问题

我需要从LDAP服务器同步用户和组。目前只需要Active Directory。

我已经查看了whenChanged属性如此处建议的。但是我猜检测删除操作会有些棘手。

是否有任何用于执行此操作的协议，无论是标准还是AD特定的？

目前我的“TODO”包括：AD dirSync，AD Connect，RFC4533（LDAP同步操作），RH syncRepl。欢迎提供其他指引！

英文:

I need to sync users and groups from LDAP server. Currently only Active Directory is required.

I've looked at whenChanged attribute as suggested here. But it will be tricky to detect delete operations, I guess.

Are there any protocols to do that, standard or AD specific?

Currently my "TODO" consists of: AD dirSync, AD Connect, RFC4533 (LDAP Sync Operation), RH syncRepl. Additional pointers are appreciated!

答案1

得分: 1

对于Microsoft Active Directory，使用LDAP_SERVER_DIRSYNC_OID控件是正确的方法。

您可以在Google上查找其使用示例。

英文:

For Microsoft Active Directory use of the LDAP_SERVER_DIRSYNC_OID control is the correct method.

You can Google for examples of its use.

通过集体智慧和协作来改善编程学习和解决问题的方式。致力于成为全球开发者共同参与的知识库，让每个人都能够通过互相帮助和分享经验来进步。