Helpers

LdapRecord provides some helper classes and utility functions you may find useful in your application.

Distinguished Names

use LdapRecord\Models\Attributes\DistinguishedName;

The DistinguishedName utility class allows you to parse Distinguished Name's, and perform various operations.

make

Make a new Distinguished Name instance:

$dn = DistinguishedName::make('cn=John Doe,dc=local,dc=com');

build

Make a new Distinguished Name Builder instance:

// Pre-populate a builder:
$builder = DistinguishedName::build('cn=John Doe,dc=local,dc=com');

// Start from scratch:
$builder = DistinguishedName::build();

of

Alias of the build method:

// Pre-populate a builder:
$builder = DistinguishedName::of('cn=John Doe,dc=local,dc=com');

// Start from scratch:
$builder = DistinguishedName::of();

isValid

Determine if the given string is a valid Distinguished Name:

// true
DistinguishedName::isValid('cn=John Doe,dc=local,dc=com');

// true
DistinguishedName::isValid('cn=John');

// false
DistinguishedName::isValid('String containing rdn cn=John');

// false
DistinguishedName::isValid(null);

// false
DistinguishedName::isValid('');

get

Get the full value of the Distinguished Name:

$dn = DistinguishedName::make('cn=John Doe,dc=local,dc=com');

// "cn=John Doe,dc=local,dc=com"
$dn->get();

set

Set the value of the Distinguished Name:

$dn = DistinguishedName::make('cn=other,dc=local,dc=com');

$dn->set('cn=John Doe,dc=local,dc=com');

// "cn=John Doe,dc=local,dc=com"
$dn->get();

explode

Explode a Distinguished Name string:

$dn = DistinguishedName::explode('cn=john doe,dc=local,dc=com');

// [
//   "cn=john doe",
//   "dc=local",
//   "dc=com",
// ]
var_dump($dn);

explodeRdn

Explode a Relative Distinguished Name string:

[$attribute, $value] = DistinguishedName::explodeRdn('cn=john doe');

// "cn"
echo $attribute;

// "john doe"
echo $value;

makeRdn

Make a Relative Distinguished Name string:

$rdn = DistinguishedName::makeRdn(['cn', 'john doe']);

// "cn=john doe"
echo $rdn;

unescape

$unescaped = DistinguishedName::unescape('\6a\6f\68\6e\2c\64\6f\65');

// "doe, john"
echo $unescaped;

name

Get the Relative Distinguished Name's value:

$dn = DistinguishedName::make('cn=John Doe,dc=local,dc=com');

// "John Doe"
$dn->name();

head

Get the Relative Distinguished Name's attribute:

$dn = DistinguishedName::make('cn=John Doe,dc=local,dc=com');

// "cn"
$dn->head();

relative

Get the Relative Distinguished Name:

$dn = DistinguishedName::make('cn=John Doe,dc=local,dc=com');

// "cn=John Doe"
$dn->relative();

parent

Get the parent Distinguished Name:

$dn = DistinguishedName::make('cn=John Doe,dc=local,dc=com');

// "dc=local,dc=com"
$dn->parent();

values

Get the values of each DN component:

$dn = DistinguishedName::make('cn=John Doe,dc=local,dc=com');

// array:3 [
//  0 => "John Doe"
//  1 => "local"
//  2 => "com"
// ]
$dn->values();

components

Get the Relative Distinguished Name's of each DN component:

$dn = DistinguishedName::make('cn=John Doe,dc=local,dc=com');

// array:3 [
//  0 => "cn=John Doe"
//  1 => "dc=local"
//  2 => "dc=com"
// ]
$dn->components();

assoc

Get an associative array of the Distinguished Name component's, grouping them using their attribute name:

$dn = DistinguishedName::make('cn=John Doe,dc=local,dc=com');

// array:2 [
//  "cn" => array:1 [
//    0 => "John Doe"
//  ]
//  "dc" => array:2 [
//    0 => "local"
//    1 => "com"
//  ]
// ]
$dn->assoc();

multi

Split the Relative Distinguished Name's of each DN component into an associative array:

$dn = DistinguishedName::make('cn=John Doe,dc=local,dc=com');

// array: 3 [
//   0 => ['cn', 'John'],
//   1 => ['ou', 'local'],
//   2 => ['dc', 'local'],
// ]
$dn->multi();

isEmpty

Determine if the Distinguished Name has any values:

// false
DistinguishedName::make('cn=John Doe,dc=local,dc=com')->isEmpty();

// false
DistinguishedName::make('cn=John Doe')->isEmpty();

// true
DistinguishedName::make(null)->isEmpty();

// true
DistinguishedName::make('')->isEmpty();

isParentOf

Determine if the Distinguished Name is a direct parent of the given child:

$dn = DistinguishedName::make('ou=users,dc=local,dc=com');

