This is foremost a RFC since some precompiler checks/#ifdefs are missing to whether or not assertion control is available in the library at all.
Example usage of assertions:
$newdata['givenName'] = "Max";
$assertion = 'givenName=Moritz'; // change the givenName only if it is still Moritz
ldap_modify($ldapconn, $dn, $newdata, $assertion)
or die("Could not modify $dn\n");
Now the questions:
Do we directly want the assertion to be specified as an argument (as implemented in this patch)? A more flexible option for the future would be to expose individual LDAP Controls (resp. the values, for example created using ldap_create_assertion_control_value) as resources (by creating wrappers for ldap_create_assertion_control_value for example) and allow to optionally pass arrays of such resources (or single resources) either as server or client controls to functions like ldap_modify.
This would then probably look something like this:
$servercontrols = ldap_create_assertion_control_value('foo=bar');
ldap_modify($ldapconn, $dn, $newdata, $servercontrols);
$singlecontrol = ldap_create_assertion_control_value('foo=bar');
ldap_modify($ldapconn, $dn, $newdata, $singlecontrol);
// or in case there are only client controls
$someclientcontrols = ...;
ldap_modify($ldapconn, $dn, $newdata, , $someclientcontrols);
LDAP Session Tracking Control is a good candidate for such a case since the corresponding RFC-Draft explicitly allows multiple controls to be added to a single request.
yet another extension which could be implemented when exposing controls to php users: http://www.ietf.org/proceedings/55/I-D/draft-ietf-ldapext-ldapv3-vlv-09.txt
Add support for LDAP assertions (rfc4528)
Add support for an optional argument for ldap_modify to use as assertion
for the modify command according to rfc4528.
Thanks to Stefan Kuhn for preliminary testing.
Pull request with a more general approach follows shortly