LDAP Server Updates and Event Notifications

Question

Is it possible to receive object content change events from an LDAP server? Basically, I'm searching for a solution to integrate light weight directory services with our software via JNDI to setup active directory synchronization. (i.e. I'd like for the consumer application to be notified when a new entry is made or an object state has changed)

Below are a few possibilities I've came up with so far:

1. Enable auditing policy on directory objects and register a listener to read incoming changes from the change log.
2. Implement persistent search against the directory.
3. Mechanism to poll the directory for changes.

Could someone with more intimate knowledge of LDAP care recommending an optimal approach to a novice person like me?

Thanks in advance!

Answer 1

I'm not an ultimate expert on the topic, but I've had very similar requirements in my previous project, and made a thorough research on possible ways to implement synchronization from Active Directory. As far as I know, there is no other solution than the three options you listed above.

I think the third option is the most viable in most of the cases. It's not very difficult to implement the polling logic yourself, but you might be interested in a small java library that already does most of the hard work. It can help you getting started with change tracking in Active Directory very quickly. Check it out here: https://github.com/zagyi/adsync4j

Disclaimer: I'm the author of the library and would love to get some feedback if you end up making use of it.

Answer 2

Your best bet with Microsoft Active Directory is to implement the DirSync Control.

Not sure of code in JNDI to implement DirSync Control but I know there is an implementation with UNBOUNDID LDAP SDK.

-jim