Lightweight directory access protocol, (LDAP) trusted processing of unique identifiers
First Claim
1. A computer-implemented method of configuring a unique identifier that may be shared by a plurality of users of a hierarchical directory, the method comprising:
- intercepting a call to access a unique identifier attribute of an entry in the hierarchical directory;
in response to intercepting a call, verifying that a unique identifier specified in the call is unique to the hierarchical directory;
if the unique identifier specified in the call is unique to the hierarchical directory, storing the unique identifier in a trusted unique identifier attribute of the entry in the hierarchical directory; and
setting an access control on the entry so that the entry cannot be modified.
3 Assignments
0 Petitions
Accused Products
Abstract
A trusted process for use with a hierarchical directory service such as LDAP for enabling different security systems to store and retrieve unique identifiers that are shared or common to the entire directory. The trusted process allows LDAP users to store and to retrieve unique identifiers on LDAP using standard LDAP interfaces. It also allows security systems to share unique identifier information. The trusted process generates or verifies a unique identifier, guarantees the uniqueness of a unique identifier within the entire directory (rather than just within a single security system), and guarantees that any unique identifier returned to an LDAP user is a trusted unique identifier.
-
Citations
21 Claims
-
1. A computer-implemented method of configuring a unique identifier that may be shared by a plurality of users of a hierarchical directory, the method comprising:
-
intercepting a call to access a unique identifier attribute of an entry in the hierarchical directory;
in response to intercepting a call, verifying that a unique identifier specified in the call is unique to the hierarchical directory;
if the unique identifier specified in the call is unique to the hierarchical directory, storing the unique identifier in a trusted unique identifier attribute of the entry in the hierarchical directory; and
setting an access control on the entry so that the entry cannot be modified. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A computer-implemented method of managing a unique identifier that may be shared by a plurality of users of an LDAP directory, comprising:
-
storing a unique identifier in a trusted unique identifier attribute of an entry in the LDAP directory;
setting an access control so that the trusted unique identifier attribute cannot be modified; and
notifying users of the LDAP directory that the unique identifier can be obtained by issuing calls to a unique identifier attribute. - View Dependent Claims (11, 12)
intercepting a call to access the unique identifier attribute;
in response to intercepting a call, verifying that a trusted process created an entry or a given object class that contains the trusted unique identifier attribute; and
upon verification, retrieving the unique identifier from the trusted unique identifier attribute.
-
-
12. The method as described in claim 11 further including the step of returning the unique identifier to an entity that issued the call.
-
13. A computer-implemented method of retrieving a unique identifier that may be shared by a plurality of users of an LDAP directory, comprising:
-
intercepting a call to access a unique identifier attribute of an entry in the hierarchical directory;
in response to intercepting a call, verifying that a trusted process created an entry of a given object class that contains a trusted unique identifier attribute;
upon verification, retrieving the unique identifier from the trusted unique identifier attribute; and
returning the unique identifier to an entity that issued the call.
-
-
14. A computer program product useable in an LDAP directory service, comprising:
-
an object class that contains a trusted unique identifier attribute used to store a unique identifier; and
a trusted process for creating a child entry of the object class, for storing the unique identifier in the trusted unique identifier attribute, for setting an access control on the child entry so that the child entry cannot be modified, and for intercepting and processing calls to access a unique identifier attribute. - View Dependent Claims (15, 16, 17)
-
-
18. A computer program product in a computer-useable medium for use in an LDAP directory service, comprising:
-
code for storing a unique identifier in an entry of an object class having a trusted unique identifier attribute;
code for setting an access control so that the trusted unique identifier attribute cannot be modified; and
code for intercepting a call to access a unique identifier attribute and retrieving the unique identifier from the trusted unique identifier attribute. - View Dependent Claims (19, 20)
code for verifying that the entry of the object class contains the trusted unique identifier attribute.
-
-
20. The computer program product as described in claim 18 wherein the entry is under an entry having the unique identifier attribute.
-
21. An LDAP directory service, comprising:
-
an LDAP directory;
an object class that contains a trusted unique identifier attribute used to store a unique identifier; and
a trusted process for creating a child entry of the object class in the LDAP directory, for storing the unique identifier in the trusted unique identifier attribute, for setting an access control on the child entry so that the child entry cannot be modified, and for intercepting calls to access a unique identifier attribute and, in response, returning the unique identifier retrieved from the trusted unique identifier attribute.
-
Specification