Hello everyone,
I’m working on an integration where I need to retrieve the eruid of a user modified in Active Directory and send it to a webhook whenever a change occurs.
So far, I implemented change detection in SDI using the Directory Server ChangelogConnector. This approach works well when user attributes are modified, since the changelog event refers directly to the user object and the eruid can be obtained without issues.
The challenge appears with group membership changes. When a user is added to or removed from a group in AD, the changelog event is generated for the group object, not for the user. In this scenario, the connector returns only the group attributes, and the user is present only as a DN value in attributes such as member.
Because of this behavior, I’m unable to directly retrieve the user’s eruid from the changelog event in order to send it to the webhook.
At this point, I would like to understand:
Whether there is any supported way for the ChangelogConnector to provide the user’s eruid in group membership changes, or
If the recommended approach is to perform an additional LDAP lookup using the member DN returned in the group event before calling the webhook, or
If there is another connector or architectural pattern that is better suited for this requirement.
Any advice or shared experience would be very helpful.
Thank you.