stackoom
  简体   繁体   中英

java ldap - get info is something changes in to AD

 原文  2019-01-09 22:36:15       java/ spring/ active-directory/ ldap

Question

I'm making a project with java spring where i do specific searches to the content of some attributes from a user or ad group. Also i write some text input to specific attributes.

Now i want to go a little but futher ..

The idea is that i do an open search on a specific AD group of users. When in this group an attributes or something else from a user changes, then the AD must send a message to my java program or something to tell me "attention user x has changed".

If i know that, i can do a new search to look if the attributes has changed of that user.

I know that i can solve this to do every time a search on the timestamp of the users in this AD group .. But it is not the perfect solution. Because then i must do everytime searches to every timestamp. And if there are for example 5000 users in this group. And i start with user 1 and user 4000 has changed yeah .. then it wil take a minut or something until i know that user 4000 has changed.

So i want a real time search thing.

Can you help me with this ? Can you put me into a direction that i can search futher on the web to find a solution or something. Or is this just not possible ?

Thanks a lot

1 answers

solution1
 2 ACCPTED  2019-01-10 03:17:07

Active Directory does not have a push notification feature, so this is not possible to do. You will need to search periodically to find the accounts you want.

You can, however, change your criteria to only find the accounts you want. The whenChanged attributes has the date the account was last changed. You can make a query to ask for members of that group, which have recently changed.

For example: 

(&(objectClass=User)(whenChanged>=20190108000000.0Z)(memberOf=CN=mygroup,OU=Groups,DC=domain,DC=com))

A description of the date format used with whenChanged is here .

The memberOf condition should match the distinguishedName of the group. If the group has other groups inside it and you want to find members of those too, then you can do a recursive search: 

(&(objectClass=User)(whenChanged>=20190108000000.0Z)(memberOf:1.2.840.113556.1.4.1941:=CN=mygroup,OU=Groups,DC=domain,DC=com))

That crazy number is called LDAP_MATCHING_RULE_IN_CHAIN and described here .

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Spring 5, get info from LDAP (AD) LDAP AD, get password How to get all members of AD group via LDAP in Java LDAP AD paging using java Run LDAP queries on AD through JAVA Code Adding a user to AD LDS (ADAM) with Java and LDAP Getting user info from LDAP by using JAVA Get Ldap server version with java LDAP: How to retrieve user data from multiple AD groups in JAVA Get Groups using Ldap in java
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM