The LDAP functions are used to interact with directory servers that use the Lightweight Directory Access Protocol (LDAP).
LDAP was originally a subset of a much larger directory standard. Initially, LDAP was used as a simple gateway that allowed standalone clients to access x.500 directory servers. LDAP has gained in popularity, and eventually eclipsed strict x.500 in terms of deployment and use.
Most server operating systems now have some form of LDAP client services built in, including NetWare, NT 2000, and MacOS X, and there are LDAP server implementations in both commercial formats (such as iPlanet Directory) and Open Source (OpenLDAP).
LDAP is tuned to be a high-speed, TCP/IP-based, replicated, simple data retrieval method, so it's especially useful for web applications. In many cases, it's more than 15-20 times faster than retrieving information from a more complex database system. However, because LDAP is usually optimized for retrieval and replication, it often fares poorly in situations where high-speed data additions and changes are the primary considerations (in SQL terms, this is analogous to INSERT and UPDATE).
A couple of examples: For a basic directory of names, phone numbers, and addresses, which only change every few weeks, an LDAP server would be one of the best choices. To store complex individual, department-wide, and organization-wide daily appointments, which could potentially change many times a day, LDAP would be a less-than-optimal choice.
The speed benefits and detriments of LDAP are due to a few decisions made in the basic design. One feature found in many LDAP implementations is the use of a mostly flat database table design, which allows for high-speed single-table scanning, much like MySQL optimizes for single-table scanning. Another feature is a strict tree-based design, which allows for only searching relevant branchs (an important feature for global directories such as x.500, or searching a small department of 200 out of a 20,000-person organization). The final feature is a form of replication to enhance the tree design, which allows each "branch" server to replicate only the subset of the tree, so a 2,000-entry server can be set up completely independently of the main server, much like a local DNS server can be searched independently of the parent servers.
The usual sequence of operations is as follows:
Call ldap_connect() to initiate the interaction to a specific LDAP server or group of servers.
Call ldap_bind() to authenticate as a specific user; for example, the directory administrator or the user who owns a particular entry.
Perform any transactions needed.
Call ldap_unbind() or ldap_close() .
Table of Contents
PHP Functions Essential Reference. Copyright © 2002 by New Riders Publishing (Authors: Zak Greant, Graeme Merrall, Torben Wilson, Brett Michlitsch). This material may be distributed only subject to the terms and conditions set forth in the Open Publication License, v1.0 or later (the latest version is presently available at http://www.opencontent.org/openpub/). The authors of this book have elected not to choose any options under the OPL. This online book was obtained from http://www.fooassociates.com/phpfer/ and is designed to provide information about the PHP programming language, focusing on PHP version 4.0.4 for the most part. The information is provided on an as-is basis, and no warranty or fitness is implied. All persons and entities shall have neither liability nor responsibility to any person or entity with respect to any loss or damage arising from the information contained in this book.