Differences

This shows you the differences between two versions of the page.

--- rfc:ldap_exop [2017/06/26 15:20]
mcmic
+++ rfc:ldap_exop [2017/09/22 13:28]
@@ Line 1: / Line 1: @@
-====== PHP RFC: LDAP EXOP ======
-  * Version: 0.1
-  * Date: 2017-06-26
-  * Author: Côme Chilliet, mcmic@php.net
-  * Status: Draft
-  * First Published at: http://wiki.php.net/rfc/ldap_exop
-===== Introduction =====
-LDAP is a broad-use standard for storing information in a tree-style manner and access it efficiently.
-It is especially famous for storing user accounts.
-EXOP are extended operations which goes further than reading/writing LDAP nodes.
-PHP have php-ldap module for connecting to an LDAP server and read/write datas but no way of doing EXOP operations.
-===== Proposal =====
-This RFC intends to add support for EXOP in php-ldap.
-It is based on a patch for php-ldap which is more than 10 years old and we are trying to adapt it for current code base.
-===== New functions =====
-In all these functions $link should be a valid LDAP connection object with a user bound to it already.
-<code php>
-mixed ldap_exop(resource $link, string $reqoid [, string $reqdata [, string &$retoid [, string &$retdata]]])
-</code>
-Returns FALSE upon failure, TRUE upon success if $retoid is provided, and a result object otherwise (success with 3 params or less). Either fills $retoid and $retdata or returns a result object.
-<code php>
-bool ldap_parse_exop(resource $link, resource $result [, string &$retoid [, string &$retdata]])
-</code>
-Returns TRUE upon success and FALSE upon failure. Fills $retoid and $retdata with the data from $result object.
-This RFC also wish to introduce helper functions for common EXOP usage:
-<code php>
-mixed ldap_exop_whoami(resource $link)
-bool ldap_exop_passwd(resource $link, string $user, string $oldpw, string $newpw [, string &$genpw])
-</code>
-The first one would call whoami EXOP and return either the result or FALSE upon failure.
-The second one would call passwd EXOP and return TRUE or FALSE upon failure. If $newpw is empty, $genpw will be filled with the generated password for the user. If $user is empty, it affects the bound user.
-The author of the original patch stated that technically ldap_start_tls is an exop helper and therefore could be renamed ldap_exop_start_tls. We fill this would be a useless BC.
-The original patch (and current code) provided a possibility to get a result object from helpers as well, and provided ldap_parse_exop_* helpers to parse the result objects from these operations. We fill this is too complex and does not add anything to the RFC so we intend to leave them out.
-===== Examples =====
-<code php>
-// Call EXOP whoami and store the result in $identity
-if (ldap_exop($link, LDAP_EXOP_WHO_AM_I, NULL, NULL, $identity)) {
-  echo "Connected as $identity\n";
-} else {
-  echo "Operation failed\n";
-}
-// Same thing using a result object
-$r = ldap_exop($link, LDAP_EXOP_WHO_AM_I);
-if (($r !== FALSE) && ldap_parse_exop($link, $r, $retoid, $retdata)) {
-  echo "Connected as $retdata\n";
-} else {
-  echo "Operation failed\n";
-}
-// Same thing with the helper
-$identity = ldap_exop_whoami($link, LDAP_EXOP_WHO_AM_I);
-if ($identity !== FALSE) {
-  echo "Connected as $identity\n";
-} else {
-  echo "Operation failed\n";
-}
-// Changing password with the helper
-if (ldap_exop_passwd($link, 'uid=johndoe,dc=example,dc=com', '', 'newpassword')) {
-  echo "Password changed\n";
-} else {
-  echo "Operation failed\n";
-}
-</code>
-===== Backward Incompatible Changes =====
-None
-===== Proposed PHP Version(s) =====
-.2 if possible, 7.3/8 otherwise
-===== RFC Impact =====
-==== To SAPIs ====
-No impact
-==== To Existing Extensions ====
-Only php-ldap will be affected.
-==== New Constants ====
-The following constants will be added, containing string OIDs for the following extended operations:
-  * LDAP_EXOP_START_TLS - START_TLS (RFC 4511)
-  * LDAP_EXOP_MODIFY_PASSWD - PASSWD (RFC 3062)
-  * LDAP_EXOP_REFRESH - REFRESH (RFC 2589)
-  * LDAP_EXOP_WHO_AM_I - WHO_AM_I (RFC 4532)
-  * LDAP_EXOP_TURN - TURN (RFC 4531)
-===== Open Issues =====
-  - Should the function names contain the word "exop" or is it a technical detail which should be hidden from the developer?
-  - Should we include a constant for LDAP_EXOP_REFRESH, for the sake of completeness, even if this EXOP won’t be used by PHP code as all PHP LDAP operations are synchrone (in the current code state).
-  - Should helper functions return a mixed, or a boolean and have an out parameter? ("mixed ldap_exop_whoami($link)" vs "bool ldap_exop_whoami($link, &$result)")
-  - How would someone go about generating the needed ber-encoded data to pass ldap_exop in PHP? Should this RFC also define functions to handle ber-encoded data?
-===== Unaffected PHP Functionality =====
-All already existing ldap related methods stays the same. This RFC only adds new ones.
-===== Future Scope =====
-Support for more EXOP could be added by adding other helper methods or other oid constants.
-Support for clients/servers controls should be added but will be part of an other RFC.
-===== Proposed Voting Choices =====
-Include these so readers know where you are heading and can discuss the proposed voting options.
-State whether this project requires a 2/3 or 50%+1 majority (see [[voting]])
-===== Patches and Tests =====
-https://github.com/MCMic/php-src/tree/ldap_exop
-===== Implementation =====
-After the project is implemented, this section should contain
-  - the version(s) it was merged to
-  - a link to the git commit(s)
-  - a link to the PHP manual entry for the feature
-  - a link to the language specification section (if any)
-===== References =====
-http://grokbase.com/t/php/php-internals/05bn5vc440/discussion-of-ldap-api-extensions
-https://bugs.php.net/bug.php?id=69445
-===== Rejected Features =====
-None

Differences

Page Tools