The Zend_Ldap component accepts an array of options either
supplied to the constructor or through the setOptions()
method. The permitted options are as follows:
Table 82. Zend_Ldap Options
| Name | Description |
|---|---|
| host |
The default hostname of LDAP server if not
supplied to connect() (also may be used
when trying to canonicalize usernames in
bind()).
|
| port |
Default port of LDAP server if not supplied to
connect().
|
| useStartTls |
Whether or not the LDAP client should use
TLS (aka SSLv2) encrypted
transport. A value of TRUE is strongly favored
in production environments to prevent passwords from be transmitted in
clear text. The default value is FALSE, as servers
frequently require that a certificate be installed separately after
installation. The useSsl and
useStartTls options are mutually exclusive.
The useStartTls option should be favored
over useSsl but not all servers support
this newer mechanism.
|
| useSsl | Whether or not the LDAP client should use SSL encrypted transport. The useSsl and useStartTls options are mutually exclusive. |
| username | The default credentials username. Some servers require that this be in DN form. This must be given in DN form if the LDAP server requires a DN to bind and binding should be possible with simple usernames. |
| password | The default credentials password (used only with username above). |
| bindRequiresDn |
If TRUE, this instructs
Zend_Ldap to retrieve the DN for the
account used to bind if the username is not
already in DN form. The default value is FALSE.
|
| baseDn | The default base DN used for searching (e.g., for accounts). This option is required for most account related operations and should indicate the DN under which accounts are located. |
| accountCanonicalForm | A small integer indicating the form to which account names should be canonicalized. See the Account Name Canonicalization section below. |
| accountDomainName | The FQDN domain for which the target LDAP server is an authority (e.g., example.com). |
| accountDomainNameShort | The 'short' domain for which the target LDAP server is an authority. This is usually used to specify the NetBIOS domain name for Windows networks but may also be used by non-AD servers. |
| accountFilterFormat |
The LDAP search filter used to search for accounts.
This string is a sprintf()
style expression that must contain one '%s' to
accommodate the username. The default value is
'(&(objectClass=user)(sAMAccountName=%s))'
unless bindRequiresDn is set to
TRUE, in which case the default is
'(&(objectClass=posixAccount)(uid=%s))'.
Users of custom schemas may need to change this option.
|
| allowEmptyPassword |
Some LDAP servers can be configured to accept an
empty string password as an anonymous bind. This behavior is almost
always undesirable. For this reason, empty passwords are explicitly
disallowed. Set this value to TRUE to allow an
empty string password to be submitted during the bind.
|
| optReferrals |
If set to TRUE, this option indicates to the
LDAP client that referrals should be followed.
The default value is FALSE.
|
| tryUsernameSplit |
If set to FALSE, this option indicates that the
given username should not be split at the first @
or \ character to separate the username from
the domain during the binding-procedure. This allows the user to
use usernames that contain an @ or
\ character that do not
inherit some domain-information, e.g. using email-addresses for
binding. The default value is TRUE.
|