View on
MetaCPAN is shutting down
For details read Perl NOC. After June 25th this page will redirect to
Alexey Kravchuk > Win32-AD-Control-DirSync > Win32::AD::Control::DirSync



Annotate this POD

View/Report Bugs
Module Version: 0.01   Source  


Win32::AD::Control::DirSync - LDAPv3 DirSync control wrapper for Net::LDAP


 use Net::LDAP;
 use Win32::AD::Constant qw(LDAP_CONTROL_DIRSYNC
 use Win32::AD::Control::DirSync;

 my $timeout = 10;

 my $ldap = Net::LDAP->new( 'domain_controller_name' )  or die "$@";

 my $mesg = $ldap->bind( 'domain_user_name', password => 'user_pwd')            or die $@;

 my $reqDirSync = Win32::AD::Control::DirSync->new(
                flags           => LDAP_DIRSYNC_ANCESTORS_FIRST_ORDER,
                maxAttrCnt      => 100)         or die "$@";

 for(my $i=1; $i<10; $i++) {
        $do_more = 1;

        while($do_more) {
                $mesg = $ldap->search(  base    => "dc=somedomain,dc=com",
                                        control => [ $reqDirSync ],
                                        filter  => "(&(objectClass=user))",
                                     ) or die $@;
                $mesg->code && die $mesg->error;

                $_->dump for grep {ref($_) eq 'Net::LDAP::Entry'} $mesg->entries;

                # DirSync control should be included in the response.
                if(my ($respDirSync) = $mesg->control(LDAP_CONTROL_DIRSYNC)) {

                        $do_more = $respDirSync->moreData;

                } else {
                        die "There is no DirSync control in the response.";
 $mesg = $ldap->unbind; 


Win32::AD::Control::DirSync provides an interface for the creation and manipulation of objects that represent the DirSync control, used to synchronize with Active Directory(r).

DirSync control description:

Using DirSync for synchronizing with AD:

Other AD-synchronizing techniques:


In addition to the constructor arguments described in Net::LDAP::Control the following are provided.


This can be zero or a combination of one or more of the following values:

    • Windows Server 2003: If this flag is not present, the caller must have the replicate changes right. If this flag is present, the caller requires no rights, but can only view objects and attributes accessible to the caller.
    • Windows 2000 Server: Not supported.

    Return parent objects before child objects, when parent objects would otherwise appear later in the replication stream.


    Do not return private data in the search results.

    • Windows Server 2003: If this flag is not present, all of the values, up to a server-specified limit, in a multi-valued attribute are returned when any value changes. If this flag is present, only the changed values are returned.
    • Windows 2000 Server: Not supported.

Specifies the maximum number of attributes to return. This value may also be used to limit the amount of data returned.


The value to use as the cookie. This is not normally set when an object is created, but is set from the cookie value returned by the server. This associates a search with a previous search, so it allows to incrementally get changes from the server.



Contains a non-zero value if there is more data to retrieve or zero if there is no more data to retrieve. If this member contains a non-zero value, a subsequent search should be performed with the Cookie of this data to retrieve the next block of results. This method is allowed for DirSync controls from response message only.

As with Net::LDAP::Control each constructor argument described above is also available as a method on the object which will return the current value for the attribute if called without an argument, and set a new value for the attribute if called with an argument.


Net::LDAP, Net::LDAP::Control, Net::LDAP::Constant,


Alexey Kravchuk <>, based on Net::LDAP::Control::Page from Graham Barr <>.


Copyright (c) 2005 Alexey Kravchuk. All rights reserved. This program is free software; you can redistribute it and/or modify it under the same terms as Perl itself.

syntax highlighting: