API Documentation
\

\Horde_Ldap_Util

Utility Class for Horde_Ldap

This class servers some functionality to the other classes of Horde_Ldap but most of the methods can be used separately as well.

Copyright 2009 Benedikt Hallinger Copyright 2010-2017 Horde LLC (http://www.horde.org/)

Summary

Methods
Properties
Constants
explodeDN()
escapeDNValue()
unescapeDNValue()
canonicalDN()
escapeFilterValue()
unescapeFilterValue()
asc2hex32()
hex2asc()
splitRDNMultivalue()
splitAttributeString()
No public properties found
No constants found
_correctDNSplitting()
No protected properties found
N/A
No private methods found
No private properties found
N/A

Methods

explodeDN()

explodeDN(string  $dn, array  $options = array()) : array

Explodes the given DN into its elements

RFC 2253 says, a Distinguished Name is a sequence of Relative Distinguished Names (RDNs), which themselves are sets of Attributes. For each RDN a array is constructed where the RDN part is stored.

For example, the DN 'OU=Sales+CN=J. Smith,DC=example,DC=net' is exploded to: array(array('OU=Sales', 'CN=J. Smith'), 'DC=example', 'DC=net')

[NOT IMPLEMENTED] DNs might also contain values, which are the bytes of the BER encoding of the X.500 AttributeValue rather than some LDAP string syntax. These values are hex-encoded and prefixed with a #. To distinguish such BER values, explodeDN uses references to the actual values, e.g. '1.3.6.1.4.1.1466.0=#04024869,DC=example,DC=com' is exploded to: array(array('1.3.6.1.4.1.1466.0' => "\004\002Hi"), array('DC' => 'example', array('DC' => 'com')) See http://www.vijaymukhi.com/vmis/berldap.htm for more information on BER.

It also performs the following operations on the given DN:

  • Unescape "\" followed by ",", "+", """, "\", "<", ">", ";", "#", "=", " ", or a hexpair and strings beginning with "#".
  • Removes the leading 'OID.' characters if the type is an OID instead of a name.
  • If an RDN contains multiple parts, the parts are re-ordered so that the attribute type names are in alphabetical order.

$options is a list of name/value pairs, valid options are:

  • casefold: Controls case folding of attribute types names. Attribute values are not affected by this option. The default is to uppercase. Valid values are:
    • lower: Lowercase attribute types names.
    • upper: Uppercase attribute type names. This is the default.
    • none: Do not change attribute type names.
  • reverse: If true, the RDN sequence is reversed.
  • onlyvalues: If true, then only attributes values are returned ('foo' instead of 'cn=foo')

Parameters

string $dn

The DN that should be exploded.
array $options

Options to use.

Returns

array —

Parts of the exploded DN.

escapeDNValue()

escapeDNValue(string|array  $values) : array

Escapes DN values according to RFC 2253.

Escapes the given VALUES according to RFC 2253 so that they can be safely used in LDAP DNs. The characters ",", "+", """, "\", "<", ">", ";", "#", "=" with a special meaning in RFC 2252 are preceeded by ba backslash. Control characters with an ASCII code < 32 are represented as \hexpair. Finally all leading and trailing spaces are converted to sequences of \20.

Parameters

string|array $values

DN values that should be escaped.

Returns

array —

The escaped values.

unescapeDNValue()

unescapeDNValue(array  $values) : array

Unescapes DN values according to RFC 2253.

Reverts the conversion done by escapeDNValue().

Any escape sequence starting with a baskslash - hexpair or special character - will be transformed back to the corresponding character.

Parameters

array $values

DN values.

Returns

array —

Unescaped DN values.

canonicalDN()

canonicalDN(array|string  $dn, array  $options = array()) : boolean|string

Converts a DN into a canonical form.

DN can either be a string or an array as returned by explodeDN(), which is useful when constructing a DN. The DN array may have be indexed (each array value is a OCL=VALUE pair) or associative (array key is OCL and value is VALUE).

