Re: [ldap-sdk-discuss] LDAP SDK Java question
A Java-based LDAP API
Brought to you by:
dirmgr,
kennethleo
Menu
▾
▴
Re: [ldap-sdk-discuss] LDAP SDK Java question
|
From: Neil A. W. <nei...@un...> - 2016-09-27 14:13:06
|
On 09/27/2016 08:35 AM, Kasim Doctor wrote: > Hi Neil, > > When you say * UnboundID Directory Server, *does it imply that the > UnboundId LDAP Java SDK is also guaranteed to return superior entries > before subordinate entries ? > > The reason I am asking is because I am using the UnboundId LDAP Java SDK to > fetch OUs from Microsoft Active Directory. > > As always, your input here is utmost valuable. No, when I say "UnboundID Directory Server", I mean the commercial LDAP server product that UnboundID sells. The LDAP SDK always makes search result entries available in the order that the directory server returns them. The only way that the LDAP SDK can change the order of search results is to include some special control in the search request, like the server-side sort control, that tells the server that you want a special order. As I said before, I do expect that most LDAP servers return results in order of parents before children, but I can't guarantee that for any server other than the one that UnboundID sells because that's the only one I have any control over, and the official LDAP specification does say that entries can be returned in any order. If you think that the server you're using might return entries in an order that allows a child to be returned before its parent, then you might need to have some special handling to avoid that, like sorting the entries on the client side using the EntrySorter class that I mentioned earlier. > > Thanks, > Kasim > > On Tue, Sep 20, 2016 at 1:01 PM, Neil A. Wilson <nei...@un...> > wrote: > >> On 09/20/2016 08:45 AM, Kasim Doctor wrote: >>> Hi Neil, >>> >>> Thanks for your quick reply. >>> >>> >>> >>> *I know that with the UnboundID Directory Server, we do guarantee that >>> superior entries will be returned before any of their subordinates, with >>> only a couple of exceptions (for example, searches including the >>> server-side sort or persistent search request control)* >>> Can you please point me to a spec/Javadoc for the above statement ? >>> >>> Thanks, >>> Kasim >> >> There certainly isn't anything in the LDAP SDK javadoc that would make >> that statement. I'm not sure if that statement appears in the UnboundID >> Directory Server documentation, but that isn't currently publicly >> available. >> >> Nevertheless, I am the lead developer for the UnboundID Directory >> Server, and I can assure you that we do guarantee that the UnboundID >> Directory Server will return superior entries before subordinates unless >> the search request includes something special that would alter the order >> in which those entries are returned. >> >> >> >> >>> >>> On Mon, Sep 19, 2016 at 4:46 PM, Neil A. Wilson < >> nei...@un...> >>> wrote: >>> >>>> On 09/19/2016 12:21 PM, Kasim Doctor wrote: >>>>> Hi there, >>>>> >>>>> I am playing around with the LDAP Java SDK API to get a list of OUs >> from >>>> a >>>>> source directory. >>>>> >>>>> I searched everywhere but can't seem to find the answer to the >> following >>>>> question: >>>>> >>>>> When I get the list of OUs, what guarantee is there that the parent OUs >>>> are >>>>> returned before the child OUs are returned ? >>>>> >>>>> Please let me know if there is a spec somewhere for this >>>>> >>>>> Thanks, >>>>> Kasim >>>> >>>> >>>> There is no specification that requires a superior entry to be returned >>>> in search results before its subordinates. In fact, RFC 4511 section >>>> 4.5.2 states "The SearchResultEntry and SearchResultReference messages >>>> may come in any order.", so it would be legal for subordinate entries to >>>> be returned before their superiors. >>>> >>>> However, I expect that most LDAP servers do try to return superior >>>> entries before subordinates. I know that with the UnboundID Directory >>>> Server, we do guarantee that superior entries will be returned before >>>> any of their subordinates, with only a couple of exceptions (for >>>> example, searches including the server-side sort or persistent search >>>> request control). I can't speak definitively for other directory >>>> servers, but I expect that most servers do try to maintain this ordering >>>> under normal circumstances. >>>> >>>> If you're really paranoid about this, and if you expect that your search >>>> won't return a large number of entries, you can have the LDAP SDK sort >>>> the results for you, and you can specify that the sorting should order >>>> each entry first based on its position in the hierarchy and then based >>>> on its content. See the EntrySorter >>>> (https://docs.ldap.com/ldap-sdk/docs/javadoc/index.html? >>>> com/unboundid/ldap/sdk/EntrySorter.html) >>>> class for more information. However, client-side sorting can only be >>>> done if you can hold all of the entries in memory, so you shouldn't do >>>> this if you think there might be a large number of matching entries. >>>> >>>> >>>> Neil >>>> >>>> >>>> >>> >> >> >> > |
