[squirrelmail.git] / contrib / test_ldap.phps

<?php
/**
 * LDAP connection test script
 * 
 * Script is extended version of LDAP test script from PHP LDAP extension 
 * manual. It does not suppress LDAP function errors. If some LDAP function 
 * fails, you should see PHP error messages. If function is missing, you should
 * see errors too. If LDAP server returns unexpected output, you should see 
 * errors.
 * 
 * Change file extension from .phps to .php, if you want to use it. Don't store
 * important information (like your luggage password) on this file. 
 * Copyright (c) 2006 The SquirrelMail Project
 * License: script is licensed under GPL.
 * See http://www.opensource.org/licenses/gpl-license.php
 */

/** Configuration variables */

/**
 * URL of LDAP server
 *
 * You can use IP address, hostname or any other type of URL 
 * supported by your LDAP libraries. For example: you can add ldaps:// prefix 
 * for LDAP over SSL connection (636 port) or ldapi:// for LDAP socket 
 * connection.
 */
$ldap_host='localhost';
/**
 * LDAP BaseDN
 *
 * If you don't know it, script will try to show first available basedn when 
 * it reads LDAP server's base.
 */
$ldap_basedn='dc=example,dc=org';
/**
 * Controls use of LDAP v3 bind protocol
 *
 * PHP scripts default to v2 protocol and some LDAP servers (for example: newer
 * OpenLDAP versions and ADS) don't support it. 
 */
$ldap_v3bind=false;
/**
 * Controls use of LDAP STARTTLS
 *
 * Allows to enable TLS encryption on plain text LDAP connection.
 * Requires PHP 4.2.0 or newer.
 */
$ldap_starttls=false;
/**
 * ADS limit scope option
 * http://msdn.microsoft.com/library/en-us/ldap/ldap/ldap_server_domain_scope_oid.asp
 * Might be required for some Win2k3 ADS setups. Don't enable on other servers.
 * Warning: LDAP base search will fail, if option is enabled. 
 */
$ldap_limit_scope=false;
/**
 * BindDN used for authentication
 */
$ldap_binddn='';
/**
 * Password used for authentication
 */
$ldap_bindpw='';

/* end of configuration variables */

// modifications stop here.

/* set error reporting options */
ini_set('html_errors','off');
ini_set('display_errors','on');
error_reporting(E_ALL);

/* set plain text header */
header('Content-Type: text/plain');

/* start testing*/
echo "LDAP query test\n\n";
echo "Connecting ...\n";
$ds=ldap_connect($ldap_host);  // must be a valid LDAP server!
echo " connect result - ";
var_dump($ds);
echo "\n";

if ($ds) {
    echo "\nSetting LDAP options:\n";
    if ($ldap_v3bind) {
        if (ldap_set_option($ds, LDAP_OPT_PROTOCOL_VERSION, 3)) {
            echo " Using LDAPv3\n";
        } else {
            echo " Failed to set protocol version to 3\n";
        }
    } else {
        echo " Using LDAPv2 (php default)\n";
    }

    if ($ldap_starttls) {
        if ($ldap_v3bind) {
            if (ldap_start_tls($ds)) {
                echo " Turned on TLS\n";
            } else {
                echo " Unable to turn on TLS\n";
            }
        } else {
            echo " You must use LDAPv3 protocol with STARTTLS.\n";
        }
    } else {
        echo " Not using LDAP STARTTLS.\n";
    }

    if ($ldap_limit_scope) {
        if ($ldap_v3bind) {
            $ctrl = array ( "oid" => "1.2.840.113556.1.4.1339", "iscritical" => TRUE );
            if (ldap_set_option($ds, LDAP_OPT_SERVER_CONTROLS, array($ctrl))) {
                echo " Turned on limit_scope\n";
            } else {
                echo " Unable to turn on limit_scope\n";
            }
        } else {
            echo " You must use LDAPv3 protocol with limit_scope option.\n";
        }
    } else {
        echo " Not using limit_scope option.\n";
    }

    echo "\nReading LDAP base:\n";
    if ($sr = ldap_read($ds,'',"(objectclass=*)")) {
        $info = ldap_get_entries($ds, $sr);
        echo " namingContexts:\n";
        if (isset($info[0]['namingcontexts'])) {
            for ($i=0; $i<$info[0]['namingcontexts']['count']; $i++) {
                echo '  ' . $i .': ' . $info[0]['namingcontexts'][$i] . "\n";
            }
        } else {
            echo " unavailable\n";
        }
    } else {
        echo " Unable to read LDAP base.\n";
    }
    echo "\n";

