0

I have a code like this for user creation:

AddRequest addRequest = new AddRequest(...
...
LDAPResult addResult = ldapConnectionPool.add(addRequest)

Is there way to get ObjectGUID from addResult field ?

Or maybe there is a way to generate this ObjectGUID on the client side and send as an argument ?

gstackoverflow
  • 36,709
  • 117
  • 359
  • 710

1 Answers1

1

Not possible with basic LDAP – 'Add' operation results do not return any data from the server to client, only a success/error code.

There are LDAP extensions, namely the "postRead" control, that would allow this – an add/modify operation with the postRead control would return the whole resulting entry – but Active Directory does not support them. (I think only OpenLDAP does.) As you're talking about ObjectGUID rather than entryUUID, I assume you're using AD rather than OpenLDAP.

So you will need to make a separate search for the DN that you just added and retrieve the objectGUID that way.

user1686
  • 13,155
  • 2
  • 35
  • 54
  • Actually my backend is Samba. What is your opinion about performance ? we will need to make additional Ldap request every time we create an entry – gstackoverflow Jul 26 '23 at 14:44
  • Samba is still AD; it doesn't use OpenLDAP (it implements its own LDAP server), and as far as I know, it does not implement any LDAP extensions that MS AD doesn't have. – user1686 Jul 26 '23 at 14:51
  • As for performance, if it's just one entry, live with it; if it's multiple entries, use async operations (pipelining) – issue a bunch of add operations at once and collect their results; issue a bunch of search operations and collect results. (And, suggest your Samba server admins to consider switching the DB backend to LMDB – it's said that it offers much better performance than Samba's traditional tdb/LDB.) – user1686 Jul 26 '23 at 14:53