METHOD AND SYSTEM FOR ENFORCING PASSWORD POLICY FOR AN EXTERNAL BIND OPERATION IN A DISTRIBUTED DIRECTORY
First Claim
1. A proxy server for use to facilitate password policy enforcement in a distributed directory that includes a set of directory servers, comprising:
- a processor;
a pre-operation bind plug-in for validating user credentials;
code executable in the processor and responsive to receipt of an external bind request from the pre-operation bind plug-in for initiating a call to a given directory server to perform a bind operation.
1 Assignment
0 Petitions
Accused Products
Abstract
The invention describes techniques for enforcing password policy within a distributed directory environment that includes one or more distributed directory servers and a proxy server that acts as an intermediate agent between a client and the distributed directory environment. In one aspect, the proxy server is enhanced to support the passing (from the backend server to the client) of password policy controls. In particular, controls returned from a backend server are parsed and cached (for re-use) for the life of a given client connection. According to another aspect, the proxy server ensures that all compare operations for a single user'"'"'s password are directed to the same backend server in the distributed directory environment. This insures that a user'"'"'s most current password is used, and that failed operation counts, resets and operational attributes are up-to-date. According to still another aspect, the proxy server enforces password policy on bind plug-ins and, in particular, through a pair of pre-bind and post-bind extended operations. In particular, pre-bind processing includes checking if an account is locked. Post-bind processing includes checking for expired passwords, grace logins and updating failed/successful bind counters.
-
Citations
29 Claims
-
1. A proxy server for use to facilitate password policy enforcement in a distributed directory that includes a set of directory servers, comprising:
-
a processor; a pre-operation bind plug-in for validating user credentials; code executable in the processor and responsive to receipt of an external bind request from the pre-operation bind plug-in for initiating a call to a given directory server to perform a bind operation. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15)
-
-
16. A distributed directory, comprising:
-
a set of directory servers; and a proxy server for enforcing at least one password policy, comprising; a processor; a bind plug-in for validating a user'"'"'s credentials; code executable in the processor and responsive to receipt of an external bind request from the bind plug-in for initiating a call to a given directory server to perform a bind operation. - View Dependent Claims (17, 18, 19, 20, 21, 22, 23)
-
-
24. A method, operative at a proxy server, for enforcing password policy within a distributed directory that includes the proxy server and a set of directory servers, and wherein the proxy server supports at least one pre-operation bind plug-in, the method comprising:
-
in response to receipt from the pre-operation bind plug-in of an external bind request, calling a directory server to perform a bind operation; routing the external bind request to the directory server; receiving a response from the directory server; and forwarding the response to the pre-operation bind plug-in. - View Dependent Claims (25, 26, 27, 28, 29)
-
Specification