// false
$dn->isParentOf(
  DistinguishedName::make('ou=accounting,dc=local,dc=com')
);

// true
$dn->isParentOf(
  DistinguishedName::make('ou=office,ou=users,dc=local,dc=com')
);

isChildOf

Determine if the Distinguished Name is a direct child of the given parent:

$dn = DistinguishedName::make('cn=John Doe,dc=local,dc=com');

// false
$dn->isChildOf(
  DistinguishedName::make('ou=users,dc=local,dc=com')
);

// true
$dn->isChildOf(
  DistinguishedName::make('dc=local,dc=com')
);

isAncestorOf

Determine if the Distinguished Name is an ancestor of the given descendant/child:

$dn = DistinguishedName::make('ou=users,dc=local,dc=com');

// false
$dn->isAncestorOf(
  DistinguishedName::make('dc=local,dc=com')
);

// true
$dn->isAncestorOf(
  DistinguishedName::make('ou=accounting,ou=users,dc=local,dc=com')
);

// true
$dn->isAncestorOf(
  DistinguishedName::make('ou=other,ou=accounting,ou=users,dc=local,dc=com')
);

isDescendantOf

Determine if the Distinguished Name is an descendant of the given ancestor/parent:

$dn = DistinguishedName::make('cn=John Doe,ou=accounting,ou=users,dc=local,dc=com')

// false
$dn->isDescendantOf(
  DistinguishedName::make('ou=admin,dc=local,dc=com')
);

// true
$dn->isDescendantOf(
  DistinguishedName::make('ou=users,dc=local,dc=com')
);

// true
$dn->isDescendantOf(
  DistinguishedName::make('ou=accounting,ou=users,dc=local,dc=com')
);

Distinguished Name Building

The Distinguished Name Builder allows you to build and transform Distinguished Names.

use LdapRecord\Models\Attributes\DistinguishedNameBuilder;

components

Get all of the components of the DN.

$dn = DistinguishedName::build('cn=john doe,ou=users,dc=local,dc=com');

// array:4 [
//   0 => array:2 [
//     0 => "cn"
//     1 => "john doe"
//   ]
//   1 => array:2 [
//     0 => "ou"
//     1 => "users"
//   ]
//   2 => array:2 [
//     0 => "dc"
//     1 => "local"
//   ]
//   3 => array:2 [
//     0 => "dc"
//     1 => "com"
//   ]
// ]
$dn->components();

Get the components of a particular type:

$dn = DistinguishedName::build('cn=john doe,ou=users,dc=local,dc=com');

// array:2 [
//   0 => array:2 [
//     0 => "dc"
//     1 => "local"
//   ]
//   1 => array:2 [
//     0 => "dc"
//     1 => "com"
//   ]
// ]
$dn->components('dc');

prepend

Prepend an RDN onto the DN.

$dn = DistinguishedName::build('dc=com');

// Use an attribute and value:
$dn->prepend('dc', 'local');

// Use an RDN:
$dn->prepend('cn=john');

// "cn=john,dc=local,dc=com"
$dn->get();

append

Append an RDN onto the DN.

$dn = DistinguishedName::build('cn=john');

// Use an attribute and value:
$dn->append('dc', 'local');

// Use an RDN:
$dn->append('dc=com');

// "cn=john,dc=local,dc=com"
$dn->get();

pop

Pop an RDN off of the end of the DN.

// "cn=john,dc=local"
DistinguishedName::build('cn=john,dc=local,dc=com')
  ->pop()
  ->get();

// "cn=john"
DistinguishedName::build('cn=john,dc=local,dc=com')
  ->pop(2)
  ->get();

// "cn=john"
DistinguishedName::build('cn=john,dc=local,dc=com')
  ->pop(2, $removed)
  ->get();

// array:2 [
//   0 => "dc=local"
//   1 => "dc=com"
// ]
var_dump($removed);

shift

Shift an RDN off of the beginning of the DN.

// "dc=local,dc=com"
DistinguishedName::build('cn=john,dc=local,dc=com')
  ->shift()
  ->get();

// "dc=com"
DistinguishedName::build('cn=john,dc=local,dc=com')
  ->shift(2)
  ->get();

// "dc=com"
DistinguishedName::build('cn=john,dc=local,dc=com')
  ->shift(2, $removed)
  ->get();

// array:2 [
//   0 => "cn=john"
//   1 => "dc=local"
// ]
var_dump($removed);

reverse

Whether to output the DN in reverse.

