Hi Côme.
Am 26.06.17 um 11:34 schrieb Côme Chilliet: > Hello, > > Some time ago, someone said on the tracker that there was an up to date patch > for php-ldap exop and controls: https://bugs.php.net/bug.php?id=69445 > It appeared the code was in fact not up to date, at least not for PHP7. > > But it was enough to make me try again to work from there to add EXOP support > to PHP-LDAP, so I extracted the part about EXOP from the patch and worked > from there to have something working with current master. > The result is there for now: https://github.com/MCMic/php-src/tree/ldap_exop Thanks for that work! > > At least the methods for passwd and whoami EXOPs are working fine. > > Which PHP release should a change like that target? The first possible release IMHO would be PHP.Next (sadly…), as there's already been a feature-freeze for PHP 7.2… While that means that we have to wait another year until that feature comes into production it also means that we might be able to have a more conscise exop-handling for ldap by then… > Do I need to open an RFC for these methods? As we add functionality to the language we should have one… shouldn't we? > > For now I just fixed code from the original patch mainly but I would like to > rework the API as I’m not convinced by the current state. > ldap_exop and ldap_parse_exop API seems reasonable, but ldap_exop expects ber > encoded data as request data and I’m not sure how to create that. > I think we should add a PHP method to ber encode, or change ldap_exop to > accept an other format and ber encode internally. > For the helper methods for whoami and passwd, I’m a bit puzzled. > They can work like this now: > > ldap_exop_whoami($link, $authzid); // This return TRUE upon success or FALSE > otherwise > $r = ldap_exop_whoami($link); // This return a result object you need to parse > ldap_parse_exop_whoami($link, $r, $authzid); // This will parse the result > object and fill the third param with the result > > I would go for something a lot simpler like ldap_exop_whoami($link) directly > returning the string result, or FALSE if it fails. > > For ldap_exop_passwd, I would go for ldap_exop_passwd($link, $user, $oldpw, > $newpw) which would return FALSE on failure, TRUE on success with a new > password, or the generated password if $newpw is empty. > > So I would ditch ldap_parse_exop_whoami and ldap_parse_exop_passwd. People > can use ldap_exop and ldap_parse_exop if they want to work with result > objects. > I guess we will also need constants for OID of all known EXOP operations out > there. As already mentioned on IRC I'm much more in favour of keeping the naming more simple and use ldap_whoami and ldap_passwd instead of the ldap_exop_whoami and ldap_Exop_passwd as there is no exop-parameter necessary. Though we need to add the requirement of the server handling that to the docs! I'd use the _exop_ part only for functions that actually *need* an exop-parameter. Cheers Andreas -- ,,, (o o) +---------------------------------------------------------ooO-(_)-Ooo-+ | Andreas Heigl | | mailto:andr...@heigl.org N 50°22'59.5" E 08°23'58" | | http://andreas.heigl.org http://hei.gl/wiFKy7 | +---------------------------------------------------------------------+ | http://hei.gl/root-ca | +---------------------------------------------------------------------+
0x5BFCE472.asc
Description: application/pgp-keys
signature.asc
Description: OpenPGP digital signature
