I need to sync users and groups from LDAP server. Currently only Active Directory is required.
I've looked at whenChanged attribute as suggested here. But it will be tricky to detect delete operations, I guess.
Are there any protocols to do that, standard or AD specific?
Currently my "TODO" consists of: AD dirSync, AD Connect, RFC4533 (LDAP Sync Operation), RH syncRepl. Additional pointers are appreciated!
For Microsoft Active Directory use of the LDAP_SERVER_DIRSYNC_OID control is the correct method.
You can Google for examples of its use.