The Perl Toolchain Summit needs more sponsors. If your company depends on Perl, please support this very important event.
 / 
Win32-AD-Control-DirSync-0.01
River stage zero No dependents
++
/ Win32::AD::Control::DirSync

NAME

Win32::AD::Control::DirSync - LDAPv3 DirSync control wrapper for Net::LDAP

SYNOPSIS

 use Net::LDAP;
 use Win32::AD::Constant qw(LDAP_CONTROL_DIRSYNC
                            LDAP_DIRSYNC_ANCESTORS_FIRST_ORDER);
 use Win32::AD::Control::DirSync;

 my $timeout = 10;

 my $ldap = Net::LDAP->new( 'domain_controller_name' )  or die "$@";

 my $mesg = $ldap->bind( 'domain_user_name', password => 'user_pwd')            or die $@;

 my $reqDirSync = Win32::AD::Control::DirSync->new(
                flags           => LDAP_DIRSYNC_ANCESTORS_FIRST_ORDER,
                maxAttrCnt      => 100)         or die "$@";

 for(my $i=1; $i<10; $i++) {
        $do_more = 1;

        while($do_more) {
 
                $mesg = $ldap->search(  base    => "dc=somedomain,dc=com",
                                        control => [ $reqDirSync ],
                                        filter  => "(&(objectClass=user))",
                                     ) or die $@;
 
                $mesg->code && die $mesg->error;

                $_->dump for grep {ref($_) eq 'Net::LDAP::Entry'} $mesg->entries;

                # DirSync control should be included in the response.
                if(my ($respDirSync) = $mesg->control(LDAP_CONTROL_DIRSYNC)) {

                        $reqDirSync->cookie($respDirSync->cookie);
                  
                        $do_more = $respDirSync->moreData;

                } else {
                        die "There is no DirSync control in the response.";
                }
        }
        sleep($timeout);
 }
 
 $mesg = $ldap->unbind;

DESCRIPTION

Win32::AD::Control::DirSync provides an interface for the creation and manipulation of objects that represent the DirSync control, used to synchronize with Active Directory(r).

DirSync control description: http://msdn.microsoft.com/library/default.asp?url=/library/en-us/ldap/ldap/ldap_server_dirsync_oid.asp

Using DirSync for synchronizing with AD: http://msdn.microsoft.com/library/default.asp?url=/library/en-us/ad/ad/polling_for_changes_using_the_dirsync_control.asp

Other AD-synchronizing techniques: http://msdn.microsoft.com/library/default.asp?url=/library/en-us/ad/ad/tracking_changes.asp

CONSTRUCTOR ARGUMENTS

In addition to the constructor arguments described in Net::LDAP::Control the following are provided.

flags

This can be zero or a combination of one or more of the following values:

  • LDAP_DIRSYNC_OBJECT_SECURITY (1)

    • Windows Server 2003: If this flag is not present, the caller must have the replicate changes right. If this flag is present, the caller requires no rights, but can only view objects and attributes accessible to the caller.

    • Windows 2000 Server: Not supported.

  • LDAP_DIRSYNC_ANCESTORS_FIRST_ORDER (2048)

    Return parent objects before child objects, when parent objects would otherwise appear later in the replication stream.

  • LDAP_DIRSYNC_PUBLIC_DATA_ONLY (8192)

    Do not return private data in the search results.

  • LDAP_DIRSYNC_INCREMENTAL_VALUES (2147483648)

    • Windows Server 2003: If this flag is not present, all of the values, up to a server-specified limit, in a multi-valued attribute are returned when any value changes. If this flag is present, only the changed values are returned.

    • Windows 2000 Server: Not supported.

maxAttrCnt

Specifies the maximum number of attributes to return. This value may also be used to limit the amount of data returned.

The value to use as the cookie. This is not normally set when an object is created, but is set from the cookie value returned by the server. This associates a search with a previous search, so it allows to incrementally get changes from the server.

METHODS

moreData

Contains a non-zero value if there is more data to retrieve or zero if there is no more data to retrieve. If this member contains a non-zero value, a subsequent search should be performed with the Cookie of this data to retrieve the next block of results. This method is allowed for DirSync controls from response message only.

As with Net::LDAP::Control each constructor argument described above is also available as a method on the object which will return the current value for the attribute if called without an argument, and set a new value for the attribute if called with an argument.

SEE ALSO

Net::LDAP, Net::LDAP::Control, Net::LDAP::Constant, http://msdn.microsoft.com/library/default.asp?url=/library/en-us/ldap/ldap/ldap_server_dirsync_oid.asp http://msdn.microsoft.com/library/default.asp?url=/library/en-us/ad/ad/polling_for_changes_using_the_dirsync_control.asp http://msdn.microsoft.com/library/default.asp?url=/library/en-us/ad/ad/tracking_changes.asp

AUTHOR

Alexey Kravchuk <ak2@smr.ru>, based on Net::LDAP::Control::Page from Graham Barr <gbarr@pobox.com>.

COPYRIGHT

Copyright (c) 2005 Alexey Kravchuk. All rights reserved. This program is free software; you can redistribute it and/or modify it under the same terms as Perl itself.