Method and system for grouping entries in a directory server by group memberships defined by roles

US 20030105742A1
Filed: 05/29/2001
Published: 06/05/2003
Est. Priority Date: 05/29/2001
Status: Active Grant

First Claim

Patent Images

1. A directory server comprising:

at least one role, said role defined as an entry grouping mechanism, wherein a role is uniquely defined by distinguishing name (DN) of its defining entry.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Role is a comprehensive grouping mechanism. In a client-server directory system, roles transfer some of the complexity to the directory server. A role is defined by its role definition entry. Assigning entries to roles enables applications to locate the roles of an entry, rather than select a group and browse the members list. Additionally, roles allow for support of generated attribute values, and directory server-performed membership verification for clients. By changing a role definition, a user can change an entire organization with ease. Any client with appropriate access privileges can discover, identify and examine any role definition.

173 Citations

23 Claims

1. A directory server comprising:
- at least one role, said role defined as an entry grouping mechanism, wherein a role is uniquely defined by distinguishing name (DN) of its defining entry.
- View Dependent Claims (2)
- - 2. The directory server as in claim 1, wherein the defining entry is nsRole, which comprises one or more distinguishing names.

3. A method of grouping a plurality of entries in a directory server, the method comprising the step of:
- assigning at least one role to a first entry, said at least one role being an entry grouping mechanism defined by distinguishing name of its defining entry.
- View Dependent Claims (4)
- - 4. The method as in claim 3, wherein the defining entry is nsRole, which comprises one or more distinguishing names.

5. A method for searching an entry in a directory server, the directory server storing a plurality of entries, at least one of the plurality of entries possessing at least one role, said role being an entry grouping mechanism defined by distinguishing name of its defining entry, the method comprising the steps of:
- receiving a request to enumerate role membership for a particular role;
  
  comparing a plurality of entries stored in the directory server by checking a predetermined role attribute for the particular role; and
  
  returning the result of the comparison.
- View Dependent Claims (6)
- - 6. The method of claim 5, further comprising the step of:
    - assigning at least one role to a first entry in the directory server, said at least one role being an entry grouping mechanism defined by distinguishing name of its defining entry.

7. A data processing system for searching for checking entries in a directory server for role membership, the system comprising:
- a CPU;
  
  a memory coupled to the CPU, the memory storing a directory comprising a plurality of entries, each said entry being associated with a role containing a predefined role attribute;
  
  wherein the memory stores a search program which is executable by the CPU to check role membership by searching the predefined role attribute; and
  
  to return the result of the search if any entries possess the role.

8. In a directory system comprising a client computer configured to execute applications to perform membership verification in a directory communicatively coupled to a server computer, the directory server storing a plurality of entries, a method of reducing client-side complexity in searching for a particular entry, the method comprising the steps of:
- configuring the server computer to assign at least one role to a subset of the plurality of entries, said at least one role being an entry grouping mechanism defined by distinguishing name of its defining entry.

9. A computer program product comprising a computer readable medium having computer readable code embodied therein for processing data in a directory server by:
- receiving a request for enumerating role membership for a particular role;
  
  comparing a plurality of entries stored in the directory server by checking a predetermined role attribute; and
  
  returning the result of the comparison.
- View Dependent Claims (10, 11)
- - 10. The method of claim 9, further comprising the step of:
    - providing a set of expressions and boolean operations for use in a directory search.
  - 11. The method of claim 10, wherein the expressions comprise any one or more of operands connected by the operators,

12. A method for use in connection with application and network services to provide a directory service that defines roles for directory members, the method comprising the steps of:
- defining a directory search specification for a role based on user attribute information, where said role can be possessed by any set of members and in which roles possessed by users are defined by the directory search specification;
  
  evaluating said directory search specification at service delivery time;
  
  determining whether information maintained in a directory matches said directory search specification; and
  
  delivering said service.
- View Dependent Claims (13, 14)
- - 13. The method of claim 12, further comprising the step of:
    - providing a set of expressions and boolean operations for use in a directory search.
  - 14. The method of claim 13, wherein the expressions comprise any one or more of operands connected by the operators,

15. A method of configuring a directory server comprising a plurality of entries, the method comprising the steps of:
- defining a computed attribute for an entry;
  
  assigning a value to the computed attribute, whereby said entry is capable of being grouped with other entries that have the same or a similar value for the computed attribute; and
  
  configuring the directory server software to perform search operations, thereby reducing complexity in a client program that accesses the directory server.
- View Dependent Claims (16, 17)
- - 16. The method of claim 15, further comprising the step of:
    - providing a set of expressions and boolean operations for use in a directory search.
  - 17. The method of claim 16, wherein the expressions comprise any one or more of operands connected by the operators,

18. A method of computing which roles an entry possesses, said method comprising the steps of:
- validating that the entry meets the criteria to possess a role; and
  
  determining that the entry falls within the scope of the role.

19. A method of determining all roles possessed by an entry in a directory system, the method comprising the steps of:
- examining a computed attribute associated with the entry for a list of values of the computed attribute, and enumerating each value, which is a distinguishing name (DN) representing a role possessed by that entry.

21. A method of obviating the need to examine all groups in a directory system in order to determine the roles possessed by an entry, the method comprising the steps of:
- configuring the directory system to contain roles; and
  
  returning a list of computed values of a computed attribute belonging to the entry, whereby all the roles possessed by the entry are obtained.
- View Dependent Claims (20, 22)
- - 20. The method as in claim 21, wherein the computed attribute is nsRole.
  - 22. The method as in claim 21, wherein the computed attribute is nsRole.

23. In a directory system comprising a plurality of entries and a plurality of roles possessed by the plurality of entries, a method of enumerating the membership of a desired role, the method comprising the steps of:
- locating all roles that are in scope with an entry that possesses the desired role;
  
  iterating over the in-scope roles looking for the entries that possess the desired role;
  
  adding, to an attribute'"'"'s value set, the distinguishing names (DNs) of those entries that possess the desired role.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Oracle America, Inc. (Oracle Corporation)
Original Assignee
Sun Microsystems Incorporated (Oracle Corporation)
Inventors
Rowley, Peter, Boreham, David, Smith, Mark C.

Granted Patent

US 7,130,839 B2
Time in Patent Office

Days
Field of Search
US Class Current

707/2
CPC Class Codes

H04L 41/08   Configuration management of...

H04L 41/0893   Assignment of logical group...

H04L 61/4552   Lookup mechanisms between a...

H04L 61/4555   Directories for electronic ...

Y10S 707/99933   Query processing, i.e. sear...

Method and system for grouping entries in a directory server by group memberships defined by roles

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

173 Citations

23 Claims

Specification

Solutions

Use Cases

Quick Links

Method and system for grouping entries in a directory server by group memberships defined by roles

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

173 Citations

23 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links