    echo "Authentication:\n";
    echo " Binding";
    if ($ldap_binddn!='') {
        echo " with authenticated bind ...\n";
        $r = ldap_bind($ds,$ldap_binddn,$ldap_bindpw);
    } else {
        echo " with anonymous bind ...\n";
        $r=ldap_bind($ds);
    }
    echo " Bind result - ";
    var_dump($r);
    echo "\n";

    echo "\n";
    echo "Search:\n";
    echo " Searching for (mail=*) ...\n";
    // Search for mail entries
    if ($sr=ldap_search($ds, $ldap_basedn, "(mail=*)")) {
     
        echo " Search result - ";
        var_dump($sr);
        echo "\n";

        echo " Number of entries: " . ldap_count_entries($ds, $sr) . "\n";

        echo " Getting entries ...\n";
        $info = ldap_get_entries($ds, $sr);

        echo " Data for " . $info["count"] . " items returned:\n";

        for ($i=0; $i<$info["count"]; $i++) {
            echo "  dn is: " . $info[$i]["dn"] . "\n";
            if (isset($info[$i]["cn"][0])) {
                echo "  first cn entry is: " . $info[$i]["cn"][0] . "\n";
            } else {
                echo "  cn attribute is not available.";
            }
            echo "  first email entry is: " . $info[$i]["mail"][0] . "\n------\n";
        }
    } else {
        echo " LDAP search failed.\n";
    }
    echo "\n";
    echo "Closing connection\n";
    ldap_close($ds);

