Added controls support to php-ldap #2640
Conversation
|
It's not totally clear what you want to target here, master is now 7.3, and it looks like this should target 7.2 ... but then this is not a good time for 7.2 because feature freeze ... so I defer to @remicollet and @sgolemon |
|
No this was for 7.3 I know that 7.2 is frozen. I’m working on it to have a consistent and complete control support to push in 7.3 (or later if I’m too slow) |
MCMic
force-pushed
the
ldap_parse_controls
branch
from
6746194 to
825fb9c
Compare
|
Ok, so I reworked the code and it now works like this: They can be passed to ldap_set_option, they can be get by ldap_get_option, ldap_parse_result and ldap_exop_passwd. For ldap_exop_passwd this allows to do a password change on a ppolicy enabled ldap and get the error from the control if any. Once this is merged I intend to add support for all known controls as arrays, and support for passing them to most of ldap operations (search and such). |
MCMic
force-pushed
the
ldap_parse_controls
branch
from
825fb9c to
98fd782
Compare
MCMic
force-pushed
the
ldap_parse_controls
branch
3 times, most recently
from
40d23c0 to
e50ac56
Compare
|
Control support is pretty complete and functional now so for me this is good to merge. |
Known controls are parsed to and from associative arrays. Only ppolicy and paged results are implemented for now.
Also added workaround for a bug in ldap_create_assertion_control_value Made sure failed control creation aborts the operation And added test for assertion control on ldap_modify
Note: for functions like ldap_compare, ldap_delete, ldap_modify, a way to get the result object back will need to be added so that controls returned by the server may be analyzed.
Client controls are ldap client lib specific and all the one I could find are ignoring client controls anyway.
ldap_bind_ext allows to pass controls and get result object from bind operation Also added a test for it, pretty basic as tests cannot depend upon ppolicy overlay
As stated in RFC4511 Section 4.1.11, this field is always false in response controls and only makes sense in request controls
On an openldap server you need the sssvlv overlay for these to work
MCMic
changed the title
MCMic
force-pushed
the
ldap_parse_controls
branch
from
73cbf7a to
9a4f350
Compare
Adapted from https://bugs.php.net/patch-display.php?bug_id=61921&patch=ldap_parse_result.patch&revision=latest
This also changes the way controls are set/get as BER is decoded/encoded
to an array.
ldap_set_option will accept both array or ber-encoded as a string so no BC there.
ldap_get_option return for controls changes a bit but the support for controls in ldap_get_option was only added in PHP 7.2.
The test uses pagination controls, if anyone has other suggestion of controls which can be found in ldap result objects I’d be happy to add them to the test.