I'm making a project with java spring where i do specific searches to the content of some attributes from a user or ad group. Also i write some text input to specific attributes.
Now i want to go a little but futher ..
The idea is that i do an open search on a specific AD group of users. When in this group an attributes or something else from a user changes, then the AD must send a message to my java program or something to tell me "attention user x has changed".
If i know that, i can do a new search to look if the attributes has changed of that user.
I know that i can solve this to do every time a search on the timestamp of the users in this AD group .. But it is not the perfect solution. Because then i must do everytime searches to every timestamp. And if there are for example 5000 users in this group. And i start with user 1 and user 4000 has changed yeah .. then it wil take a minut or something until i know that user 4000 has changed.
So i want a real time search thing.
Can you help me with this ? Can you put me into a direction that i can search futher on the web to find a solution or something. Or is this just not possible ?
Thanks a lot
答案 0 :(得分:2)
Active Directory没有推送通知功能,因此这是不可能的。您将需要定期搜索以找到所需的帐户。
但是,您可以更改条件以仅找到所需的帐户。 whenChanged属性具有帐户上次更改的日期。您可以查询以查询该组中最近更改过的成员。
例如:
(&(objectClass=User)(whenChanged>=20190108000000.0Z)(memberOf=CN=mygroup,OU=Groups,DC=domain,DC=com))
与whenChanged一起使用的日期格式的描述为here。
memberOf条件应与组的distinguishedName相匹配。如果该组中还有其他组,并且您也想查找其中的成员,则可以进行递归搜索:
(&(objectClass=User)(whenChanged>=20190108000000.0Z)(memberOf:1.2.840.113556.1.4.1941:=CN=mygroup,OU=Groups,DC=domain,DC=com))
这个疯狂的数字称为LDAP_MATCHING_RULE_IN_CHAIN,并描述为here。