Directory Synchronization (DirSync)

Active Directory provides its own control for tracking changes in the directory. Note the following constraints when configuring your search:

baseDN must be the root of a directory partition, which can be a domain partition, the configuration partition, or the schema partition
scope must be the entire subtree of the partition
filter any valid search filter
attributes list of attributes to be returned when a change occurs

The DirSyncControl should be sent along with the ExtendedDnControl and the ShowDeletedControl. The DirSyncClient class encapsulates this behavior. Note that this example uses the DefaultCookieManager. Implementers will most likely want to provide a custom implementation of CookieManager to handle persistence of cookie data.


Connection conn = DefaultConnectionFactory.getConnection("ldap://");
try { BindRequest("cn=manager,ou=people,dc=ldaptive,dc=org", new Credential("manager_password")));
  DirSyncClient client = new DirSyncClient(
    conn, new DirSyncControl.Flag[] {DirSyncControl.Flag.ANCESTORS_FIRST_ORDER, });
  SearchRequest request = new SearchRequest("dc=ldaptive,dc=org", "(uid=*)");
  Response<SearchResult> response = client.executeToCompletion(request, new DefaultCookieManager());
  for (LdapEntry entry : response.getResult().getEntries()) {
    // do something useful with the entry
} finally {