path/file.key");
    ldap_set_option($ds, LDAP_OPT_PROTOCOL_VERSION, 3);
    ldap_set_option($ds, LDAP_OPT_REFERRALS, 0);
    ldap_start_tls($ds);
    ...
    ldap_close($ds);
    add a note add a note
    To Top