Get all possible attributes and all objectClasses from openLDAP in PHP

Question

I have to write LDAP editor in PHP. LDAP is used for store network devices (switch,AP,..). So, it is not normal functionality and I found lot of problems. The biggest problem is

Answer 1

why not?

There will be a subschema entry per server which comprises all the objectclasses and attributetypes. (including AD)

But the subschema entry dn may be different in each implementation, this can be looked up from rootDSE attribute "subschemasubentry"

-AD example-
ldapsearch -s base -b "" -D cn=Administrator,cn=users,dc=domain,dc=com -w 'password' -x -h 192.168.3.10 objectClass=* subschemasubentry

**OUTPUT:**
dn:
subschemaSubentry: CN=Aggregate,CN=Schema,CN=Configuration,DC=domain,DC=com


-OpenLdap example-
ldapsearch -s base -b "" -D cn=Administrator,dc=capua,dc=com -w password -x -h 192.168.3.11 subschemaSubentry 

**OUTPUT:**
#
dn:
objectClass: top
objectClass: OpenLDAProotDSE
subschemaSubentry: cn=Subschema

Also, note the search scope. It should be BASE_LEVEL, otherwise it wont return any result.

After this search the subschema for objectclasses and attributetypes.

ldapsearch -s base -b "cn=subschema" -D cn=Administrator,dc=capua,dc=com -w password -x -h 192.168.3.11  objectclass=subschema objectclasses attributetypes

This will return all the objectclasses and attributetypes as string. You dont have an option of querying list of attribute of a given objectclass. You can ONLY get the ldif output of all stored objetclass and attribute. Probably you can write a parser or create some ldif object if that works. But if its AD you might have little flexibility by directly querying cn=Schema,cn=configuration.

Have a look at the php code. Assuming $ld is connected. Some directory server allows anonymous read on the subschema, in which case you dont need to bind.

  //Get the subschema dn from rootDSE
  $search = ldap_read($ld, "", "objectclass=*", array('*', 'subschemasubentry'));
  $entries = ldap_get_entries($ld, $search);
  $schemadn = $entries[0]["subschemasubentry"][0];

  print "Searching ". $schemadn . "
";

  // Read all objectclass, attributetype from subschema
  $schsearch = ldap_read($ld, $schemadn, "objectClass=subSchema", array('objectclasses', 'attributetypes'));
  $schentries = ldap_get_entries($ld, $schsearch);

  $count = $schentries[0]["attributetypes"]["count"];

  print "Printing all attribute types 
";
  for ($i=0; $i<$count; $i++)
     print $schentries[0]["attributetypes"][$i] . "
";


  $count = $schentries[0]["objectclasses"]["count"];

  print "Printing all objectclasses 
";
  for ($i=0; $i<$count; $i++)
     print $schentries[0]["objectclasses"][$i] . "
";