Method and system for incorporating filtered roles in a directory system
First Claim
1. A method of grouping entries in a directory server, said directory server configured to contain roles, the method comprising the step of:
- selecting entries that match an LDAP filter within a subtree specification.
3 Assignments
0 Petitions
Accused Products
Abstract
Role is a comprehensive grouping mechanism. In a client-server directory system, roles transfer some of the complexity to the directory server. A role is defined by its role definition entry. Assigning entries to roles enables applications to locate the roles of an entry, rather than select a group and browse the members list. Additionally, roles allow for support of computed attribute values, and server-performed membership verification for clients.
Several types of roles are disclosed herein. The difference between the role types relates to their capabilities, which in turn derive from how they are implemented. When a client application wishes to identify all entries with some characteristic, e.g., everyone who is a manager and works in a designated building, a filtered role—which uses an LDAP filter in order to search a designated portion of the directory system and to identify those entries that possess the characteristics described in filter—is used.
-
Citations
22 Claims
-
1. A method of grouping entries in a directory server, said directory server configured to contain roles, the method comprising the step of:
selecting entries that match an LDAP filter within a subtree specification. - View Dependent Claims (2, 3, 4, 5)
-
6. A method of determining the membership of entries that match an LDAP filter within a directory system, the method comprising the steps of:
-
receiving a query from a client computer, said client computer specifying a filter definition and a subtree specification;
applying the filter definition to entries to determine if the entries possess a particular role; and
matching all entries within the specified subtree with the defined filter. - View Dependent Claims (7, 8, 9, 10, 11)
-
-
12. An apparatus comprising,
a directory server, said directory server configured to contain roles; a component coupled to the directory server and configured to select entries that match an LDAP filter within a subtree specification. - View Dependent Claims (13, 14, 15, 16)
-
17. An apparatus comprising,
a directory server, said directory server configured to comprise entries that possess roles; a first component coupled to the directory server, said first component configured to determine the membership of entries that match an LDAP filter within a directory server, the first component further comprising;
a second component configured to receive a query from a client computer, said client computer specifying a filter definition and a subtree specification;
a third component configured to apply the LDAP filter definition to entries to determine if the entries possess a particular role; and
a fourth component configured to match all entries within the specified subtree with the defined filter. - View Dependent Claims (18, 19, 20, 21, 22)
Specification