Mayflower LDAP at Barcamp

At the Barcamp 2009 Alex, Michele, Michel, Markus, Sven and I continued a project that had already begun at the Barcamp 2008 – Creating an LDAP structure for internal Mayflower use and implementing a basic tool set for the administration.

A new LDAP scheme was created, a maintenance tool based on Zend Framework and Dojo was created and the tool was embedded as addon in the current PHProjekt 5


Using LDIF to simulate LDAP transactions with PHP

LDIF is the acronym for LDAP Data Interchange Format and a text format to represent LDAP information ( Respectively an LDIF file is a simple text file that can contain those LDAP information, which can be separated into two groups. On the one hand, it can hold exported LDAP data in a text format. The other purpose of LDIF is to use it for importing data into an LDAP based system. So it can contain data to be imported or just commands that shall be processed. This is an important fact, because that opens the door to an interesting workaround. Though LDAP does not support transactions, which can be a real problem, LDIF can do the job for you. Transactions are important whenever some instructions have to be performed atomically. That means that a set of instructions can not be disturbed by any other commands of another client. A good example would be a scenario where you first read a record and then perform actions (like update or delete) on that record. Without transactions it is not possible to make sure the record still exists after you read it.

Using LDIF requires ldap client binaries. You can chose between the following client programs.

  • ldapsearch
  • ldapcompare
  • ldapcmp
  • ldapdelete
  • ldapmodify

Those binaries can be found in the Open Ldap distribution or in the Sun ONE Directory SDK for C 5.08 (
To import data ldapmodify is the best choice. It is necessary to call that binary with the right connect parameters which are host name, user name, password and of course the file to import. The php code snippet would look like the following (the call itself is done by the PHP function proc_open):

The Code creates a command string with the needed connection parameters and the filename. This string is used as a parameter of the proc_open function which executes the command. That has the effect that the LDIF file is imported and cannot be disturbed by any other client, in other words it is executed atomically which leads to the concept of transactions.