Question
Sorry if I don't get the exact phrases here, I'm pretty new to this area...
I'm using Spring LDAP to authenticate/validate users. I want to be able to get notification sfrom LDAP once there have been changes like removing or updating users.
I know I can have something like a scheduled task that will run and will check the specific users or groups i'm interested in, but I'm looking for something that gives me unsolicited notifications.
I looked online and found the following: http://docs.oracle.com/javase/tutorial/jndi/ldap/unsol.html and this looks promising, but i don't understand how to use it, plus I don't think spring really supports it and that i'll have to use the jndi classes, like in the attached link.
Also, it looks like the only notifications I will get are Notice of disconnection: https://www.rfc-editor.org/rfc/rfc4511#section-4.4 is that true?
And finally, I used the sample code I found, but I didn't get any notification from my AD server, is it because I'll only get notification about disconnection, or is there a setting i need to set in AD to enable these notifications?
Here is the sample code. I tried several DNs for the lookup and the ctx.addNamingListener, but maybe someone has a better idea for what I need to use there.
https://stackoverflow.com/questions/18985637
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
Russianclass RegUnsol {
public static void main(String[] args) {
// Set up environment for creating initial context
Hashtable<String, Object> env = new Hashtable<String, Object>(11);
env.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");
env.put(Context.PROVIDER_URL, "ldap://MY_AD_IP");
env.put(Context.SECURITY_AUTHENTICATION, "simple");
env.put(Context.SECURITY_PRINCIPAL,
"CN=Administrator,CN=Users,DC=sanity,DC=local");
env.put(Context.SECURITY_CREDENTIALS, "SOME_PASSWORD");
try {
// Get event context for registering listener
EventContext ctx = new InitialContext(env)
.lookup("CN=Users,DC=sanity,DC=local");
// Create listener
NamingListener listener = new UnsolListener();
// Register listener with context (all targets equivalent)
ctx.addNamingListener("CN=Users,DC=sanity,DC=local",
EventContext.ONELEVEL_SCOPE, listener);
// Wait 1 minutes for listener to receive events
try {
for (int i = 0; i < 5; i++) {
Thread.sleep(60000);
}
} catch (InterruptedException e) {
System.out.println("sleep interrupted");
}
// Not strictly necessary if we're going to close context anyhow
ctx.removeNamingListener(listener);
// Close context when we're done
ctx.close();
} catch (NamingException e) {
e.printStackTrace();
}
}
/**
* A sample UnsolicitedNotificationListener.
*/
static class UnsolListener implements UnsolicitedNotificationListener {
@Override
public void notificationReceived(UnsolicitedNotificationEvent evt) {
System.out.println("received: " + evt);
}
@Override
public void namingExceptionThrown(NamingExceptionEvent evt) {
System.out.println(">>> UnsolListener got an exception");
evt.getException().printStackTrace();
}
}
}
Solution
THe unsolicited notification will not help you. (AFAIK, the only notification any server implements is a notice of disconnection)
You could implement a persistent search if you need the information in realtime.
Or you could query, periodically, to see who got changed and by whom.
Either method, you would look at modifiedTimeStamp and modifierName.
I found a JNDI implementation.
OTHER TIPS
Just add a JNDI NamingListener. Sample code for that is provided in the package documentation for javax.naming.event.
The UnsolicitedNotification is sent by servers to connected clients when an event transpires that requires clients to be notified, for example, the client is going to be disconnected.
Your client requires change notification. A change notification is dependent on the server in use. Many professional-quality servers support the persistent search for this purpose. The link describes the persistent search and provides a complete example of its use using the UnboundID LDAP SDK.
Alternatively, many servers support the notion of a change log. The legacy Sun DSEE server supports this notion by the name of the retro change log. The UnboundID Directory Server also supports a change log (as well as change notifications by other means).
