ATTRIBUTE RULE ENFORCER FOR A DIRECTORY
First Claim
1. An apparatus comprising:
- a rule validator of an attribute rule enforcer for a directory, the rule validator being interposed between a client and a directory access server for providing access to the directory, the rule validator being capable of determining whether an attribute of a client request complies with a first rule governing content of data that is permissible to be forwarded to the directory access server and a second rule governing structure of data that is permissible to be forwarded to the directory access server, the first and second rules including a data addition rule when the request includes a request to add data to the directory, the first and second rules including a data modification rule when the request includes a request to modify data in a directory, and the first and second data rules including a data deletion rule when the request includes a request to delete data from the directory;
the rule validator further being capable of forwarding the request to the directory access server if the attribute complies with one of the first rule and the second rule and being further capable of rejecting the request to the directory access server and returning an error message to a source of the request if the attribute does not comply with the first rule and the second rule; and
a configuration file for use by said rule validator, the configuration file containing a plurality of parameters including one of an add rules parameter, a modify rules parameter, a modrdn parameter where modrdn relates to modifying a relative distinguished name, a delete rules parameter, a log directory parameter, a service port parameter, a debug level parameter and a directory access protocol error parameter.
6 Assignments
0 Petitions
Accused Products
Abstract
An attribute rule enforcer evaluates the attributes of a call to add, modify, or delete information in a directory, such as a lightweight directory access protocol (LDAP) directory. The attribute rule enforcer determines if the attributes of the call comply with predetermined rules governing the directory'"'"'s content. The directory attribute rule enforcer may be located at the front end of the directory'"'"'s access server, and intercepts calls to the directory access server. If the directory attribute rule enforcer determines that the attributes of a call complies with the rules governing the content of the directory, it will forward the call to the directory'"'"'s access server for action. If, on the other hand, the directory attribute rule enforcer determines that the attributes of a call do not comply with the rules governing the content of the directory, the attribute rule enforcer will reject the call. Further, it may forward an appropriate error message to the source of the call.
-
Citations
8 Claims
-
1. An apparatus comprising:
-
a rule validator of an attribute rule enforcer for a directory, the rule validator being interposed between a client and a directory access server for providing access to the directory, the rule validator being capable of determining whether an attribute of a client request complies with a first rule governing content of data that is permissible to be forwarded to the directory access server and a second rule governing structure of data that is permissible to be forwarded to the directory access server, the first and second rules including a data addition rule when the request includes a request to add data to the directory, the first and second rules including a data modification rule when the request includes a request to modify data in a directory, and the first and second data rules including a data deletion rule when the request includes a request to delete data from the directory; the rule validator further being capable of forwarding the request to the directory access server if the attribute complies with one of the first rule and the second rule and being further capable of rejecting the request to the directory access server and returning an error message to a source of the request if the attribute does not comply with the first rule and the second rule; and a configuration file for use by said rule validator, the configuration file containing a plurality of parameters including one of an add rules parameter, a modify rules parameter, a modrdn parameter where modrdn relates to modifying a relative distinguished name, a delete rules parameter, a log directory parameter, a service port parameter, a debug level parameter and a directory access protocol error parameter. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A method of validating rules for use with an attribute rule enforcer for a directory, the method of validating rules comprising:
-
determining whether an attribute of a client request complies with a first rule governing content of data that is permissible to be forwarded to the directory access server and a second rule governing structure of data that is permissible to be forwarded to the directory access server, the first and second rules including a data addition rule when the request includes a request to add data to the directory, the first and second rules including a data modification rule when the request includes a request to modify data in a directory, and the first and second data rules including a data deletion rule when the request includes a request to delete data from the directory; forwarding the request to the directory access server if the attribute complies with one of the first rule and the second rule; and rejecting the request to the directory access server and returning an error message to a source of the request if the attribute does not comply with the first rule and the second rule; and wherein the method of validating rules uses a configuration file, the configuration file containing a plurality of parameters including one of an add rules parameter, a modify rules parameter, a modrdn parameter where modrdn relates to modifying a relative distinguished name, a delete rules parameter, a log directory parameter, a service port parameter, a debug level parameter and a directory access protocol error parameter.
-
Specification