User interface for securing lightweight directory access protocol traffic
First Claim
Patent Images
1. A method comprising:
- exposing a user interface suitable for receiving inputs from a user that specify whether execution of a particular lightweight directory access protocol (LDAP) action is permitted, wherein the exposing of the user interface includes a plurality of descriptions that are selectable by a user;
configuring a policy, based on the inputs, for managing lightweight directory access protocol (LDAP) traffic on a network;
intercepting a request communicated from a client to a server, wherein the request indicates an LDAP action;
applying the policy to the LDAP action in order to determine whether the LDAP action is permitted, wherein the policy is selected from one or more available policies; and
in an event the LDAP action is permitted;
determining if another policy of the one or more policies is available and applying the other policy to the LDAP action if it is available;
continuing to determine if another policy of the one or more policies is available and applying the other policy to the LDAP action if it is available until there are no more policies available; and
communicating the request for performance of the LDAP action;
in an event the LDAP action is not permitted;
modifying the request to specify a modified LDAP action;
selecting at least one of the one or more policies;
applying the at least one of the one or more policies to the modified LDAP action;
determining if another policy of the one or more policies is available and applying the other policy to the modified LDAP action if it is available; and
continuing to determine if another policy of the one or more policies is available and applying the other policy to the modified LDAP action if it is available until there are no more policies available; and
communicating the request for performance of the modified LDAP action.
2 Assignments
0 Petitions
Accused Products
Abstract
Lightweight directory access protocol (LDAP) management is described. In an implementation, a method includes exposing a user interface suitable for receiving inputs from a user that specify whether execution of a particular lightweight directory access protocol (LDAP) action is permitted. A policy is configured based on the inputs, for managing lightweight directory access protocol (LDAP) traffic on a network.
-
Citations
29 Claims
-
1. A method comprising:
-
exposing a user interface suitable for receiving inputs from a user that specify whether execution of a particular lightweight directory access protocol (LDAP) action is permitted, wherein the exposing of the user interface includes a plurality of descriptions that are selectable by a user; configuring a policy, based on the inputs, for managing lightweight directory access protocol (LDAP) traffic on a network; intercepting a request communicated from a client to a server, wherein the request indicates an LDAP action; applying the policy to the LDAP action in order to determine whether the LDAP action is permitted, wherein the policy is selected from one or more available policies; and in an event the LDAP action is permitted; determining if another policy of the one or more policies is available and applying the other policy to the LDAP action if it is available; continuing to determine if another policy of the one or more policies is available and applying the other policy to the LDAP action if it is available until there are no more policies available; and communicating the request for performance of the LDAP action; in an event the LDAP action is not permitted; modifying the request to specify a modified LDAP action; selecting at least one of the one or more policies; applying the at least one of the one or more policies to the modified LDAP action; determining if another policy of the one or more policies is available and applying the other policy to the modified LDAP action if it is available; and continuing to determine if another policy of the one or more policies is available and applying the other policy to the modified LDAP action if it is available until there are no more policies available; and communicating the request for performance of the modified LDAP action. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
-
-
14. One or more computer readable media comprising computer executable instructions that, when executed on a computer, direct the computer to perform a method, the method comprising:
-
outputting a user interface for configuring one or more of a plurality of policies for managing lightweight directory access protocol (LDAP) traffic on a network, wherein the user interface, when output, is configured to enable a user to indicate whether performance of an LDAP operation is permitted and to indicate whether performance of a particular LDAP operation on a particular LDAP object is permitted, by presenting a plurality of descriptions that are selectable by the user; configuring one or more policies according to one or more descriptions that are selected by the user; intercepting a request communicated from a client to a server, wherein the request indicates an LDAP operation; selecting at least one of the one or more policies; applying the at least one of the one or more policies to the LDAP operation in order to determine whether the LDAP operation is permitted; and in an event the LDAP operation is permitted; determining if another policy of the one or more polices is available and applying the other policy to the LDAP operation if it is available; continuing to determine if another policy of the one or more policies is available and applying the other policy to the LDAP operation if it is available until there are no more policies available; and communicating the request for performance of the LDAP operation;
in an event the LDAP operation is not permitted;modifying the request to specify a modified LDAP operation; selecting at least one of the one or more policies; applying the at least one of the one or more policies to the modified LDAP operation; determining if another policy of the one or more polices is available and applying the other policy to the modified LDAP operation if it is available; and continuing to determine if another policy of the one or more policies is available and applying the other policy to the modified LDAP operation if it is available until there are no more policies available; and communicating the request for performance of the modified LDAP operation. - View Dependent Claims (15)
-
-
16. A system comprising:
-
a processor; a memory coupled to the processor, the memory having computer-executable instructions embodied thereon, the computer-executable instructions, when executed by the processor, configuring a computer to secure network traffic; one or more modules stored on the memory, the one or more modules comprising; first computer-executable instructions configured to output a user interface having a plurality of descriptions, the plurality of descriptions selectable by a user to configure a policy defining permissible traffic over a network utilizing a lightweight directory access protocol (LDAP); second computer-executable instructions configured to manage LDAP traffic according to the configured policy; and third computer-executable instructions configuring the system to perform actions comprising; intercepting a request communicated from a client to a server, wherein the request indicates an LDAP operation; selecting at least one of one or more policies available; applying the at least one of the one or more policies to the LDAP operation in order to determine whether the LDAP operation is permitted; and in an event the LDAP operation is permitted; determining if another policy of the one or more polices is available and applying the other policy to the LDAP operation if it is available; continuing to determine if another policy of the one or more policies is available and applying the other policy to the LDAP operation if it is available until there are no more policies available; and communicating the request for performance of the LDAP operation; in an event the LDAP operation is not permitted; modifying the request to specify a modified LDAP operation; selecting at least one of the one or more policies available; applying the at least one of the one or more policies to the modified LDAP operation; determining if another policy of the one or more polices is available and applying the other policy to the modified LDAP operation if it is available; continuing to determine if another policy of the one or more policies is available and applying the other policy to the modified LDAP operation if it is available until there are no more policies available; and communicating the request for performance of the modified LDAP operation. - View Dependent Claims (17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29)
-
Specification