[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: How can I lock a record using php-ldap?

To: Howard Chu <hyc@highlandsun.com>, openldap-software@OpenLDAP.org
Subject: Re: How can I lock a record using php-ldap?
From: Jim C <jcllings@tsunamicomm.net>
Date: Wed, 22 Jan 2003 21:18:39 -0800
References: <001c01c2c285$1330a830$0e01a8c0@CELLO>
User-agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.0.2) Gecko/20021120 Netscape/7.01

As has already been pointed out, this sem_get() approach only works if all of
your operations come from the same machine. Since the purpose of using an
LDAP directory is to provide distributed access to information, this solution
really isn't appropriate in the general case.

<nods>So you say and I am *not* argueing that such a case is not possible or that you are wrong. I *am* argueing that makeing such an assertion is meaningless without evidence of the possibility, which, as one might expect, is not covered in the docs. Life couldn't be that simple, right? ;-)

Now the PHP prototype for ldap_modify looks like this:
bool ldap_modify ( resource link_identifier, string dn, array entry)

So let's say I want to increment a uidNumber value in $dn="cn=proxyuser,dc=example,dc=com". According to the docs I need to make an array as follows:

><cut from the docs below>

            $newinfo[ <attribute_name> ][0] = "whatever" ;
            $newinfo[ <attribute_name> ][1] = "another" ;

for example ...

            $newinfo["mail"][0]="johnw@myorg.com" ;
           $newinfo["mail"][1]="jwaterson@somewhere.org" ;

Now our assumption here is that the above is not a reference to a multivalued attribute, i.e. he only has 1 and only 1 email address value available. If he has more than one, they all get overwritten. So fine, we do not have a problem with this because proxyuser has 1 and only 1 uidNumber. So I use this:

/*************************************/
$dn="cn=proxyuser,dc=example,dc=com";

$newinfo["uidNumber"][0]= $X ;

/* Where did $X (above) come from? When did we retrieve this value? A race condition will occur between scripts if we had to retrieve it in a seperate activity from ldap_modify. */

$newinfo["uidNumber"][1]= $newinfo["uidNumber"][0] + 1;

if( ldap_modify ( $rs, $dn ,$newinfo))
	{
		//do some stuff
	};

/*************************************/
**The documentation for ldap_modify is below**

ldap_modify

(PHP 3, PHP 4 )
ldap_modify -- Modify an LDAP entry
Description
bool ldap_modify ( resource link_identifier, string dn, array entry)

Returns TRUE on success or FALSE on failure.

ldap_modify() function is used to modify the existing entries in the LDAP directory. The structure of the entry is same as in ldap_add(). User Contributed Notes ldap_modify add a note about notes nickt at powys dot gov dot uk 23-Apr-1999 06:23 Modifying existing LDAP information using ldap_modify()

The link_identifier must result from a call to connect to the server with authority to update entries, usually requiring an authenticated bind - ie you provide a suitable dn and password in the ldap_bind() call.

The dn must be a single specific dn that exists on the LDAP server. There is no wildcard mechanism in LDAP to globally change multiple dn entries.

The entry array must be in one of two different forms, according to whether just one entry is to be stored in the directory for a particular attribute, or whether multiple entries are to be stored for the attribute.

Where a single entry is to be stored for an attribute - say just a single email address - then you use the general form

            $newinfo[ <attribute_name> ]="whatever" ;

for example ...

            $newinfo["mail"]="john@myorg.com" ;

Where multiple entries are to be stored for an attribute - say a number of email addresses for one person - then you use the general form

           $newinfo[ <attribute_name> ][0] = "whatever" ;
            $newinfo[ <attribute_name> ][1] = "another" ;

for example ...

            $newinfo["mail"][0]="johnw@myorg.com" ;
           $newinfo["mail"][1]="jwaterson@somewhere.org" ;


Further notes on ldap_modify()

The modify call leaves entries for all other attributes unaltered. So if you just want to update the entry for the "mail" attribute, then all that is required is:

    $newinfo[mail]="nick@county.gov.uk";
    ldap_modify($valid_ldaplink, $valid_dn, $newinfo);

However, if there were multiple entries for the mail attribute present on the LDAP database when you run the above code, then all the existing mail entries would be deleted and be replaced by the single "mail" entry.

If you have reason to expect multiple values for a particular attribute (more that one email entry, for example) you should make sure you read all the entries from the ldap server first, and then save a modified array.

The PHP LDAP interface does not currently support direct modification of the dn. If the dn needs changing, the only option is to read all entries for th

Follow-Ups:
- Re: How can I lock a record using php-ldap?
  - From: "Alan Sparks" <asparks@doublesparks.net>

References:
- RE: How can I lock a record using php-ldap?
  - From: "Howard Chu" <hyc@highlandsun.com>

Prev by Date: Re: GSSAPI Binds openldap 2.1.12
Next by Date: RE: GSSAPI Binds openldap 2.1.12
Index(es):
- Chronological
- Thread