LDAP/PHP - When to Unbind

Question

I have around 12 PHP functions, each one makes a call to $ldap_connect which makes use of ldap_bind()

So - does this mean that when I call all functions my ldap server makes 12 ldap binds?

If so - when should the ldap_unbind() function be used? I have tried searching this but nothing fruitful came up, all I seemed to find was "unbind every time" but that isn't really specific. Does that mean put an unbind in all 12 functions just before it returns the data or unbind on my logout page where I also do a session_destroy() ?

Thanks

EDIT: CODE

function create_ldap_connection($username, $password) {
$ip = "MY LDAP SERVER";
$port = 389;

/* Binding */


$username = "DOMAIN\\" . $username;

$ldap_conn = ldap_connect($ip, $port) or die("Sorry! Could not connect to LDAP server ($ip)");
ldap_set_option($ldap_conn, LDAP_OPT_PROTOCOL_VERSION, 3) or die ("Couldn't set option version 3");
$starttls = ldap_start_tls($ldap_conn) or die ("Couldn't start secure TLS connection");
$result = ldap_bind($ldap_conn, $username, $password) or die("Error: Couldn't bind to server using provided credentials!");

if($result) {
return $ldap_conn;
} else {
die("
Error: Couldn't bind to server with supplied credentials!");
}
}

Then I use $ldap_conn = create_ldap_connection($user, $pass);

So, my 2 of my functions would be:

function get_user_givenName($ldap_conn, $user_name, $ou) {


$basedn = "MY BASE DN";


$searchResults = ldap_search($ldap_conn, $basedn, $user_name);

if (!is_resource($searchResults))
die('Error in search results.');


$entry = ldap_first_entry($ldap_conn, $searchResults);
$attrs = ldap_get_attributes($ldap_conn, $entry);

return $attrs["givenName"][0];

}

function get_user_cn($ldap_conn, $user_name, $ou) {


$basedn = "MY BASE DN";


$searchResults = ldap_search($ldap_conn, $basedn, $user_name);

if (!is_resource($searchResults))
die('Error in search results.');


$entry = ldap_first_entry($ldap_conn, $searchResults);
$attrs = ldap_get_attributes($ldap_conn, $entry);

return $attrs["cn"][0];

}

heiglandreas heiglandreas · Accepted Answer · 2015-07-15T05:39:29

As soon as you bind on a connection a previous bind on that connection is "unbound" and replaced with the current bind. So there is no need to use unbind 12 times if you use the same connection.

But when you connect and bind 12 times chances are great that you have 12 concurrent connections to the LDAP-Server which might not really be what you want.

So perhaps you should reconsider the setup of your functions to call ldap_connect (and ldap_bind) once and then use that connection 12 times instead of creating that connection 12 times. That might reduce the overhead.

A good example would be something like this:

$con = ldap_connect([$params]);
ldap_bind($con, [remaining params]);

ldap_[otherfunc]($con, [remaining params]);

A bad example would be something like this:

function connect() {
    $con = ldap_connect([params]);
    ldap_bind($con, [remaining params]);
    return $con;
}

ldap_[otehrfunc](conncet(), [remaining params]);

That would create a new ldap-connection on every call to connect().

To change that into a "good" example you should change that as follows to use the connection multiple times:

$con = connect();
ldap_[otherfunc]($con, [remaining params]);

LDAP/PHP - When to Unbind

1 Answers