View modified entries in LDAPusing UnboundId api

Question

Here is the requirement I want to see modified entries in LDAP which have been modified at the LDAP server side. Is there any API or code in Unboundid API so I can see modified entries in LDAP?

Answer 1

Although your question isn't exactly clear, I assume that you're asking if there is a way to detect changes to data in the directory server, either as they occur or sometime after the fact. There are a number of ways to accomplish this, although the solution that is best for you will depend on what capabilities are offered by the server you're using, the volume of changes in the server, and your specific requirements.

• If the server you are using supports the content synchronization control (com.unboundid.ldap.sdk.controls.ContentSyncRequestControl), then this may be a very useful way to obtain information about entries as changes occur and also changes that may have been processed while your search was not active.

• If you want to be notified of updated entries in real time, you could use a persistent search (com.unboundid.ldap.sdk.controls.PersistentSearchRequestControl). If your server supports this, then you can use this to have the server send your client entries targeted by add, delete, modify, and/or modify DN operations as the changes are processed. However, this option isn't all that great for cases in which you may have a high volume of changes, or for detecting changes that might have been processed while the persistent search was not active.

• If you're using Active Directory, then the DirSync control (com.unboundid.ldap.sdk.experimental.ActiveDirectoryDirSyncControl) may be useful for detecting changes.

• If the server you are using provides an LDAP changelog, then you can periodically poll it to retrieve new changelog entries (com.unboundid.ldap.sdk.ChangeLogEntry) that provide information about changes processed in the server. You could potentially use this in conjunction with a persistent search on the changelog to retrieve notification of changes as they are processed while also having the ability to pick up where you left off if the search is interrupted.

• If all else fails, you may be able to use range searches targeting the createTimestamp and/or modifyTimestamp attributes to identify entries created and/or updated after a specified time.

You will probably want to check with your directory server vendor to determine whether they provide any alternate mechanisms for detecting changes, or if they have any recommendations about which of these approaches is best suited to your needs.