LDAP Controls

Here are some examples of using LDAP Controls with PHP >= 7.3.0.

Example #1 Bind with ppolicy information


$passwd 'adminpassword';

$ds ldap_connect('ldap://localhost');

if (
$ds) {
$r ldap_bind_ext($ds$user$passwd, [['oid' => LDAP_CONTROL_PASSWORDPOLICYREQUEST]]);

    if (
ldap_parse_result($ds$r$errcode$matcheddn$errmsg$referrals$ctrls)) {
        if (
$errcode != 0) {
"Error: $errmsg ($errcode)");
        if (isset(
"Expires in: ".$value['expire']." seconds\n";
"Number of auth left: ".$value['grace']."\n";
            if (isset(
$value['error'])) {
"Ppolicy error code: ".$value['error'];
} else {
"Unable to connect to LDAP server");

Example #2 Modify description only if it's not empty

// $link is an LDAP connection

$result ldap_mod_replace_ext(
'description' => 'New description'],
'oid'         => LDAP_CONTROL_ASSERT,
'iscritical'  => TRUE,
'value'       => ['filter' => '(!(description=*))']

// Then use ldap_parse_result

Example #3 Read some values before deletion

// $link is an LDAP connection

$result ldap_delete_ext(
'oid'         => LDAP_CONTROL_PRE_READ,
'iscritical'  => TRUE,
'value'       => ['attrs' => ['o''description']]

// Then use ldap_parse_result

Example #4 Delete a reference

// $link is an LDAP connection

// Without the control it would delete the referenced node
// Make sure to set the control as critical to avoid that
$result ldap_delete_ext(
'oid' => LDAP_CONTROL_MANAGEDSAIT'iscritical' => TRUE]]

// Then use ldap_parse_result

Example #5 Use pagination for a search

// $link is an LDAP connection

$cookie '';

do {
$result ldap_search(
$link'dc=example,dc=base''(cn=*)', ['cn'], 000LDAP_DEREF_NEVER,
'oid' => LDAP_CONTROL_PAGEDRESULTS'value' => ['size' => 2'cookie' => $cookie]]]
ldap_parse_result($link$result$errcode $matcheddn $errmsg $referrals$controls);
// To keep the example short errors are not tested
$entries ldap_get_entries($link$result);
    foreach (
$entries as $entry) {
"cn: ".$entry['cn'][0]."\n";
    if (isset(
$controls[LDAP_CONTROL_PAGEDRESULTS]['value']['cookie'])) {
// You need to pass the cookie from the last call to the next one
$cookie $controls[LDAP_CONTROL_PAGEDRESULTS]['value']['cookie'];
    } else {
$cookie '';
// Empty cookie means last page
} while (!empty($cookie));
add a note add a note

User Contributed Notes 1 note

3 years ago
LDAP pagination requires protocol version 3+. If the LDAP_CONTROL_PAGEDRESULTS LDAP control is not working for you, try setting the LDAP protocol version before binding:


= ldap_connect($ldapuri) or die("That LDAP-URI was not parseable");

ldap_set_option($ldapconn, LDAP_OPT_PROTOCOL_VERSION, 3);

To Top