Hello,
Some time ago, someone said on the tracker that there was an up to date patch for php-ldap exop and controls: https://bugs.php.net/bug.php?id=69445
It appeared the code was in fact not up to date, at least not for PHP7.
But it was enough to make me try again to work from there to add EXOP support to PHP-LDAP, so I extracted the part about EXOP from the patch and worked from there to have something working with current master.
The result is there for now: https://github.com/MCMic/php-src/tree/ldap_exop
At least the methods for passwd and whoami EXOPs are working fine.
Which PHP release should a change like that target?
Do I need to open an RFC for these methods?
For now I just fixed code from the original patch mainly but I would like to rework the API as I’m not convinced by the current state.
ldap_exop and ldap_parse_exop API seems reasonable, but ldap_exop expects ber encoded data as request data and I’m not sure how to create that.
I think we should add a PHP method to ber encode, or change ldap_exop to accept an other format and ber encode internally.
For the helper methods for whoami and passwd, I’m a bit puzzled.
They can work like this now:
ldap_exop_whoami($link, $authzid); // This return TRUE upon success or FALSE otherwise
$r = ldap_exop_whoami($link); // This return a result object you need to parse
ldap_parse_exop_whoami($link, $r, $authzid); // This will parse the result object and fill the third param with the result
I would go for something a lot simpler like ldap_exop_whoami($link) directly returning the string result, or FALSE if it fails.
For ldap_exop_passwd, I would go for ldap_exop_passwd($link, $user, $oldpw, $newpw) which would return FALSE on failure, TRUE on success with a new password, or the generated password if $newpw is empty.
So I would ditch ldap_parse_exop_whoami and ldap_parse_exop_passwd. People can use ldap_exop and ldap_parse_exop if they want to work with result objects.
I guess we will also need constants for OID of all known EXOP operations out there.
Côme
Hi Côme.
Am 26.06.17 um 11:34 schrieb Côme Chilliet:
Hello,
Some time ago, someone said on the tracker that there was an up to date patch for php-ldap exop and controls: https://bugs.php.net/bug.php?id=69445
It appeared the code was in fact not up to date, at least not for PHP7.But it was enough to make me try again to work from there to add EXOP support to PHP-LDAP, so I extracted the part about EXOP from the patch and worked from there to have something working with current master.
The result is there for now: https://github.com/MCMic/php-src/tree/ldap_exop
Thanks for that work!
At least the methods for passwd and whoami EXOPs are working fine.
Which PHP release should a change like that target?
The first possible release IMHO would be PHP.Next (sadly…), as there's
already been a feature-freeze for PHP 7.2…
While that means that we have to wait another year until that feature
comes into production it also means that we might be able to have a more
conscise exop-handling for ldap by then…
Do I need to open an RFC for these methods?
As we add functionality to the language we should have one… shouldn't we?
For now I just fixed code from the original patch mainly but I would like to rework the API as I’m not convinced by the current state.
ldap_exop and ldap_parse_exop API seems reasonable, but ldap_exop expects ber encoded data as request data and I’m not sure how to create that.
I think we should add a PHP method to ber encode, or change ldap_exop to accept an other format and ber encode internally.
For the helper methods for whoami and passwd, I’m a bit puzzled.
They can work like this now:ldap_exop_whoami($link, $authzid); // This return
TRUEupon success orFALSEotherwise
$r = ldap_exop_whoami($link); // This return a result object you need to parse
ldap_parse_exop_whoami($link, $r, $authzid); // This will parse the result object and fill the third param with the resultI would go for something a lot simpler like ldap_exop_whoami($link) directly returning the string result, or
FALSEif it fails.For ldap_exop_passwd, I would go for ldap_exop_passwd($link, $user, $oldpw, $newpw) which would return
FALSEon failure,TRUEon success with a new password, or the generated password if $newpw is empty.So I would ditch ldap_parse_exop_whoami and ldap_parse_exop_passwd. People can use ldap_exop and ldap_parse_exop if they want to work with result objects.
I guess we will also need constants for OID of all known EXOP operations out there.
As already mentioned on IRC I'm much more in favour of keeping the
naming more simple and use ldap_whoami and ldap_passwd instead of the
ldap_exop_whoami and ldap_Exop_passwd as there is no exop-parameter
necessary. Though we need to add the requirement of the server handling
that to the docs!
I'd use the exop part only for functions that actually need an
exop-parameter.
Cheers
Andreas
--
,,,
(o o)
+---------------------------------------------------------ooO-(_)-Ooo-+
| Andreas Heigl |
| mailto:andreas@heigl.org N 50°22'59.5" E 08°23'58" |
| http://andreas.heigl.org http://hei.gl/wiFKy7 |
+---------------------------------------------------------------------+
| http://hei.gl/root-ca |
+---------------------------------------------------------------------+
Hi Andreas
2017-06-26 12:45 GMT+02:00 Andreas Heigl andreas@heigl.org:
The first possible release IMHO would be PHP.Next (sadly…), as there's
already been a feature-freeze for PHP 7.2…
The feature freeze comes on July 20th, as per the wiki:
https://wiki.php.net/todo/php72
It is tight, but still possible to get features added =)
--
regards,
Kalle Sommer Nielsen
kalle@php.net
Hi Côme.
Am 26.06.17 um 11:34 schrieb Côme Chilliet:
Hello,
Some time ago, someone said on the tracker that there was an up to date
patch for php-ldap exop and controls: https://bugs.php.net/bug.php?
id=69445
It appeared the code was in fact not up to date, at least not for PHP7.But it was enough to make me try again to work from there to add EXOP
support to PHP-LDAP, so I extracted the part about EXOP from the patch and
worked from there to have something working with current master.
The result is there for now: https://github.com/MCMic/php-
src/tree/ldap_exopThanks for that work!
At least the methods for passwd and whoami EXOPs are working fine.
Which PHP release should a change like that target?
The first possible release IMHO would be PHP.Next (sadly…), as there's
already been a feature-freeze for PHP 7.2…
While that means that we have to wait another year until that feature
comes into production it also means that we might be able to have a more
conscise exop-handling for ldap by then…Do I need to open an RFC for these methods?
As we add functionality to the language we should have one… shouldn't we?
I don't think it is necessary to have RFC for such specific functions. We
added recently similar thing to OpenSSL (openssl_pkcs7_read) - similar in a
way that probably only few people on this list care about it. :) The thing
is that the RFC for such functionality usually won't bring much attention
and people will usually accept it anyway if there are no objection before
that. It's much better to just introduce functionality and wait a week or
so if anyone has an objection. If there is no objection, then I believe it
should be fine to merge.
Cheers
Jakub