CODEWITHSUNDEEP
active-directoryldapunboundid-ldap-sdk
nikelyn
nikelyn

Reputation: 548

Active Directory. Persistent Search or Entry Change Notification

I want to get changes for user entities from active directory(AD) with UnboundID LDAP SDK.

Does AD support Persistent Search or Entry Change Notification by default or I must to do any settings?

Thanks in advance

Upvotes: 2

Views: 2248

Answers (2)

István Békési
István Békési

Reputation: 1012

Based on the suggested comments, LDAP_SERVER_NOTIFICATION_OID control implementation should work on AD. See this very basic test example: 

// LDAP_SERVER_NOTIFICATION_OID (1.2.840.113556.1.4.528)
@Test
public void test_LDAP_SERVER_NOTIFICATION_OID() throws LDAPException, InterruptedException
{
    AsyncSearchResultListener myAsyncSearchResultListener = new MyLdapChangeAsyncListener();

    SearchRequest searchRequest = new SearchRequest(
            myAsyncSearchResultListener,
            "DC=test,DC=lab,DC=com",  // baseDN
            SearchScope.SUB,
            Filter.createPresenceFilter("objectClass"), null);

    Control myControl = new Control("1.2.840.113556.1.4.528");
    searchRequest.addControl(myControl);

    AsyncRequestID asyncSearchId = connection.asyncSearch(searchRequest);

    // Wait 15 seconds for changes to be returned
    Thread.sleep(15000);

    connection.abandon(asyncSearchId);
    connection.close();

}


private class MyLdapChangeAsyncListener implements AsyncSearchResultListener
{
    @Override
    public void searchEntryReturned(SearchResultEntry searchEntry)
    {
        System.out.println(" >>> ldap searchEntryReturned: " + searchEntry);
    }

    @Override
    public void searchReferenceReturned(SearchResultReference searchReference)
    {
        System.out.println(" >>> ldap searchReferenceReturned: " + searchReference);
    }

    @Override
    public void searchResultReceived(AsyncRequestID requestID, SearchResult searchResult)
    {
        System.out.println(" >>> ldap searchResultReceived: " + requestID + " / " + searchResult);
    }

}

The test does not do much. Waits for 15 seconds meanwhile any changes within the baseDN should be printed out.

Upvotes: 1

Esteban
Esteban

Reputation: 1815

You have to use the extended search operation on Active Directory which allows you to register to be notified when a change occurs.

This is the OID provided by Microsoft AD for doing so :

https://msdn.microsoft.com/en-us/library/aa366983(v=vs.85).aspx

In terms of UnboundID LDAP SDK, it seems this control should do what you need to be this control (but not a Java expert):

https://docs.ldap.com/ldap-sdk/docs/javadoc/com/unboundid/ldap/sdk/experimental/ActiveDirectoryDirSyncControl.html

Upvotes: 0

Related Questions