1

I want to get changes for user entities from active directory(AD) with UnboundID LDAP SDK.

Does AD support Persistent Search or Entry Change Notification by default or I must to do any settings?

Thanks in advance

nikelyn
  • 518
  • 3
  • 13

2 Answers2

1

Based on the suggested comments, LDAP_SERVER_NOTIFICATION_OID control implementation should work on AD. See this very basic test example: 

// LDAP_SERVER_NOTIFICATION_OID (1.2.840.113556.1.4.528)
@Test
public void test_LDAP_SERVER_NOTIFICATION_OID() throws LDAPException, InterruptedException
{
    AsyncSearchResultListener myAsyncSearchResultListener = new MyLdapChangeAsyncListener();

    SearchRequest searchRequest = new SearchRequest(
            myAsyncSearchResultListener,
            "DC=test,DC=lab,DC=com",  // baseDN
            SearchScope.SUB,
            Filter.createPresenceFilter("objectClass"), null);

    Control myControl = new Control("1.2.840.113556.1.4.528");
    searchRequest.addControl(myControl);

    AsyncRequestID asyncSearchId = connection.asyncSearch(searchRequest);

    // Wait 15 seconds for changes to be returned
    Thread.sleep(15000);

    connection.abandon(asyncSearchId);
    connection.close();

}


private class MyLdapChangeAsyncListener implements AsyncSearchResultListener
{
    @Override
    public void searchEntryReturned(SearchResultEntry searchEntry)
    {
        System.out.println(" >>> ldap searchEntryReturned: " + searchEntry);
    }

    @Override
    public void searchReferenceReturned(SearchResultReference searchReference)
    {
        System.out.println(" >>> ldap searchReferenceReturned: " + searchReference);
    }

    @Override
    public void searchResultReceived(AsyncRequestID requestID, SearchResult searchResult)
    {
        System.out.println(" >>> ldap searchResultReceived: " + requestID + " / " + searchResult);
    }

}

The test does not do much. Waits for 15 seconds meanwhile any changes within the baseDN should be printed out.

István Békési
  • 993
  • 4
  • 16
  • 27
0

You have to use the extended search operation on Active Directory which allows you to register to be notified when a change occurs.

This is the OID provided by Microsoft AD for doing so :

https://msdn.microsoft.com/en-us/library/aa366983(v=vs.85).aspx

In terms of UnboundID LDAP SDK, it seems this control should do what you need to be this control (but not a Java expert):

https://docs.ldap.com/ldap-sdk/docs/javadoc/com/unboundid/ldap/sdk/experimental/ActiveDirectoryDirSyncControl.html

Esteban
  • 1,752
  • 1
  • 8
  • 17
  • 1
    The DirSync control is an LDAP Control (OID 1.2.840.113556.1.4.841 ) so it is not the same as the one referenced in the first link; But may be a good choice for the desired result. AFIK, the UnboundID LDAP SDK does NOT support the LDAP_SERVER_NOTIFICATION_OID (1.2.840.113556.1.4.528) directly but is should be fairly straight forward to implement. – jwilleke Sep 14 '17 at 08:40
  • @jwilleke Thanks for pointing it out. I'm not Java expert, and so just checked the UnboundID documentation by curiosity without searching further. I'll will edit my answer to include your point. – Esteban Sep 14 '17 at 09:13
  • Thanks for answer. Needn't active direcory tune? Methods of the listener aren't invoked (in terms of UnboundID LDAP SDK) when i change any attribute of the entry. I tried with custom control (code the same as PersistentSearchRequestControl) but with other oid(1.2.840.113556.1.4.528). Unfortunatly, it is not possible to install dirSync. – nikelyn Sep 15 '17 at 15:15