LDIF files -- Converting between Net_LDAP_Entries and LDIF files
Avaible since
LDIF support was added to Net_LDAP in release 1.1.0a1.
What are LDIF files?
LDIF files are in detail described at RFC 2849.
Shortly, they contain directory data in an plain text, human readable kind, much like
a SQL file does. However, unlike SQL files LDIF files are mostly data based, not action based.
There are two different LDIF file contents, which can be mixed freely - content and change files.
The first and most often used one is the LDIF content file:
#
# This is a content LDIF file.
# It contains one single entry featuring several
# attributes and one comment (this one).
# attr1, attr4 and cn are single valued, the others are
# multivalued. objectclass is a special case, LDAP servers
# will interpret this operational attribute to define the
# classes the object will belong to and thus, which attributes
# it may contain. the OCL-attribute is usually multivalued.
#
version: 1
dn: cn=test1,ou=example,dc=cno
objectclass: someobjectclass
attr1: 12345
attr2: 1234
attr2: baz
attr3: foo
attr3: bar
attr4: brrrzztt
cn: test1
LDIF files could describe not only the data an entry contains, but also various
changes to the entry itself. If such an LDIF file would then be given to a
LDAP server, he would interpret those changes instead just importing the data.
Note in the example below, that even though LDIF content and LDIF change files could be
mixed freely, this is not true for individual entries: a specific entry may be either
describing content or changes, but not both.
#
# This is a content+change LDIF file.
# It does contain the (shortened) entry from the example above to show
# that LDIF files can contain multiple entry modes.
# The second entry is a change entry. In this case, some
# operations will be done on the entries attributes.
#
version: 1
dn: cn=test1,ou=example,dc=cno
objectclass: someobjectclass
attr1: 12345
cn: test1
# Delete attr1, replace values of attr2 and add new attribute attr42
# The attribute "changetype" is special: it says, what to do with
# this entries dataset. It could also be "delete" or "add" to delete
# a whole entry or to add a completely fresh one. "modrdn" will
# move the entry to a new location once the LDIF file is imported.
dn: cn=test2,ou=example,dc=cno
changetype: modify
delete: attr1
-
replace: attr2
attr2: 123456_newtest
-
add: attr42
attr42: the answer
Error handling when using Net_LDAP_LDIF
Before we can start using Net_LDAP_LDIF we must say some short words about how
error handling works. Net_LDAP_LDIF was designed to have mostly the same API as
the original PERL Net::LDAP::LDIF has. Because of this, the methods of Net_LDAP_LDIF
do not return a Net_LDAP_Error object. You must use the error() method
that will return a Net_LDAP_Error object in case of failure or true in case everything was ok.
In LDIF reading mode, you can additionally use error_lines() to get knowledge
about where in the input file the error occured.
Construction and options
Regardless if you want to read or write a LDIF file, you always have to use the constructor
of Net_LDAP_LDIF to initialize your access to the LDIF file.
You need to pass at least one parameter to Net_LDAP_LDIF():
the path of the file that should be read or written. You may pass the open mode as second parameter.
The possible file open modes are "r" (read), "w" (write, clears the file first) and "a" (append to the end).
In case you omit the open mode, read mode is assumed.
The third optional parameter is an associative array containing one or several of the following
options:
Some DN values in LDIF cannot be written verbatim and have to be encoded in some way.
Possible values are: "none", "canonical" and "base64" (RFC default)
base64
onerror
What should be done on errors? "undef" will let error handling in your hands, in this
case you use error() and error_lines() to process errors manually.
"die" aborts the script printing the error - this is sometimes useful for CLI scripts.
"warn" just prints out the error but continues like "undef" would.
undef
change
Turning this to "1" (true) will tell Net_LDAP_LDIF to write change sets instead of content files.
false
lowercase
Set this to true to convert attribute names to lowercase when writing.
0
sort
If true, sort attribute names when writing entries according to the rule:
objectclass first then all other attributes alphabetically sorted by attribute name
0
version
Set the LDIF version to write to the resulting LDIF file.
According to RFC 2849 currently the only legal value for this option is 1 currently.
1
wrap
Number of columns where output line wrapping shall occur.
Setting it to 40 or lower inhibits wrapping. Useful for better human readability of
the resulting file.
78
For advanced users: instead of passing a file path, you also may pass an already initialized file handle.
In this case, the mode parameter will be ignored. You may use this, if you want to mix LDIF content and
LDIF change mode by using two Net_LDAP_LDIF instances to write to the same filehandle, but it could
be very useful in other cases too. To initialize the second instance of Net_LDAP_LDIF, you can use
handle() to get the filehandle from the first instance.
Reading a LDIF file into Net_LDAP_Entry-objects
One of the two modes how Net_LDAP_LDIF can be used is to read a LDIF file and parse its
contents into an array of Net_LDAP_Entry objects. This is done using the
read_entry()-method which will return the next entry. If you want to fetch all
entries, you use the eof() to detect the end of the input file:
// open some LDIF file for reading
$ldif = new Net_LDAP_LDIF('somefile.ldif', 'r');
if ($ldif->error()) {
$error_o = $ldif->error(); // get Net_LDAP_Error object on error
die('ERROR: '.$error_o->getMessage());
}
// parse the entries of the LDIF file into objects
do {
$entry = $ldif->read_entry();
if ($ldif->error()) {
// in case of error, print error.
