tags:

views:

172

answers:

3
+3  Q: 

How do I retrieve a list of only those users and groups that have been added since a certain date from an LDAP directory?

My application does an LDAP query once a day and fetches all the users and groups in a given container. Once it is fetched, my app goes iterates through the list of users of groups, adding only the new ones to my application's database (it adds only username).

If there are 50,000 users, my application server is busy for 45 minutes every day performing this operation.

Is there any way to specify that I need a "delta" in my LDAP query so that I retrieve only those users who got added/modified/deleted since my last LDAP query?

+2  A: 

I think there should be a modifyTimestamp on each entry. Take a peek with something like softerra ldap browser (http://download.softerra.com/files/ldapbrowser26.msi). If it exists you should be able to add a condition to your ldap query to look for entries that have been changed since you last ran the sync job.

pjp  2009-08-17 07:28:50
+1  A: 

It depends on your directory. There should be an attribute such as a timestamp or sequence number that you can use to filter your LDAP query with. In Active Directory for instance, the value is 'uSNChanged'.

Andrew Strong  2009-08-17 07:45:07
+1  A: 

There are two main choices for tracking changes: polling and DirSync. These articles should give you some background and help you to choose what's best for you.

http://support.microsoft.com/kb/891995

http://msdn.microsoft.com/en-us/library/ms677974%28VS.85%29.aspx

and here's some .NET stuff:

http://msdn.microsoft.com/en-us/library/system.directoryservices.directorysynchronization.aspx

serialhobbyist  2009-08-17 14:30:00
thanks guys , I shall try all of them . Between i use openLDAP and e-directory
 2009-08-18 15:26:34
Ah, apologies: I was talking about AD rather than LDAP in general.
serialhobbyist  2009-08-18 16:27:01

related questions

ejabberd - LDAP authentication
Check LDAP connection (Java)
Different spring XML files for development environment vs. deployment when using maven
How do I add custom properties to an AD group in Windows?
How to use client certificates in Apache httpd to connect to an LDAP for authorization?
Getting all direct Reports from Active Directory
Implementing LDAP compliance
Updating OpenLDAP using a Java class
bind Linux to Active Directory using kerberos
I want to use an LDAP client here at work to talk to Active Directory. How can I discover on my own the IP I should be aiming at?
Authenticating in PHP using LDAP through Active Directory
How can I configure Microsoft ADAM to be similar to Active Directory?
LDAP entire subtree copy
App to Change Ldap Password for a JIRA/SVN server
Authenticating against active directory using python + ldap
Example client implementation for the Service Location Protocol?
How can you find available ldap servers from a computer in the same network, but different domain?
How to connect to LDAP store with VB6
VB.Net "There is a naming violation" Error with open ldap for creating user
Querying Active Directory with "SQL"?
Is there an ldap C/C++ library that provides fail over?
How do I speed up data retrieval from .NET AD within ColdFusion
How do you authenticate against an Active Directory server using Spring Security?
Managing large user databases for single-signon.
Mail Storage Quota Checker in C#