Add ability to show login error from the IMAP server instead of traditional "Unknown...
[squirrelmail.git] / contrib / test_ldap.phps
1 <?php
2 /**
3 * LDAP connection test script
4 *
5 * Script is extended version of LDAP test script from PHP LDAP extension
6 * manual. It does not suppress LDAP function errors. If some LDAP function
7 * fails, you should see PHP error messages. If function is missing, you should
8 * see errors too. If LDAP server returns unexpected output, you should see
9 * errors.
10 *
11 * Change file extension from .phps to .php, if you want to use it. Don't store
12 * important information (like your luggage password) on this file.
13 * Copyright (c) 2006 The SquirrelMail Project
14 * License: script is licensed under GPL.
15 * See http://www.opensource.org/licenses/gpl-license.php
16 */
17
18 /** Configuration variables */
19
20 /**
21 * URL of LDAP server
22 *
23 * You can use IP address, hostname or any other type of URL
24 * supported by your LDAP libraries. For example: you can add ldaps:// prefix
25 * for LDAP over SSL connection (636 port) or ldapi:// for LDAP socket
26 * connection.
27 */
28 $ldap_host='localhost';
29 /**
30 * LDAP BaseDN
31 *
32 * If you don't know it, script will try to show first available basedn when
33 * it reads LDAP server's base.
34 */
35 $ldap_basedn='dc=example,dc=org';
36 /**
37 * Controls use of LDAP v3 bind protocol
38 *
39 * PHP scripts default to v2 protocol and some LDAP servers (for example: newer
40 * OpenLDAP versions and ADS) don't support it.
41 */
42 $ldap_v3bind=false;
43 /**
44 * Controls use of LDAP STARTTLS
45 *
46 * Allows to enable TLS encryption on plain text LDAP connection.
47 * Requires PHP 4.2.0 or newer.
48 */
49 $ldap_starttls=false;
50 /**
51 * ADS limit scope option
52 * http://msdn.microsoft.com/library/en-us/ldap/ldap/ldap_server_domain_scope_oid.asp
53 * Might be required for some Win2k3 ADS setups. Don't enable on other servers.
54 * Warning: LDAP base search will fail, if option is enabled.
55 */
56 $ldap_limit_scope=false;
57 /**
58 * BindDN used for authentication
59 */
60 $ldap_binddn='';
61 /**
62 * Password used for authentication
63 */
64 $ldap_bindpw='';
65
66 /* end of configuration variables */
67
68 // modifications stop here.
69
70 /* set error reporting options */
71 ini_set('html_errors','off');
72 ini_set('display_errors','on');
73 error_reporting(E_ALL);
74
75 /* set plain text header */
76 header('Content-Type: text/plain');
77
78 /* start testing*/
79 echo "LDAP query test\n\n";
80 echo "Connecting ...\n";
81 $ds=ldap_connect($ldap_host); // must be a valid LDAP server!
82 echo " connect result - ";
83 var_dump($ds);
84 echo "\n";
85
86 if ($ds) {
87 echo "\nSetting LDAP options:\n";
88 if ($ldap_v3bind) {
89 if (ldap_set_option($ds, LDAP_OPT_PROTOCOL_VERSION, 3)) {
90 echo " Using LDAPv3\n";
91 } else {
92 echo " Failed to set protocol version to 3\n";
93 }
94 } else {
95 echo " Using LDAPv2 (php default)\n";
96 }
97
98 if ($ldap_starttls) {
99 if ($ldap_v3bind) {
100 if (ldap_start_tls($ds)) {
101 echo " Turned on TLS\n";
102 } else {
103 echo " Unable to turn on TLS\n";
104 }
105 } else {
106 echo " You must use LDAPv3 protocol with STARTTLS.\n";
107 }
108 } else {
109 echo " Not using LDAP STARTTLS.\n";
110 }
111
112 if ($ldap_limit_scope) {
113 if ($ldap_v3bind) {
114 $ctrl = array ( "oid" => "1.2.840.113556.1.4.1339", "iscritical" => TRUE );
115 if (ldap_set_option($ds, LDAP_OPT_SERVER_CONTROLS, array($ctrl))) {
116 echo " Turned on limit_scope\n";
117 } else {
118 echo " Unable to turn on limit_scope\n";
119 }
120 } else {
121 echo " You must use LDAPv3 protocol with limit_scope option.\n";
122 }
123 } else {
124 echo " Not using limit_scope option.\n";
125 }
126
127 echo "\nReading LDAP base:\n";
128 if ($sr = ldap_read($ds,'',"(objectclass=*)")) {
129 $info = ldap_get_entries($ds, $sr);
130 echo " namingContexts:\n";
131 if (isset($info[0]['namingcontexts'])) {
132 for ($i=0; $i<$info[0]['namingcontexts']['count']; $i++) {
133 echo ' ' . $i .': ' . $info[0]['namingcontexts'][$i] . "\n";
134 }
135 } else {
136 echo " unavailable\n";
137 }
138 } else {
139 echo " Unable to read LDAP base.\n";
140 }
141 echo "\n";
142
143 echo "Authentication:\n";
144 echo " Binding";
145 if ($ldap_binddn!='') {
146 echo " with authenticated bind ...\n";
147 $r = ldap_bind($ds,$ldap_binddn,$ldap_bindpw);
148 } else {
149 echo " with anonymous bind ...\n";
150 $r=ldap_bind($ds);
151 }
152 echo " Bind result - ";
153 var_dump($r);
154 echo "\n";
155
156 echo "\n";
157 echo "Search:\n";
158 echo " Searching for (mail=*) ...\n";
159 // Search for mail entries
160 if ($sr=ldap_search($ds, $ldap_basedn, "(mail=*)")) {
161
162 echo " Search result - ";
163 var_dump($sr);
164 echo "\n";
165
166 echo " Number of entries: " . ldap_count_entries($ds, $sr) . "\n";
167
168 echo " Getting entries ...\n";
169 $info = ldap_get_entries($ds, $sr);
170
171 echo " Data for " . $info["count"] . " items returned:\n";
172
173 for ($i=0; $i<$info["count"]; $i++) {
174 echo " dn is: " . $info[$i]["dn"] . "\n";
175 if (isset($info[$i]["cn"][0])) {
176 echo " first cn entry is: " . $info[$i]["cn"][0] . "\n";
177 } else {
178 echo " cn attribute is not available.";
179 }
180 echo " first email entry is: " . $info[$i]["mail"][0] . "\n------\n";
181 }
182 } else {
183 echo " LDAP search failed.\n";
184 }
185 echo "\n";
186 echo "Closing connection\n";
187 ldap_close($ds);
188
189 } else {
190 echo "Unable to connect to LDAP server\n";
191 }
192 ?>