Build a directory service for web-based services

Install OpenLDAP

Download and install OpenLDAP for Windows operating system. Also install LDAP Browser/Editor. Specify the following directives in the C:\Program Files\OpenLDAP\slapd.conf file.

database   bdb
suffix          "dc=example,dc=com"
rootdn          "cn=Manager,dc=example,dc=com"
rootpw          netldap

Start/Restart the OpenLDAP Directory service. Start the OpenLDAP slapd server.

C:\Program Files\OpenLDAP> .\slapd -d 1

LDAP entries are represented in LDAP Data Interchange Format (LDIF). Create the base entry using a ldif file, baseentry.ldif, and ldapadd tool.

C:\Program Files\OpenLDAP>ldapadd  -D "cn=Manager,dc=example,dc=com" -v -w netldap  -f  baseentry.ldif

Double click on the lbe.bat file to start the LDAP Browser, which displays the base directory entry. Directory entries may be added to the base entry.

Base directory entry

Create a directory entry

Next, we shall create directory entries in the OpenLDAP LDAP server. Let's, for our example, create a directory of members of a social network of PHP developers, PHPNetwork. We shall use the following dn as the root/base DN.

dc=example,dc=com

The objectclass attribute specifies the data type, and required and optional attributes in an entry. More than one object classes may be specified in the objectclass attribute. Object classes form a class hierarchy and each objectclass has required and optional attributes. The object classes supported by OpenLDAP server are specified in the C:\Program Files\OpenLDAP\schema\core.schema file. We shall create a directory service using the top, person, organizationalPerson, object classes. The top object class does not have any required attributes. Object class person has required attributes cn and sn. Object class organizationalPerson does not have any required attributes and some of the optional attributes of organizationalPerson are title, telephoneNumber, postalCode, and postalAddress.

Create an HTML page, addEntry.html, to input a directory entry's values. Create a PHP script, add_entry.php. Connect with the OpenLDAP LDAP server using ldap_connect() .

$ldaphost = "localhost";  
$ldapport = 389;               
$ldapconn = ldap_connect($ldaphost, $ldapport);

The ldap_connect() function only initializes the connection parameters and returns a connection resource, but does not actually connect with the LDAP server. Set the LDAP protocol version to three using LDAP_OPT_PROTOCOL_VERSION.

ldap_set_option($ldapconn, LDAP_OPT_PROTOCOL_VERSION, 3);

Next, bind to the LDAP server using the connection resource in ldap_bind().

$r=ldap_bind($ldapconn," cn=Manager, "cn=Manager,dc=example,dc=com","netldap");

Create a directory entry variable consisting of an array of attributes. For example, the cn attribute is specified as follows.

$directory_entry["cn"]=$_GET['cn'];

In the directory entry for a PHPNetwork member we shall be setting the attributes, cn, sn, title, postalCode, and postalAddress. If an attribute has more than one value the attribute values are specified using a two-dimensional array, as for the objectclass attribute.

$directory_entry["objectclass"][0]="top";
$directory_entry["objectclass"][1]="person";
$directory_entry["objectclass"][3]="organizationalPerson";

Specify the dnof the directory entry to be added.

$dn="cn=".$_GET['cn'].",dc=example,dc=com";

Add the directory entry to the LDAP directory using ldap_add().

$r=ldap_add($ldapconn, $dn, $directory_entry);