ldap_compare

    (PHP 4 >= 4.0.2, PHP 5, PHP 7, PHP 8)

    ldap_compareComparar una entrada con valores de atributos

    Descripción

    ldap_compare(
        LDAP\Connection $ldap,
        string $dn,
        string $attribute,
        string $value,
        ?array $controls = null
    ): bool|int

    Permite comparar el valor value del atributo attribute con el valor del mismo atributo de la entrada dn.

    Parámetros

    ldap

    An LDAP\Connection instance, returned by ldap_connect().

    dn

    El DN de la entrada LDAP.

    attribute

    El nombre del atributo.

    value

    El valor a comparar.

    controls

    Array de Controles LDAP a enviar con la petición.

    Valores devueltos

    Devuelve true si el valor value coincide, de lo contrario, devuelve false. Devuelve -1 si ocurre un error.

    Historial de cambios

    Versión Descripción
    8.1.0 The ldap parameter expects an LDAP\Connection instance now; previously, a valid ldap link recurso was expected.
    8.0.0 controls is nullable now; previously, it defaulted to [].
    7.3.0 Se añadió soporte para controls.

    Ejemplos

    El siguiente ejemplo muestra cómo verificar que dos contraseñas coinciden, siendo una de ellas la de una entrada del servidor LDAP.

    Ejemplo #1 Ejemplo completo de verificación de contraseña con LDAP

    <?php

    $ds    =ldap_connect("localhost"); // debe ser un servidor LDAP válido!

    if ($ds) {

    // Autenticación
    if (ldap_bind($ds)) {

    // Preparación de datos
    $dn = "cn=Matti Meikku, ou=My Unit, o=My Company, c=FI";
    $value = "secretpassword";
    $attr = "password";

    // Comparación de valores
    $r=ldap_compare($ds, $dn, $attr, $value);

    if (    $r === -1) {
    echo     "Error: " . ldap_error($ds);
    } elseif (    $r === true) {
    echo     "Contraseña correcta.";
    } elseif (    $r === false) {
    echo     "¡Mal elegido! ¡Contraseña incorrecta!";
    }

    } else {
    echo     "No se pudo conectar al servidor LDAP.";
    }

    ldap_close($ds);

    } else {
    echo     "No se pudo conectar al servidor LDAP.";
    }
    ?>

    Notas

    Advertencia

    ldap_compare() NO puede ser utilizado para comparar valores binarios.

    Found A Problem?

    Learn How To Improve This PageSubmit a Pull RequestReport a Bug
    add a note

    User Contributed Notes 4 notes

    up
    15
    chuck+ldap at 2006 dot snew dot com
    20 years ago
    Just a side note that this is not how you'd ever AUTHENTICATE someone, just an example code.

    The common way to authenticate is to get the users name, use search and perhaps selection to the user to get her DN (single value) then attempt to BIND to the ldapserver using that dn and the offered password. If it works, then it's the right password.

    Note that the password offered MUST NOT BE EMPTY or many LDAPs will presume you meant to authenticate anonymously and it will succeed, leaving you thinking it's the right password.
    up
    2
    oudejans at zeelandnet dot nl
    20 years ago
    With PHP 4.3.* is Password no longer a valid attribute.. try to use userPassword
    up
    0
    Brian Kerhin &lt;kerhin at bigfoot dot com&gt;
    24 years ago
    Not probably, will. With PHP 4.0.4 and openldap 1.2.9 this little script, even with the correct attributes for the password does not do the job. Would superb if it did!
    up
    -1
    334647 at swin dot edu dot au
    24 years ago
    Interesting example. Apart from the fact that very few people would allow comaprisions of the password attribute for security reasons. The attribute name of "password" does not match the usual schemas.

    The usual method of user id + password verification is to attempt to bind using the supplied credentials.

    Ldap compare on password values will probably fail with ns directroy server and openldap v2+ becuase of server support for password hashing.
    add a note
    To Top