LdapTools

A feature-rich LDAP library for PHP 5.6+.

Overview

LdapTools is designed to be customizable for use with pretty much any directory service, but contains default attribute converters and schemas for Active Directory and OpenLDAP.

Installation

The recommended way to install LdapTools is using Composer:

composer require ldaptools/ldaptools

Getting Started

The easiest way to get started is by creating a YAML config file. See the example config file for basic usage. See the configuration file reference doc for a list of all available options.

Once you have a configuration file defined, you can get up and running by doing the following:

use LdapTools\Configuration;
use LdapTools\LdapManager;

$config = (new Configuration())->load('/path/to/ldap/config.yml');
$ldap = new LdapManager($config);

Searching LDAP

With the LdapManager up and going you can now easily build LDAP queries without having to remember all the special syntax for LDAP filters. All values are also automatically escaped. Check the tutorial for all available methods and the cookbook for more query examples.

// Get an instance of the query...
$query = $ldap->buildLdapQuery();

// Returns a LdapObjectCollection of all users whose first name 
// starts with 'Foo' and last name is 'Bar' or 'Smith'.
// The result set will also be ordered by state name (ascending).
$users = $query->fromUsers()
    ->where($query->filter()->startsWith('firstName', 'Foo'))
    ->orWhere(['lastName' => 'Bar'])
    ->orWhere(['lastName' => 'Smith'])
    ->orderBy('state')
    ->getLdapQuery()
    ->getResult();

echo "Found ".$users->count()." user(s).";
foreach ($users as $user) {
    echo "User: ".$user->getUsername();
}

// Get all OUs and Containers at the base of the domain, ordered by name.
$results = $ldap->buildLdapQuery()
    ->from(LdapObjectType::OU)
    ->from(LdapObjectType::CONTAINER)
    ->orderBy('name')
    ->setScopeOneLevel()
    ->getLdapQuery()
    ->getResult();

// Get a single LDAP object and select some specific attributes...
$user = $ldap->buildLdapQuery()
    ->select(['upn', 'guid', 'sid', 'passwordLastSet'])
    ->fromUsers()
    ->where(['username' => 'chad'])
    ->getLdapQuery()
    ->getSingleResult();

// Get a single attribute value from a LDAP object...
$guid = $ldap->buildLdapQuery()
    ->select('guid')
    ->fromUsers()
    ->where(['username' => 'chad'])
    ->getLdapQuery()
    ->getSingleScalarResult();

// It also supports the concepts of repositories...
$userRepository = $ldap->getRepository('user');

// Find all users whose last name equals Smith.
$users = $userRepository->findByLastName('Smith');

// Get the first user whose username equals 'jsmith'. Returns a `LdapObject`.
$user = $userRepository->findOneByUsername('jsmith');
echo "First name ".$user->getFirstName()." and last name ".$user->getLastName();

See the docs for more information on building LDAP queries.

Modifying LDAP Objects

Modifying LDAP is as easy as searching for the LDAP object as described above, then making changes directly to the object and saving it back to LDAP using the LdapManager.

$user = $ldap->buildLdapQuery()
    ->select(['title', 'mobilePhone', 'disabled'])
    ->fromUsers()
    ->where(['username' => 'jsmith'])
    ->getLdapQuery()
    ->getSingleResult();

// Make some modifications to the user account.
// All these changes are tracked so it knows how to modify the object.
$user->setTitle('CEO');

if ($user->hasMobilePhone()) {
    $user->resetMobilePhone();
}

// Set a field by a property instead...
if ($user->disabled) {
    $user->disabled = false;
}

// Add a value to an attribute...
$user->addOtherIpPhones('#001-5555');
// Add a few values at one time...
$user->addOtherIpPhones('#001-4444', '#001-3333', '#001-2222');

// Now actually save the changes back to LDAP...
try {
    $ldap->persist($user);
} catch (\Exception $e) {
    echo "Error updating user! ".$e->getMessage();
}

See the docs for more information on modifying LDAP objects.

Deleting LDAP Objects

Deleting LDAP objects is a simple matter of searching for the object you want to remove, then passing it to the delete method on the LdapManager:

// Decide they no longer work here and should be deleted?
$user = $userRepository->findOneByUsername('jsmith');

try {
    $ldap->delete($user);
} catch (\Exception $e) {
    echo "Error deleting user! ".$e->getMessage();
}

Creating LDAP Objects

Creating LDAP objects is easily performed by just passing what you want the attributes to be and what container/OU the object should end up in:

$ldapObject = $ldap->createLdapObject();

// Creating a user account (enabled by default)
$ldapObject->createUser()
    ->in('cn=Users,dc=example,dc=local')
    ->with(['username' => 'jsmith', 'password' => '12345'])
    ->execute();

// Create a typical AD global security group...
$ldapObject->createGroup()
    ->in('dc=example,dc=local')
    ->with(['name' => 'Generic Security Group'])
    ->execute();

// Creates a contact user...
$ldapObject->createContact()
    ->in('dc=example,dc=local')
    ->with(['name' => 'Some Guy', 'emailAddress' => 'SomeGuy@SomeDomain.com'])
    ->execute();

// Creates a computer object...
$ldapObject->createComputer()
    ->in('dc=example,dc=local')
    ->with(['name' => 'MYWOKRSTATION'])
    ->execute();

// Creates an OU object...
$ldapObject->createOU()
    ->in('dc=example,dc=local')
    ->with(['name' => 'Employees'])
    ->execute();

See the docs for more information on creating LDAP objects.

Documentation

TODO

Things that still need to be implemented: