Securing lightweight directory access protocol traffic
First Claim
Patent Images
1. A method comprising:
- monitoring data for communication, via a lightweight directory access protocol (LDAP), between a plurality of computing devices such that each said computing device is not aware of the monitoring; and
determining whether an LDAP action specified in the data is permitted according to one or more policies, and if not, restricting completion of the LDAP action.
2 Assignments
0 Petitions
Accused Products
Abstract
Lightweight directory access protocol (LDAP) management is described. In an implementation, a method includes intercepting data, configured according to a lightweight directory access protocol (LDAP), for communication between a client and a server. One or more polices are applied to the data to determine whether performance of an LDAP action specified in the data is permitted. When the performance is not authorized, the LDAP action is modified such that performance of the modified LDAP action is permitted.
33 Citations
89 Claims
-
1. A method comprising:
-
monitoring data for communication, via a lightweight directory access protocol (LDAP), between a plurality of computing devices such that each said computing device is not aware of the monitoring; and
determining whether an LDAP action specified in the data is permitted according to one or more policies, and if not, restricting completion of the LDAP action. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20)
-
-
21. A method comprising:
-
intercepting data for communication between a client and a server, wherein the data is configured according to a lightweight directory access protocol (LDAP);
applying one or more polices to the request to determine whether performance of an LDAP action specified in the request is permitted; and
when the performance is not authorized, modifying the LDAP action such that performance of the modified LDAP action is permitted. - View Dependent Claims (22, 23, 24, 25, 26, 27, 28, 29)
-
-
30. A method comprising executing a lightweight directory access protocol (LDAP) filter module to:
-
determine whether a response is authorized for communication from a server to a client, wherein;
the response is configured according to the LDAP; and
the determination is performed utilizing one or more policies; and
when the response is authorized, communicate the response such that the client is not aware of the determination. - View Dependent Claims (31, 32, 33, 34, 35, 36)
-
- 37. One or more computer readable media comprising computer executable instructions that, when executed on a computer, direct the computer to transparently manage lightweight directory access protocol (LDAP) traffic communicated via a network between a plurality of computing devices such that at least one said computing device is not aware of the management.
-
41. A system comprising:
-
a directory containing data arranged according to a lightweight directory access protocol (LDAP);
one or more applications that are executable to form a request to perform an action, wherein the request is configured in accordance with the LDAP to interact with the data in the directory; and
an LDAP filter module that is executable to manage traffic between the one or more applications and the directory according to one or more policies which define permissible LDAP actions. - View Dependent Claims (42, 43, 44, 45, 46, 47)
-
-
48. A computing device comprising:
-
a processor; and
memory configured to maintain;
one or more policies, each of which defining one or more conditions for performing at least one corresponding lightweight directory access protocol (LDAP) operation; and
one or more modules that are executable on the processor to;
determine whether a request is authorized according to at least one said policy; and
when the request is authorized, communicate the request such that the client is not aware of the determination. - View Dependent Claims (49, 50, 51, 52, 53, 54)
-
-
55. A method comprising:
-
exposing a user interface suitable for receiving inputs from a user that specify whether execution of a particular lightweight directory access protocol (LDAP) action is permitted; and
configuring a policy, based on the inputs, for managing lightweight directory access protocol (LDAP) traffic on a network. - View Dependent Claims (56, 57, 58, 59, 60, 61, 62, 63, 64, 65, 66, 67, 68)
-
- 69. One or more computer readable media comprising computer executable instructions that, when executed on a computer, direct the computer to output a user interface for configuring a policy for managing lightweight directory access protocol (LDAP) traffic on a network, wherein the user interface, when output, is configured to enable a user to indicate whether performance of an LDAP operation is permitted and to indicate whether performance of a particular LDAP operation on a particular LDAP object is permitted.
-
71. A system comprising:
-
one or more modules configured to output a user interface for configuring a policy that defines permissible traffic over a network utilizing a lightweight directory access protocol; and
at least one module configured to manage LDAP traffic according to the configured policy. - View Dependent Claims (72, 73, 74, 75, 76)
-
-
77. A computing device comprising:
-
a processor; and
memory configured to maintain one or more modules that are executable to output a user interface having a plurality of descriptions which are selectable by a user to configure a policy for managing lightweight directory access protocol (LDAP) traffic over a network. - View Dependent Claims (78, 79, 80, 81, 82, 83, 84, 85, 86, 87, 88, 89)
-
Specification