rfc:ldap_exop
Differences
This shows you the differences between two versions of the page.
Next revision | Previous revisionNext revisionBoth sides next revision | ||
rfc:ldap_exop [2017/06/26 14:29] – created mcmic | rfc:ldap_exop [2017/06/26 15:15] – mcmic | ||
---|---|---|---|
Line 15: | Line 15: | ||
This RFC intends to add support for EXOP in php-ldap. | This RFC intends to add support for EXOP in php-ldap. | ||
It is based on a patch for php-ldap which is more than 10 years old and we are trying to adapt it for current code base. | It is based on a patch for php-ldap which is more than 10 years old and we are trying to adapt it for current code base. | ||
+ | |||
+ | ===== New functions ===== | ||
+ | In all these functions $link should be a valid LDAP connection object with a user bound to it already. | ||
+ | <code php> | ||
+ | mixed ldap_exop(resource $link, string $reqoid [, string $reqdata [, string & | ||
+ | </ | ||
+ | Returns FALSE upon failure, TRUE upon success if $retoid is provided, and a result object otherwise (success with 3 params or less). Either fills $retoid and $retdata or returns a result object. | ||
+ | <code php> | ||
+ | bool ldap_parse_exop(resource $link, resource $result [, string & | ||
+ | </ | ||
+ | Returns TRUE upon success and FALSE upon failure. Fills $retoid and $retdata with the data from $result object. | ||
+ | |||
+ | This RFC also wish to introduce helper functions for common EXOP usage: | ||
+ | <code php> | ||
+ | mixed ldap_exop_whoami(resource $link) | ||
+ | bool ldap_exop_passwd(resource $link, string $user, string $oldpw, string $newpw [, string & | ||
+ | </ | ||
+ | The first one would call whoami EXOP and return either the result or FALSE upon failure. | ||
+ | The second one would call passwd EXOP and return TRUE or FALSE upon failure. If $newpw is empty, $genpw will be filled with the generated password for the user. If $user is empty, it affects the bound user. | ||
+ | |||
+ | The author of the original patch stated that technically ldap_start_tls is an exop helper and therefore could be renamed ldap_exop_start_tls. We fill this would be a useless BC. | ||
+ | The original patch (and current code) provided a possibility to get a result object from helpers as well, and provided ldap_parse_exop_* helpers to parse the result objects from these operations. We fill this is too complex and does not add anything to the RFC so we intend to leave them out. | ||
+ | |||
+ | ===== Examples ===== | ||
+ | <code php> | ||
+ | // Call EXOP whoami and store the result in $identity | ||
+ | if (ldap_exop($link, | ||
+ | echo " | ||
+ | } else { | ||
+ | echo " | ||
+ | } | ||
+ | // Same thing using a result object | ||
+ | $r = ldap_exop($link, | ||
+ | if (($r !== FALSE) && ldap_parse_exop($link, | ||
+ | echo " | ||
+ | } else { | ||
+ | echo " | ||
+ | } | ||
+ | </ | ||
===== Backward Incompatible Changes ===== | ===== Backward Incompatible Changes ===== | ||
Line 24: | Line 63: | ||
===== RFC Impact ===== | ===== RFC Impact ===== | ||
==== To SAPIs ==== | ==== To SAPIs ==== | ||
- | Describe the impact | + | No impact |
==== To Existing Extensions ==== | ==== To Existing Extensions ==== | ||
- | Will existing extensions | + | Only php-ldap will be affected. |
- | + | ||
- | ==== To Opcache ==== | + | |
- | It is necessary to develop RFC's with opcache in mind, since opcache is a core extension distributed with PHP. | + | |
- | + | ||
- | Please explain how you have verified your RFC's compatibility with opcache. | + | |
==== New Constants ==== | ==== New Constants ==== | ||
+ | The following constants will be added, containing string OIDs for the following extended operations: | ||
+ | * LDAP_EXOP_START_TLS - START_TLS (RFC 4511) | ||
+ | * LDAP_EXOP_MODIFY_PASSWD - PASSWD (RFC 3062) | ||
+ | * LDAP_EXOP_REFRESH - REFRESH (RFC 2589) | ||
+ | * LDAP_EXOP_WHO_AM_I - WHO_AM_I (RFC 4532) | ||
+ | * LDAP_EXOP_TURN - TURN (RFC 4531) | ||
===== Open Issues ===== | ===== Open Issues ===== | ||
- Should the function names contain the word " | - Should the function names contain the word " | ||
+ | - Should we include a constant for LDAP_EXOP_REFRESH, | ||
+ | - Should helper functions return a mixed, or a boolean and have an out parameter? (" | ||
+ | - How would someone go about generating the needed ber-encoded data to pass ldap_exop in PHP? Should this RFC also define functions to handle ber-encoded data? | ||
===== Unaffected PHP Functionality ===== | ===== Unaffected PHP Functionality ===== | ||
Line 44: | Line 86: | ||
===== Future Scope ===== | ===== Future Scope ===== | ||
- | This sections details areas where the feature might be improved in future, | + | Support for more EXOP could be added by adding other helper methods or other oid constants. |
+ | Support for clients/ | ||
===== Proposed Voting Choices ===== | ===== Proposed Voting Choices ===== | ||
Line 52: | Line 95: | ||
===== Patches and Tests ===== | ===== Patches and Tests ===== | ||
- | Links to any external patches and tests go here. | + | https:// |
- | + | ||
- | If there is no patch, make it clear who will create a patch, or whether a volunteer to help with implementation is needed. | + | |
- | + | ||
- | Make it clear if the patch is intended to be the final patch, or is just a prototype. | + | |
- | + | ||
- | For changes affecting the core language, you should also provide a patch for the language specification. | + | |
===== Implementation ===== | ===== Implementation ===== | ||
Line 68: | Line 105: | ||
===== References ===== | ===== References ===== | ||
- | Links to external references, discussions or RFCs | + | http:// |
+ | https:// | ||
===== Rejected Features ===== | ===== Rejected Features ===== | ||
- | Keep this updated with features that were discussed on the mail lists. | + | None |
rfc/ldap_exop.txt · Last modified: 2017/09/22 13:28 by 127.0.0.1