Method and system for incorporating filtered roles in a directory system

US 20030105733A1
Filed: 05/29/2001
Published: 06/05/2003
Est. Priority Date: 05/29/2001
Status: Active Grant

First Claim

Patent Images

1. A method of grouping entries in a directory server, said directory server configured to contain roles, the method comprising the step of:

selecting entries that match an LDAP filter within a subtree specification.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Role is a comprehensive grouping mechanism. In a client-server directory system, roles transfer some of the complexity to the directory server. A role is defined by its role definition entry. Assigning entries to roles enables applications to locate the roles of an entry, rather than select a group and browse the members list. Additionally, roles allow for support of computed attribute values, and server-performed membership verification for clients.

Several types of roles are disclosed herein. The difference between the role types relates to their capabilities, which in turn derive from how they are implemented. When a client application wishes to identify all entries with some characteristic, e.g., everyone who is a manager and works in a designated building, a filtered role—which uses an LDAP filter in order to search a designated portion of the directory system and to identify those entries that possess the characteristics described in filter—is used.

Citations

22 Claims

1. A method of grouping entries in a directory server, said directory server configured to contain roles, the method comprising the step of:
- selecting entries that match an LDAP filter within a subtree specification.
- View Dependent Claims (2, 3, 4, 5)
- - 2. The method as in claim 1 wherein the LDAP filter is defined to be of arbitrary complexity.
  - 3. The method as in claim 1, further comprising the step of:
    - defining an LDAP filter.
  - 4. The method of claim 1, further comprising the step of:
    - providing a set of expressions and boolean operations for use to match entries in a directory search.
  - 5. The method of claim 4, wherein the expressions comprise any one or more of operands connected by the operators,

6. A method of determining the membership of entries that match an LDAP filter within a directory system, the method comprising the steps of:
- receiving a query from a client computer, said client computer specifying a filter definition and a subtree specification;
  
  applying the filter definition to entries to determine if the entries possess a particular role; and
  
  matching all entries within the specified subtree with the defined filter.
- View Dependent Claims (7, 8, 9, 10, 11)
- - 7. The method of claim 6, further comprising the step of:
    - returning any matched entries to the client computer.
  - 8. The method of claim 6, wherein the LDAP filter is defined to be of arbitrary complexity.
  - 9. The method of claim 6, further comprising the step of:
    - defining an LDAP filter.
  - 10. The method of claim 6, further comprising the step of:
    - providing a set of expressions and boolean operations for use to match entries in a directory search.
  - 11. The method of claim 10, wherein the expressions comprise any one or more of operands connected by the operators,

12. An apparatus comprising, a directory server, said directory server configured to contain roles;
- a component coupled to the directory server and configured to select entries that match an LDAP filter within a subtree specification.
- View Dependent Claims (13, 14, 15, 16)
- - 13. The apparatus as in claim 12 wherein the LDAP filter is defined to be of arbitrary complexity.
  - 14. The apparatus as in claim 12, further comprising:
    - a component coupled to the directory server and configured to define an LDAP filter.
  - 15. The apparatus of claim 12, further comprising:
    - a component coupled to the directory server and configured to provide a set of expressions and boolean operations for use to match entries in a directory search.
  - 16. The apparatus of claim 15, wherein the expressions comprise any one or more of operands connected by the operators,

17. An apparatus comprising, a directory server, said directory server configured to comprise entries that possess roles;
- a first component coupled to the directory server, said first component configured to determine the membership of entries that match an LDAP filter within a directory server, the first component further comprising;
  
  a second component configured to receive a query from a client computer, said client computer specifying a filter definition and a subtree specification;
  
  a third component configured to apply the LDAP filter definition to entries to determine if the entries possess a particular role; and
  
  a fourth component configured to match all entries within the specified subtree with the defined filter.
- View Dependent Claims (18, 19, 20, 21, 22)
- - 18. The apparatus of claim 17, further comprising:
    - a fifth component coupled to the directory server and configured to return any matched entries to the client computer.
  - 19. The apparatus of claim 17, wherein the LDAP filter is defined to be of arbitrary complexity.
  - 20. The apparatus of claim 17, further comprising:
    - a sixth component coupled to the directory server and configured to define an LDAP filter.
  - 21. The apparatus of claim 17, further comprising:
    - a seventh component coupled to the directory server and configured to define a set of expressions and boolean operations for use to match entries in a directory search.
  - 22. The apparatus of claim 21, wherein the expressions comprise any one or more of operands connected by the operators,

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Oracle America, Inc. (Oracle Corporation)
Original Assignee
Sun Microsystems Incorporated (Oracle Corporation)
Inventors
Rowley, Peter, Boreham, David, Smith, Mark C.

Granted Patent

US 6,768,988 B2
Time in Patent Office

Days
Field of Search
US Class Current

707/1
CPC Class Codes

G06F 16/10   File systems; File servers

Y10S 707/956   Hierarchical

Y10S 707/99933   Query processing, i.e. sear...

Y10S 707/99939   Privileged access

Method and system for incorporating filtered roles in a directory system

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

Citations

22 Claims

Specification

Solutions

Use Cases

Quick Links

Method and system for incorporating filtered roles in a directory system

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

22 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links