// here we use the shorthand parameter, so error()
// returns a string instead of a Net_LDAP_Object
die('ERROR AT INPUT LINE '.$ldif->error_lines().': '.$ldif->error(true));
} else {
// No error: do something with the entry
// Here we just print the entries DN
echo 'sucessfully parsed '.$entry->dn();
}
} while (!$ldif->eof());
// We should call done() once we are finished
$ldif->done();
Writing Net_LDAP_Entry objects to a LDIF content file
Writing an LDIF file is very easy too. Just pass the entries you want to have written
to the write_entry()-method. Beware, that if you have opened the file in "w" write mode
this will clear any previous data of that file. Use "a" (append) if you just want add data.
// Assume we have some valid Net_LDAP_Entry objects inside $entries
// $entries = array( ... );
// open some file for writing
$ldif = new Net_LDAP_LDIF('somewritefile.ldif', 'w');
if ($ldif->error()) die('ERROR: '.$error_o->getMessage());
// write the data and check for error
// you could pass one single Net_LDAP_Entry object or
// several objects inside an array
$ldif->write_entry($entries);
if ($ldif->error()) die('WRITE ERROR: '.$error_o->getMessage());
Writing Net_LDAP_Entry objects to a LDIF change file
The process of writing changes is exactly the same like writing entry contents.
However there are two differences: Firstly you need to pass the "changes" option
and secondly, the entries you want to write need changes. Entries not containing
changes will silently be ignored since there is nothing to write.
// cast some test data and three entries
$testattrs = array(
'attr1' => '1234',
'attr2' => 'foo',
'attr3' => array('bar', 'baz')
);
$entries = array(
Net_LDAP_Entry::createFresh('cn=foo,dc=example,dc=cno',
array_merge(array('cn' => 'foo'), $testattrs)),
Net_LDAP_Entry::createFresh('cn=bar,dc=example,dc=cno',
array_merge(array('cn' => 'bar'), $testattrs)),
Net_LDAP_Entry::createFresh('cn=baz,dc=example,dc=cno',
array_merge(array('cn' => 'baz'), $testattrs))
);
// make some changes to the first and the last entry
$entries[0]->add(array('someattr' => 'added'));
$entries[0]->replace(array('attr1' => 'replaced'));
$entries[2]->delete(array('attr2'));
$entries[2]->delete(array('attr3' => 'bar'));
// open some file for writing, but in change mode
$ldif = new Net_LDAP_LDIF('somewritefile.ldif', 'w', array('change' => true));
if ($ldif->error()) die('ERROR: '.$error_o->getMessage());
// write the data and check for error
// you could pass one single Net_LDAP_Entry object or
// several objects inside an array
$ldif->write_entry($entries);
if ($ldif->error()) die('WRITE ERROR: '.$error_o->getMessage());
// Now, only two entries are contained in the LDIF file,
// cn=foo,dc=example,dc=cno and cn=baz,dc=example,dc=cno.
// cn=bar,dc=example,dc=cno had no changes and was skipped.
Sometimes you are interested in the lines inside the LDIF file. For those cases you can use the
current_lines() and next_lines() methods.
They work in the current context, which may be confusing:
current_lines() will always return the lines that have built up the current
Net_LDAP_Entry object when called current_entry() after read_entry()
has been called.
next_lines() will always return the lines, that will build up the next entry from the
current point of view, meaning "relative to the entry that was just been read". However, you can override this by
activating the "force" parameter of next_lines() which allows you to loop over all entries.
current_entry() behaves exactly like current_lines().
If you think, that the lines you have read would be better in form of an Net_LDAP_Entry object,
use the parseLines() method to parse those lines into an entry. This is a
good way if you need just a few specific entries of a large LDIF file.
// open some LDIF file for reading
// (error checking code is ommitted in this example for
// better readability - in production, test for errors!)
$ldif = new Net_LDAP_LDIF('somefile.ldif', 'r');
// since nothing has been read until now, this will
// return an empty array
$empty_array = $ldif->current_lines();
// so let's read the first entries data
$first_entry_lines = $ldif->next_lines();
// if we call it again, we will not read ahead to the
// second entry - we again read the first one!
$first_entry_lines_again = $ldif->next_lines();
// If we call current_lines() now, we haven't read ahead
// like we learned from the last statement.
$empty_array_again = $ldif->current_lines();
// If we want to shift, we must use
// the read_entry() method, which will read ahead.
$first_entry = $ldif->read_entry();
// Now, current_lines() returns the lines of the
// first entry and next_lines() the lines of the second:
$first_entry_lines = $ldif->current_lines();
$second_entry_lines = $ldif->next_lines();
// There is another way to shift the lines which is faster if
// you are just interested in the LDIFs content - you
// need to pass the "force" parameter to next_lines():
$third_entry_lines = $ldif->next_lines(true);
$fourth_entry_lines = $ldif->next_lines(true);
$fifth_entry_lines = $ldif->next_lines(true);
// If you want to convert the lines to an Net_LDAP_Entry,
// you may do so anytime by using parseLines()
$fourth_entry = $ldif->parseLines($fourth_entry_lines);
// Since we shifted manually only the lines,
// current_lines() will return the lines that built up the
// last (e.g. the first entry) Net_LDAP_Entry object:
$first_entry_lines = $ldif->current_lines();
// If we decide to read the next entry, we can do that:
$sixth_entry = $ldif->read_entry();
// current_lines() is shifted now:
$sixth_entry_lines = $ldif->current_lines();
Javascript validator
Web page editor