Grouper Developers Forum

[Colin Hudler <>]

On 03/09/2012 03:27 PM, Tom Zeller wrote:

<snip>
> As of now, psp-ldap-to-grouper is cron based full sync. However, just
> as the psp is triggered by the grouper changelog, it seems reasonable
> to trigger the psp via an ldap changelog, e.g. an openldap audit log.
>
> Do you know what the AD changelog looks like ? ldif ?
>
> TomZ
>
>    

Such things are sometimes accomplished with a persistent search[1] 
control. It can be tricky to keep a TCP session open indefinitely, 
and/or careful watchdog that resets it periodically. Moves/deletes can 
be tricky, and some DSA's deal with it differently than others. Full 
sync may still be needed to get complete coverage.

I'm led to believe that AD supports the persist control[2], but I've 
never tried it. Many (all?) of the LDAP DSA's do support it. Right now 
we create groups in grouper neartime from LDAP data by using a 
persistent listener and grouper WS client. Hope this helps.

1. <http://www.ietf.org/proceedings/50/I-D/ldapext-psearch-03.txt>
2. 
<http://msdn.microsoft.com/en-us/library/windows/desktop/ms677626(v=vs.85).aspx>