LDAP查询更改 [英] LDAP query for changes

问题描述

我在一个项目中，该项目正在创建通用LDAP接口以与LDAP兼容目录(Active Directory等)集成.我们的设计要求我们将LDAP目录中的用户/组(而不是密码)复制到一个单独的数据库中(在这里我不做这个解释).

I am on a project where are creating a generic LDAP interface to integrate with an LDAP compliant directory (Active Directory, etc). Our design REQUIRES us replicate the users/groups (not passwords) from the LDAP directory into a separate database (I won't go into the reasons for this here).

每隔一段时间，我们的计划是通过LDAP查询目录，提取所有用户/组信息，并将其与我们拥有的同步.第一次命中将要求我们获得一切，但是如果有一种方法可以查询自上次检查以来已发生更改的所有内容，则后续请求可能会效率更高.

On some interval our plan is to query the directory through LDAP, pull all the user/group information, and sync that with what we have. The first hit would require we get everything, but subsequent requests could be much more efficient if there is a way to query for everything that has changed since the last time we checked.

LDAP是否支持这种类型的只是告诉我已更改的内容"类型的机制?而且，如果是，那么LDAP查询会是什么样?

Does LDAP support this type of "just give me what has changed" type of mechanism? And, if yes, what would the LDAP query look like?

推荐答案

您将使用以下内容:

(&(objectClass=User)(objectCategory=person)(whenChanged>=20160406000000.0Z))

请注意，日期格式以YYYYMMDD开头.

Notice that the format of the date starts with YYYYMMDD.

whenChanged 属性在所有域控制器上都不会相同，因为 whenChanged 本身不会复制，但是随着所做的更改被复制，它会在每个DC上更新.请参阅此处，以获取对此的解释

The whenChanged attribute won't be the same on all domain controllers since whenChanged itself does not replicate, but it gets updated on each DC as whatever change was made replicates. See here for an explanation of that.

还请注意，用户登录的行为将更新 whenChanged 日期.

Also note that the act of a user logging in will update the whenChanged date.

这篇关于LDAP查询更改的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！