} else {
    echo "Unable to connect to LDAP server\n";
}
?>
Commit	Line	Data
46c76bcc	1	<?php
	2	/**
	3	* LDAP connection test script
	4	*
	5	* Script is extended version of LDAP test script from PHP LDAP extension
	6	* manual. It does not suppress LDAP function errors. If some LDAP function
	7	* fails, you should see PHP error messages. If function is missing, you should
	8	* see errors too. If LDAP server returns unexpected output, you should see
	9	* errors.
	10	*
	11	* Change file extension from .phps to .php, if you want to use it. Don't store
	12	* important information (like your luggage password) on this file.
	13	* Copyright (c) 2006 The SquirrelMail Project
	14	* License: script is licensed under GPL.
	15	* See http://www.opensource.org/licenses/gpl-license.php
	16	*/
	17
	18	/** Configuration variables */
	19
	20	/**
	21	* URL of LDAP server
	22	*
	23	* You can use IP address, hostname or any other type of URL
	24	* supported by your LDAP libraries. For example: you can add ldaps:// prefix
	25	* for LDAP over SSL connection (636 port) or ldapi:// for LDAP socket
	26	* connection.
	27	*/
	28	$ldap_host='localhost';
	29	/**
	30	* LDAP BaseDN
	31	*
	32	* If you don't know it, script will try to show first available basedn when
	33	* it reads LDAP server's base.
	34	*/
	35	$ldap_basedn='dc=example,dc=org';
	36	/**
	37	* Controls use of LDAP v3 bind protocol
	38	*
	39	* PHP scripts default to v2 protocol and some LDAP servers (for example: newer
	40	* OpenLDAP versions and ADS) don't support it.
	41	*/
	42	$ldap_v3bind=false;
	43	/**
	44	* Controls use of LDAP STARTTLS
	45	*
	46	* Allows to enable TLS encryption on plain text LDAP connection.
	47	* Requires PHP 4.2.0 or newer.
	48	*/
	49	$ldap_starttls=false;
	50	/**
	51	* ADS limit scope option
	52	* http://msdn.microsoft.com/library/en-us/ldap/ldap/ldap_server_domain_scope_oid.asp
	53	* Might be required for some Win2k3 ADS setups. Don't enable on other servers.
	54	* Warning: LDAP base search will fail, if option is enabled.
	55	*/
	56	$ldap_limit_scope=false;
	57	/**
	58	* BindDN used for authentication
	59	*/
	60	$ldap_binddn='';
	61	/**
	62	* Password used for authentication
	63	*/
	64	$ldap_bindpw='';
65
66	/* end of configuration variables */
67
68	// modifications stop here.
69
70	/* set error reporting options */
71	ini_set('html_errors','off');
72	ini_set('display_errors','on');
73	error_reporting(E_ALL);
74
75	/* set plain text header */
76	header('Content-Type: text/plain');
77
78	/* start testing*/
79	echo "LDAP query test\n\n";
80	echo "Connecting ...\n";
81	$ds=ldap_connect($ldap_host); // must be a valid LDAP server!
82	echo " connect result - ";
83	var_dump($ds);
84	echo "\n";
85
86	if ($ds) {
87	echo "\nSetting LDAP options:\n";
88	if ($ldap_v3bind) {
89	if (ldap_set_option($ds, LDAP_OPT_PROTOCOL_VERSION, 3)) {
90	echo " Using LDAPv3\n";
91	} else {
92	echo " Failed to set protocol version to 3\n";
93	}
94	} else {
95	echo " Using LDAPv2 (php default)\n";
96	}
97
98	if ($ldap_starttls) {
99	if ($ldap_v3bind) {
100	if (ldap_start_tls($ds)) {
101	echo " Turned on TLS\n";
102	} else {
103	echo " Unable to turn on TLS\n";
104	}
105	} else {
106	echo " You must use LDAPv3 protocol with STARTTLS.\n";
107	}
108	} else {
109	echo " Not using LDAP STARTTLS.\n";
110	}
111
112	if ($ldap_limit_scope) {
113	if ($ldap_v3bind) {
114	$ctrl = array ( "oid" => "1.2.840.113556.1.4.1339", "iscritical" => TRUE );
115	if (ldap_set_option($ds, LDAP_OPT_SERVER_CONTROLS, array($ctrl))) {
116	echo " Turned on limit_scope\n";
117	} else {
118	echo " Unable to turn on limit_scope\n";
119	}
120	} else {
121	echo " You must use LDAPv3 protocol with limit_scope option.\n";
122	}
123	} else {
124	echo " Not using limit_scope option.\n";
125	}
126
127	echo "\nReading LDAP base:\n";
128	if ($sr = ldap_read($ds,'',"(objectclass=*)")) {
129	$info = ldap_get_entries($ds, $sr);
130	echo " namingContexts:\n";
131	if (isset($info[0]['namingcontexts'])) {
132	for ($i=0; $i<$info[0]['namingcontexts']['count']; $i++) {
133	echo ' ' . $i .': ' . $info[0]['namingcontexts'][$i] . "\n";
134	}
135	} else {
136	echo " unavailable\n";
137	}
138	} else {
139	echo " Unable to read LDAP base.\n";
140	}
141	echo "\n";
142
143	echo "Authentication:\n";
144	echo " Binding";
145	if ($ldap_binddn!='') {
146	echo " with authenticated bind ...\n";
147	$r = ldap_bind($ds,$ldap_binddn,$ldap_bindpw);
148	} else {
149	echo " with anonymous bind ...\n";
150	$r=ldap_bind($ds);
151	}
152	echo " Bind result - ";
153	var_dump($r);
154	echo "\n";
155
156	echo "\n";
157	echo "Search:\n";
158	echo " Searching for (mail=*) ...\n";
159	// Search for mail entries
160	if ($sr=ldap_search($ds, $ldap_basedn, "(mail=*)")) {
161
162	echo " Search result - ";
163	var_dump($sr);
164	echo "\n";
165
166	echo " Number of entries: " . ldap_count_entries($ds, $sr) . "\n";
167
168	echo " Getting entries ...\n";
169	$info = ldap_get_entries($ds, $sr);
170
171	echo " Data for " . $info["count"] . " items returned:\n";
172
173	for ($i=0; $i<$info["count"]; $i++) {
174	echo " dn is: " . $info[$i]["dn"] . "\n";
175	if (isset($info[$i]["cn"][0])) {
176	echo " first cn entry is: " . $info[$i]["cn"][0] . "\n";
177	} else {
178	echo " cn attribute is not available.";
179	}
180	echo " first email entry is: " . $info[$i]["mail"][0] . "\n------\n";
181	}
182	} else {
183	echo " LDAP search failed.\n";
184	}
185	echo "\n";
186	echo "Closing connection\n";
187	ldap_close($ds);
188
189	} else {
190	echo "Unable to connect to LDAP server\n";
191	}
192	?>