Method and system for incorporating filtered roles in a directory system
First Claim
Patent Images
1. A method of determining the membership of entries that match an LDAP filter within a directory system, the method comprising the steps of:
- receiving a query from a client computer, said client computer specifying a filter definition and a subtree specification;
applying the filter definition to entries to determine if the entries possess a particular role; and
matching all entries within the specified subtree with the defined filter.
3 Assignments
0 Petitions
Accused Products
Abstract
Several types of roles are disclosed herein. The difference between the role types relates to their capabilities, which in turn derive from how they are implemented. When a client application whishes to identify all entries with some characteristic, e.g., everyone who is a manager and works in a designated building, a filtered role, which uses an LDAP filter in order to search a designated portion of the directory system and to identify those entries that possess the characteristics described in filter, is used.
-
Citations
17 Claims
-
1. A method of determining the membership of entries that match an LDAP filter within a directory system, the method comprising the steps of:
-
receiving a query from a client computer, said client computer specifying a filter definition and a subtree specification;
applying the filter definition to entries to determine if the entries possess a particular role; and
matching all entries within the specified subtree with the defined filter. - View Dependent Claims (2, 3, 4, 5)
returning any matched entries to the client computer.
-
-
3. The method of claim 1, wherein the LDAP filter is defined to be of arbitrary complexity.
-
4. The method of claim 1, further comprising the step of:
defining an LDAP filter.
-
5. The method of claim 1, further comprising the step of:
providing a set of expressions and Boolean operations for use to match entries in a directory search.
-
6. An apparatus comprising:
-
a directory server, said directory server configured to comprise entries that possess roles;
a first component coupled to the directory server, said first component configured to determine the membership of entries that match an LDAP filter within a directory server, the first component further comprising;
a second component configured to receive a query from a client computer, said client computer specifying a filter definition and a subtree specification;
a third component configured to apply the LDAP filter definition entries to determine if the entries possess a particular role; and
a fourth component configured to match all entries within the specified subtree with the defined filter. - View Dependent Claims (7, 8, 9, 10)
a fifth component coupled to the directory server and configured to return any matched entries to the client computer.
-
-
8. The apparatus of claim 6, wherein the LDAP filter is defined to be of arbitrary complexity.
-
9. The apparatus of claim 6, further comprising:
a sixth component coupled to the directory server and configured to define an LDAP filter.
-
10. The apparatus of claim 6, further comprising:
a seventh component coupled to the directory server and configured to define a set of expressions and Boolean operations for use to match entries in a directory search.
-
11. A system for providing service attribute information comprising:
-
a directory server comprising a hierarchical data store associating a plurality of target entries with service attributes, said hierarchical data store comprising an organization level and a managed role level and further comprising attribute templates defined with respect to services and levels;
an application for generating an LDAP filter in response to a query associated with search parameters; and
wherein said directory server, in response to said query, searches said hierarchical data based on said LDAP filter for target entries that match said search parameters. - View Dependent Claims (12, 13, 14, 15, 16, 17)
a first template defined with respect to a first service and a first managed role; and
a second template defined with respect to said first service and a second managed role.
-
-
17. The system as described in claim 16 wherein said attribute templates further comprise a third template defined with respect to a second service and said first managed role.
Specification