Win32::AD::Control::DirSync - LDAPv3 DirSync control wrapper for Net::LDAP
use Net::LDAP; use Win32::AD::Constant qw(LDAP_CONTROL_DIRSYNC LDAP_DIRSYNC_ANCESTORS_FIRST_ORDER); use Win32::AD::Control::DirSync; my $timeout = 10; my $ldap = Net::LDAP->new( 'domain_controller_name' ) or die "$@"; my $mesg = $ldap->bind( 'domain_user_name', password => 'user_pwd') or die $@; my $reqDirSync = Win32::AD::Control::DirSync->new( flags => LDAP_DIRSYNC_ANCESTORS_FIRST_ORDER, maxAttrCnt => 100) or die "$@"; for(my $i=1; $i<10; $i++) { $do_more = 1; while($do_more) { $mesg = $ldap->search( base => "dc=somedomain,dc=com", control => [ $reqDirSync ], filter => "(&(objectClass=user))", ) or die $@; $mesg->code && die $mesg->error; $_->dump for grep {ref($_) eq 'Net::LDAP::Entry'} $mesg->entries; # DirSync control should be included in the response. if(my ($respDirSync) = $mesg->control(LDAP_CONTROL_DIRSYNC)) { $reqDirSync->cookie($respDirSync->cookie); $do_more = $respDirSync->moreData; } else { die "There is no DirSync control in the response."; } } sleep($timeout); } $mesg = $ldap->unbind;
Win32::AD::Control::DirSync provides an interface for the creation and manipulation of objects that represent the DirSync control, used to synchronize with Active Directory(r).
Win32::AD::Control::DirSync
DirSync
DirSync control description: http://msdn.microsoft.com/library/default.asp?url=/library/en-us/ldap/ldap/ldap_server_dirsync_oid.asp
Using DirSync for synchronizing with AD: http://msdn.microsoft.com/library/default.asp?url=/library/en-us/ad/ad/polling_for_changes_using_the_dirsync_control.asp
Other AD-synchronizing techniques: http://msdn.microsoft.com/library/default.asp?url=/library/en-us/ad/ad/tracking_changes.asp
In addition to the constructor arguments described in Net::LDAP::Control the following are provided.
This can be zero or a combination of one or more of the following values:
LDAP_DIRSYNC_OBJECT_SECURITY (1)
Windows Server 2003: If this flag is not present, the caller must have the replicate changes right. If this flag is present, the caller requires no rights, but can only view objects and attributes accessible to the caller.
Windows 2000 Server: Not supported.
LDAP_DIRSYNC_ANCESTORS_FIRST_ORDER (2048)
Return parent objects before child objects, when parent objects would otherwise appear later in the replication stream.
LDAP_DIRSYNC_PUBLIC_DATA_ONLY (8192)
Do not return private data in the search results.
LDAP_DIRSYNC_INCREMENTAL_VALUES (2147483648)
Windows Server 2003: If this flag is not present, all of the values, up to a server-specified limit, in a multi-valued attribute are returned when any value changes. If this flag is present, only the changed values are returned.
Specifies the maximum number of attributes to return. This value may also be used to limit the amount of data returned.
The value to use as the cookie. This is not normally set when an object is created, but is set from the cookie value returned by the server. This associates a search with a previous search, so it allows to incrementally get changes from the server.
Contains a non-zero value if there is more data to retrieve or zero if there is no more data to retrieve. If this member contains a non-zero value, a subsequent search should be performed with the Cookie of this data to retrieve the next block of results. This method is allowed for DirSync controls from response message only.
As with Net::LDAP::Control each constructor argument described above is also available as a method on the object which will return the current value for the attribute if called without an argument, and set a new value for the attribute if called with an argument.
Net::LDAP, Net::LDAP::Control, Net::LDAP::Constant, http://msdn.microsoft.com/library/default.asp?url=/library/en-us/ldap/ldap/ldap_server_dirsync_oid.asp http://msdn.microsoft.com/library/default.asp?url=/library/en-us/ad/ad/polling_for_changes_using_the_dirsync_control.asp http://msdn.microsoft.com/library/default.asp?url=/library/en-us/ad/ad/tracking_changes.asp
Alexey Kravchuk <ak2@smr.ru>, based on Net::LDAP::Control::Page from Graham Barr <gbarr@pobox.com>.
Copyright (c) 2005 Alexey Kravchuk. All rights reserved. This program is free software; you can redistribute it and/or modify it under the same terms as Perl itself.
To install Win32::AD::Control::DirSync, copy and paste the appropriate command in to your terminal.
cpanm
cpanm Win32::AD::Control::DirSync
CPAN shell
perl -MCPAN -e shell install Win32::AD::Control::DirSync
For more information on module installation, please visit the detailed CPAN module installation guide.