// "dc=com,dc=local,cn=john"
DistinguishedName::build('cn=john,dc=local,dc=com')
  ->reverse()
  ->get();

Long Chain Example

$dn = DistinguishedName::of('cn=John Doe,dc=local,dc=com')
    ->shift(1, $removed)
    ->prepend('ou', 'users')
    ->prepend($removed)
    ->pop(1, $removed)
    ->append('dc', 'org')
    ->append($removed)
    ->get();

// "cn=John Doe,ou=users,dc=local,dc=org,dc=com"
echo $dn;

Passwords

use LdapRecord\Models\Attributes\Password;

The Password helper allows you to create hashed passwords, as well as encode them for transmission to your LDAP server.

encode

Make an encoded password for transmission over LDAP.

// "\x00s\x00e\x00c\x00r\x00e\x00t\x00"\x00"
Password::encode('secret');

smd5

Make a salted md5 password.

// "{SMD5}i3f4A6FAN0MDFaaZU23fu8FcHw4="
Password::smd5('secret');

// "{SMD5}mc0uWpXVVe5747A4pKhGJXNhbHQ="
Password::smd5('secret', 'salt');

ssha

Make a salted SHA password.

// "{SSHA}L8EHaF8fyBVlTrvHbdE5/7MnCN1sR4az"
Password::ssha('secret');

// "{SSHA}gVK8WC9YyFT1gMsQHTGCgT3sSv5zYWx0"
Password::ssha('secret', 'salt');

ssha256

Make a salted SSHA256 password.

// "{SSHA256}f30+bbvnM24awEIG2iLZ12TcsjFT7e+OP3/fFmmqMZNdQRP/"
Password::ssha256('secret');

// "{SSHA256}+E+iFJ27Yu1ODPH1UNKUmzOmUT06dwfghQJRHHnMsO5zYWx0"
Password::ssha256('secret', 'salt');

ssha384

Make a salted SSHA384 password.

// "{SSHA384}x57dAvYd0LnqXDLxgmCqgrR585r2Ej4Lyxm+SQqY2fr1yzgIGz/t48MlKwEy+96jeShdcg=="
Password::ssha384('secret');

// "{SSHA384}BPdC1qPVnOtOWlZBhlNvMSsThLk7gG0moXRB2Ulg+UGkFToChXZ4jNzGfK5Uh3Otc2FsdA=="
Password::ssha384('secret', 'salt');

ssha512

Make a salted SSHA512 password.

// "{SSHA512}udY8kkohMXfh4YKmrMWbXk1CWf2xpzarDAOLTPBezod5JSwbgMvgCAjeJiYvmfrsfyHlVqc/4nmfaH7Hlvumo/cB2Jg="
Password::ssha512('secret');

// "{SSHA512}E491yrR9AdCoE7rbOPYS3EZgSuZpVE65AD9xko08s6floNesY/Zpe9zMVvLix4S2FiQSJ99RIkNvhHomNO9uL3NhbHQ="
Password::ssha512('secret', 'salt');

sha

Make a non-salted SHA password.

// "{SHA}5en6G6MezRroT3XKqkdPOmY/BfQ="
Password::sha('secret');

sha256

Make a non-salted SHA256 password.

// "{SHA256}K7gNU3sdo+OL0wNhqoVWhr3g6s1xYv72ol/pe/Unols="
Password::sha256('secret');

sha384

Make a non-salted SHA384 password.

// "{SHA384}WKd1ukESvjAFrkQHznV9iP2nHUBJe7gCbsrFTU4//HIyzo3jq1rLMK45dg/ufFPt"
Password::sha384('secret');

sha512

Make a non-salted SHA512 password.

// "SHA512}vSsar3708Jvp9Szi2NWZZ02Bqp1qRCFpbcTZPdBhnWgs5WtNZKnvCXdhztmeD2cmW192CF5bDufKRpayrW/isg=="
Password::sha512('secret');

md5

Make a non-salted md5 password.

// "{MD5}Xr4ilOzQ4PCOq3aQ0qbuaQ=="
Password::md5('secret');

md5Crypt

Crypt password with an MD5 salt.

// "{CRYPT}$1$hYstY89O$EHfOOWhp4qJ0.lDJ2owwb."
Password::md5Crypt('secret');

// "{CRYPT}saHW9GdxihkGQ"
Password::md5Crypt('secret', 'salt');

sha256Crypt

Crypt password with a SHA256 salt.

// "{CRYPT}$5$aRmWk3iiWxTdJ$iTy8QAfarSnilA3nM6SSH67qB2VpZiRbxXkA4FddfdD"
Password::sha256Crypt('secret');

// "{CRYPT}saHW9GdxihkGQ"
Password::sha256Crypt('secret', 'salt');

sha512Crypt

Crypt a password with a SHA512 salt.

// "{CRYPT}$6$GcGAYPV4NIvbC$odXh0cW4xldt2YUTqCaxjwFvRjiLA4CyDsQYaY1zLEfB4XXzsq6MFru9TAMbzR8hs0nJjmi5fFHrAB9hmaFF.."
Password::sha512Crypt('secret');

// "{CRYPT}saHW9GdxihkGQ"
Password::sha512Crypt('secret', 'salt');

GUID

A utility class for parsing and validating Object GUIDs.

use LdapRecord\Models\Attributes\Guid;

isValid

Determine if a given string is a valid GUID:

// Returns "true"
Guid::isValid('59e5e143-a50e-41a9-bf2b-badee699a577');
Guid::isValid('8be90b30-0bbb-4638-b468-7aaeb32c74f9');
Guid::isValid('17bab266-05ac-4e30-9fad-1c7093e4dd83');

// Returns "false"
Guid::isValid('Invalid GUID');
Guid::isValid('17bab266-05ac-4e30-9fad');
Guid::isValid('');

getHex

Get the hexadecimal representation of the GUID string:

$guid = '270db4d0-249d-46a7-9cc5-eb695d9af9ac';

// "d0b40d279d24a7469cc5eb695d9af9ac"
(new Guid($guid))->getHex();

getEncodedHex

Get the encoded hexadecimal representation of the GUID string:

$guid = '270db4d0-249d-46a7-9cc5-eb695d9af9ac';

// "\d0\b4\0d\27\9d\24\a7\46\9c\c5\eb\69\5d\9a\f9\ac"
(new Guid($guid))->getEncodedHex();

getValue

Get the string representation of the GUID:

$guid = '270db4d0-249d-46a7-9cc5-eb695d9af9ac';

// "270db4d0-249d-46a7-9cc5-eb695d9af9ac"
(new Guid($guid))->getValue();

getBinary

Get the binary representation of the GUID string:

$guid = '270db4d0-249d-46a7-9cc5-eb695d9af9ac';

// "b"ð┤\r'Ø$ºF£┼Ùi]ܨ¼""
(new Guid($guid))->getBinary();

SID

A utility class for parsing and validating Object SIDs.

use LdapRecord\Models\Attributes\Sid;

isValid

Determine if a string is a valid SID:

// Returns "true"
Sid::isValid('S-1-5-21-362381101-336104434-3030082-101');
Sid::isValid('S-1-5-21-362381101-336104434');
Sid::isValid('S-1-5-21-362381101');
Sid::isValid('S-1-5-21');
Sid::isValid('S-1-5');

// Returns "false"
Sid::isValid('Invalid SID');
Sid::isValid('S-1');
Sid::isValid('');

getValue

Get the string representation value of the SID:

$sid = 'S-1-5-21-362381101-336104434-3030082-101';

// "S-1-5-21-362381101-336104434-3030082-101"
(new Sid($sid))->getValue();

getBinary

Get the binary representation value of the SID:

$sid = 'S-1-5-21-362381101-336104434-3030082-101';

// "b"\x01\x05\x00\x00\x00\x00\x00\x05\x15\x00\x00\x00-\x7F™\x15ò‹\x08\x14B<.\x00e\x00\x00\x00"
(new Sid($sid))->getBinary();

Timestamp

A utility class for transforming dates to and from LDAP timestamps.

use LdapRecord\Models\Attributes\Timestamp;

Timestamp Types

To begin, create a new Timestamp instance with the type of timestamp you are looking to convert:

$timestamp = new Timestamp(Timestamp::TYPE_LDAP);

$timestamp = new Timestamp(Timestamp::TYPE_WINDOWS);

$timestamp = new Timestamp(Timestamp::TYPE_WINDOWS_INT);

Converting to an LDAP Timestamp

Call fromDateTime() to convert a string, int, DateTime, or Carbon instance to the LDAP timestamp:

// "20230417210756Z"
$ldapTimestamp = (new Timestamp(Timestamp::TYPE_LDAP))
    ->fromDateTime(new \DateTime());

// "20230417210824.0Z"
$windowsTime = (new Timestamp(Timestamp::TYPE_WINDOWS))
    ->fromDateTime(new \DateTime());

// 133262392690000000
$windowsIntegerTime = (new Timestamp(Timestamp::TYPE_WINDOWS_INT))
    ->fromDateTime(new \DateTime());

Converting from an LDAP Timestamp

Call toDateTime() to convert an LDAP timestamp into a PHP Carbon instance:

// Carbon\Carbon
$ldapTimestampAsCarbon = (new Timestamp(Timestamp::TYPE_LDAP))
    ->toDateTime('20230417210756Z');

// Carbon\Carbon
$windowsTimeAsCarbon = (new Timestamp(Timestamp::TYPE_WINDOWS))
    ->toDateTime('20230417210824.0Z');

// Carbon\Carbon
$windowsIntegerTimeAsCarbon = (new Timestamp(Timestamp::TYPE_WINDOWS_INT))
    ->toDateTime(133262392690000000);