It performs the following operations on the given DN:

  • Removes the leading 'OID.' characters if the type is an OID instead of a name.
  • Escapes all RFC 2253 special characters (",", "+", """, "\", "<", ">", ";", "#", "="), slashes ("/"), and any other character where the ASCII code is < 32 as \hexpair.
  • Converts all leading and trailing spaces in values to be \20.
  • If an RDN contains multiple parts, the parts are re-ordered so that the attribute type names are in alphabetical order.

$options is a list of name/value pairs, valid options are:

  • casefold: Controls case folding of attribute type names. Attribute values are not affected by this option. The default is to uppercase. Valid values are:
    • lower: Lowercase attribute type names.
    • upper: Uppercase attribute type names.
    • none: Do not change attribute type names.
  • reverse: If true, the RDN sequence is reversed.
  • separator: Separator to use between RDNs. Defaults to comma (',').

The empty string "" is a valid DN, so be sure not to do a "$can_dn == false" test, because an empty string evaluates to false. Use the "===" operator instead.

Parameters

array|string $dn

The DN.
array $options

Options to use.

Returns

boolean|string —

The canonical DN or false if the DN is not valid.

escapeFilterValue()

escapeFilterValue(array  $values) : array

Escapes the given values according to RFC 2254 so that they can be safely used in LDAP filters.

Any control characters with an ACII code < 32 as well as the characters with special meaning in LDAP filters "*", "(", ")", and "\" (the backslash) are converted into the representation of a backslash followed by two hex digits representing the hexadecimal value of the character.

Parameters

array $values

Values to escape.

Returns

array —

Escaped values.

unescapeFilterValue()

unescapeFilterValue(array  $values = array()) : array

Unescapes the given values according to RFC 2254.

Reverses the conversion done by \escapeFilterValue().

Converts any sequences of a backslash followed by two hex digits into the corresponding character.

Parameters

array $values

Values to unescape.

Returns

array —

Unescaped values.

asc2hex32()

asc2hex32(string  $string) : string

Converts all ASCII chars < 32 to "\HEX".

Parameters

string $string

String to convert.

Returns

string —

Hexadecimal representation of $string.

hex2asc()

hex2asc(string  $string) : string

Converts all hexadecimal expressions ("\HEX") to their original ASCII characters.

Parameters

string $string

String to convert.

Returns

string —

ASCII representation of $string.

splitRDNMultivalue()

splitRDNMultivalue(string  $rdn) : array

Splits a multivalued RDN value into an array.

A RDN can contain multiple values, spearated by a plus sign. This method returns each separate ocl=value pair of the RDN part.

If no multivalued RDN is detected, an array containing only the original RDN part is returned.

For example, the multivalued RDN 'OU=Sales+CN=J. Smith' is exploded to:

array([0] => 'OU=Sales', [1] => 'CN=J. Smith')

The method tries to be smart if it encounters unescaped "+" characters, but may fail, so better ensure escaped "+" in attribute names and values.

[BUG] If you have a multivalued RDN with unescaped plus characters and there is a unescaped plus sign at the end of an value followed by an attribute name containing an unescaped plus, then you will get wrong splitting: $rdn = 'OU=Sales+C+N=J. Smith'; returns: array('OU=Sales+C', 'N=J. Smith'); The "C+" is treaten as the value of the first pair instead of as the attribute name of the second pair. To prevent this, escape correctly.

Parameters

string $rdn

Part of a (multivalued) escaped RDN (e.g. ou=foo or ou=foo+cn=bar)

Returns

array —

The components of the multivalued RDN.

splitAttributeString()

splitAttributeString(string  $attr) : array

Splits a attribute=value syntax into an array.

The split will occur at the first unescaped '=' character.

Parameters

string $attr

An attribute-value string.

Returns

array —

Indexed array: 0=attribute name, 1=attribute value.

_correctDNSplitting()

_correctDNSplitting(array  $dn = array(), array  $separator = ',') : array

Corrects splitting of DN parts.

Parameters

array $dn

Raw DN array.
array $separator

Separator that was used when splitting.

Returns

array —

Corrected array.