RFC: Add support for LDAP assertions (rfc4528) #538

wants to merge 1 commit into


None yet

1 participant


This is foremost a RFC since some precompiler checks/#ifdefs are missing to whether or not assertion control is available in the library at all.

Example usage of assertions:

$newdata['givenName'] = "Max";
$assertion = 'givenName=Moritz'; // change the givenName only if it is still Moritz

ldap_modify($ldapconn, $dn, $newdata, $assertion)
    or die("Could not modify $dn\n");

Now the questions:

Do we directly want the assertion to be specified as an argument (as implemented in this patch)? A more flexible option for the future would be to expose individual LDAP Controls (resp. the values, for example created using ldap_create_assertion_control_value) as resources (by creating wrappers for ldap_create_assertion_control_value for example) and allow to optionally pass arrays of such resources (or single resources) either as server or client controls to functions like ldap_modify.

This would then probably look something like this:

$servercontrols[] = ldap_create_assertion_control_value('foo=bar');
ldap_modify($ldapconn, $dn, $newdata, $servercontrols);

// or
$singlecontrol = ldap_create_assertion_control_value('foo=bar');
ldap_modify($ldapconn, $dn, $newdata, $singlecontrol);

// or in case there are only client controls
$someclientcontrols[] = ...;
ldap_modify($ldapconn, $dn, $newdata, [], $someclientcontrols);

LDAP Session Tracking Control is a good candidate for such a case since the corresponding RFC-Draft explicitly allows multiple controls to be added to a single request.


yet another extension which could be implemented when exposing controls to php users: http://www.ietf.org/proceedings/55/I-D/draft-ietf-ldapext-ldapv3-vlv-09.txt

@dev-zero dev-zero Add support for LDAP assertions (rfc4528)
Add support for an optional argument for ldap_modify to use as assertion
for the modify command according to rfc4528.

Thanks to Stefan Kuhn for preliminary testing.

Pull request with a more general approach follows shortly

@dev-zero dev-zero closed this Apr 25, 2014
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment