Authentication referral search for LDAP
First Claim
Patent Images
1. A method for authenticating referral searches that are generated responsive to a client receiving referrals from at least one directory server, comprising:
- receiving a bind request from a referred search request;
searching a local directory of a server for an entry corresponding to the distinguished name (DN) of the bind request;
authenticating the bind request if an entry for the bind DN is located within the local directory of the server;
checking a defined reference server for the prefix of the bind DN, if the bind DN is not found within the local directory of the server;
contacting the reference server for authentication, if the prefix of the bind DN is located on the reference server, wherein the reference server is contacted by the server; and
denying the bind request if both the local directory and the reference server do not contain an entry corresponding to the bind DN.
5 Assignments
0 Petitions
Accused Products
Abstract
A method, program and system for authenticating LDAP referral searches are provided. The invention comprises receiving a bind request from a LDAP referred search request and then searching the local directory for an entry corresponding to the distinguished name (DN) of the bind request. If an entry for the bind DN is located within the local directory, the bind request is authenticated. If an entry for the bind DN is not found in the local directory, a defined reference server is checked for the prefix of the bind DN. If the prefix for the bind DN is located in the reference server, the reference server is contacted for authentication, which is performed using a root DN. If an entry for the bind DN is not found in either the local directory or reference server, the bind request cannot be authenticated and is denied.
23 Citations
6 Claims
-
1. A method for authenticating referral searches that are generated responsive to a client receiving referrals from at least one directory server, comprising:
-
receiving a bind request from a referred search request; searching a local directory of a server for an entry corresponding to the distinguished name (DN) of the bind request; authenticating the bind request if an entry for the bind DN is located within the local directory of the server; checking a defined reference server for the prefix of the bind DN, if the bind DN is not found within the local directory of the server; contacting the reference server for authentication, if the prefix of the bind DN is located on the reference server, wherein the reference server is contacted by the server; and denying the bind request if both the local directory and the reference server do not contain an entry corresponding to the bind DN. - View Dependent Claims (2)
-
-
3. A computer program product in a computer readable medium for use in a data processing system, for authenticating referral searches that are generated responsive to a client receiving referrals from at least one directory server, the computer program product comprising:
-
instructions for receiving a bind request from a referred search request; instructions for searching a local directory of a server for an entry corresponding to the distinguished name (DN) of the bind request; instructions for authenticating the bind request if an entry for the bind DN is located within the local directory of the server; instructions for checking a defined reference server for the prefix of the bind DN, if the bind DN is not found within the local directory of the server; instructions for contacting the reference server for authentication, if the prefix of the bind DN is located on the reference server, wherein the reference server is contacted by the server; and instructions for denying the bind request if both the local directory and the reference server do not contain an entry corresponding to the bind DN. - View Dependent Claims (4)
-
-
5. A system for authenticating referral searches that are generated responsive to a client receiving referrals from at least one directory server, comprising:
-
means for receiving a bind request from a referred search request; means for searching a local directory of a server for an entry corresponding to the distinguished name (DN) of the bind request; means for authenticating the bind request if an entry for the bind DN is located within the local directory of the server; means for checking a defined reference server for the prefix of the bind DN, if the bind DN is not found within the local directory of the server; means for contacting the reference server for authentication, if the prefix of the bind DN is located on the reference server, wherein the reference server is contacted by the server; and means for denying the bind request if both the local directory and the reference server do not contain an entry corresponding to the bind DN. - View Dependent Claims (6)
-
Specification
-
- Resources
Litigation Campaign Assessment
Thank you for your request. You will receive a custom alert email when the Litigation Campaign Assessment is available.
×
-
Current AssigneeX Corp. (f/k/a Twitter, Inc.) (X Holdings Corp.)
-
Original AssigneeInternational Business Machines Corporation
-
InventorsShi, Shaw-Ben Shepherd, Hill, Reginal Raynard
-
Primary Examiner(s)Alam, Shahid Al
-
Application NumberUS09/751,248Publication NumberTime in Patent Office1,908 DaysField of Search707/2, 707/3, 707/4, 707/8, 707/9, 707/200, 707/201, 707/100, 707/101, 707/103.R, 707/104.1, 707/204, 709/227, 709/230, 709/246US Class Current1/1CPC Class CodesG06F 21/31 User authenticationG06F 21/6218 to a system of files or obj...G06F 2221/2141 Access rights, e.g. capabil...H04L 63/08 for authentication of entit...Y10S 707/99933 Query processing, i.e. sear...Y10S 707/99939 Privileged accessY10S 707/99945 Object-oriented database st...Y10S 707/99953 Recoverability
