Use symfony/ldap

Yes, an OO wrapper would be nice. But I don't understand your (fast) example.
There are a lot better wrappers and libraries. Just check packagist.org/…?q=ldap!
I favour the three packages "zendframework/zend-ldap", "tiesa/ldap" and "symfony/ldap". The symfony ldap component is being written, current status in the main repository: github.com/symfony/symfony/…/src/Symfony/Component/Ldap
Comparing the available packages you can pick the Zend one. The others are: one maintainer or not ready to use or only for the usage on top of a active directory.

So currently we can discuss about using and integrating the zendframework ldap component. I would prefer this because in my opinion it would make the error handling a lot easier.

I've played around with this but have not gotten very far. This splits into two aspects:

Choosing the right library: Just from a framework point of view, using symfony/ldap makes sense to me but the documentation is rather limited and not many examples exist, which makes it difficult to restructure our requests from PHP ldap calls to that library. I'd rather not depend on Zend here but if it handled complex cases such as nested groups for us, that would be a game changer.

I would love to get input from someone familiar with one or both libraries.

Porting existing code: From my point of view it seems that the Server class would have to support both variants until we have migrated everything since the codebase is so interdependent that it's not just replacing 10 lines and we are done. This is especially the case because we sometimes make use of extremely low-level manipulation and sometimes hand that over to other modules such as ldap_user and ldap_authentication.

I'd really to get this in but at least one issue currently blocking this: As far as I can tell symfony/ldap does not support paged LDAP queries. I've attached my work up to that point (lots still missing).

Making great progress, will be available via 4.x branch soonish.

Moved

I hope to have an alpha-quality branch ready in 1-2 weeks in 4.x. Most operations do work but I have a massive commit for that still pending locally while I work out two more issues a) user mapping refactoring and b) to-ldap events based on event listeners, to not commit something broken.

Still blocked in infrastructure, otherwise basically done.

Hi, what do you mean by It's blocked in infrastructure?

Hi

Please see #2996116: Unable to override PHP ext dependency. I've been unable to get guidance from the infrastructure team on how to deal with the php-ldap dependency and think I've tried basically anything which could work, except forking symfony/ldap.

Since there is no movement by the infrastructure team I've now forked symfony/ldap. While I really don't want to be doing this I don't see any other choice for now. Tracking that in #3097854: Switch grahl/ldap to symfony/ldap.