The Zend\Ldap\Ldap component accepts an array of options either supplied to the constructor or through the setOptions() method. The permitted options are as follows:
Zend\Ldap\Ldap Options
| Name | Description |
|---|---|
| host | The default hostname of LDAP server if not supplied to connect() (also may be used when trying to canonicalize usernames in bind()). |
| port | Default port of LDAP server if not supplied to connect(). |
| useStartTls | Whether or not the LDAP client should use TLS (aka SSLv2) encrypted transport. A value of TRUE is strongly favored in production environments to prevent passwords from be transmitted in clear text. The default value is FALSE, as servers frequently require that a certificate be installed separately after installation. The useSsl and useStartTls options are mutually exclusive. The useStartTls option should be favored over useSsl but not all servers support this newer mechanism. |
| useSsl | Whether or not the LDAP client should use SSL encrypted transport. The useSsl and useStartTls options are mutually exclusive. |
| username | The default credentials username. Some servers require that this be in DN form. This must be given in DN form if the LDAP server requires a DN to bind and binding should be possible with simple usernames. |
| password | The default credentials password (used only with username above). |
| bindRequiresDn | If TRUE, this instructs Zend\Ldap\Ldap to retrieve the DN for the account used to bind if the username is not already in DN form. The default value is FALSE. |
| baseDn | The default base DN used for searching (e.g., for accounts). This option is required for most account related operations and should indicate the DN under which accounts are located. |
| accountCanonicalForm | A small integer indicating the form to which account names should be canonicalized. See the Account Name Canonicalization section below. |
| accountDomainName | The FQDN domain for which the target LDAP server is an authority (e.g., example.com). |
| accountDomainNameShort | The 'short' domain for which the target LDAP server is an authority. This is usually used to specify the NetBIOS domain name for Windows networks but may also be used by non-AD servers. |
| accountFilterFormat | The LDAP search filter used to search for accounts. This string is a sprintf() style expression that must contain one '%s' to accommodate the username. The default value is '(&(objectClass=user)(sAMAccountName=%s))' unless bindRequiresDn is set to TRUE, in which case the default is '(&(objectClass=posixAccount)(uid=%s))'. Users of custom schemas may need to change this option. |
| allowEmptyPassword | Some LDAP servers can be configured to accept an empty string password as an anonymous bind. This behavior is almost always undesirable. For this reason, empty passwords are explicitly disallowed. Set this value to TRUE to allow an empty string password to be submitted during the bind. |
| optReferrals | If set to TRUE, this option indicates to the LDAP client that referrals should be followed. The default value is FALSE. |
| tryUsernameSplit | If set to FALSE, this option indicates that the given username should not be split at the first @ or \ character to separate the username from the domain during the binding-procedure. This allows the user to use usernames that contain an @ or \ character that do not inherit some domain-information, e.g. using email-addresses for binding. The default value is TRUE. |
| networkTimeout | Number of seconds to wait for LDAP connection before fail. If not set the default value is the system value. |
Note
Method names in italics are static methods.