Providing mapped user account information to a storage server

US 7,668,871 B1
Filed: 04/20/2005
Issued: 02/23/2010
Est. Priority Date: 04/20/2005
Status: Active Grant

First Claim

Patent Images

1. A method comprising:

operating a first Lightweight Directory Access Protocol (LDAP) directory server and a second LDAP directory server which communicate with a storage server through a network;

extending an LDAP directory schema of the first LDAP directory server and the second LDAP directory server to store, at the first LDAP directory server, a first mapping of user account information from a first operating system to a second operating system, and to store, at the second LDAP directory server, a second mapping of the user account information from the second operating system to the first operating system, wherein each of the first and second LDAP directory serves retrieving the first and second mappings by searching LDAP records using user IDs, and by automatically limiting searches of the LDAP records for the user account information within a domain to which the user belongs, the domain being a subtree of a directory tree;

in response to a first request from the storage server to map a Unix user'"'"'s ID to a Windows account, searching for and identifying the Unix user by the first LDAP directory server with ldap.nssmap.objectClass.posixAccount and ldap.nssmap.attribute.uid, retrieving the Windows account with ldap.usermap.attribute.windowsaccount as an LDAP query attribute, and returning the Windows account, to the storage server; and

in response to a second request from the storage server to map the Windows account to the Unix user, determining an identifier of the Unix user by the second LDAP directory server with ldap.usermap.windows-to-unix.objectClass and ldap.usermap.attribute.unixaccount, and returning the identifier of the Unix user, to the storage server,wherein the identifier of the Unix user determined in response to the second request is different from the Unix user'"'"'s ID in the first request.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method for storage of user mapping data associated with users of data stored by storage servers includes operating multiple storage servers, each configured to provide a set of clients with access to data stored in a set of mass storage devices, and using one or more directory servers, which may be coupled to the storage servers via a network. The directory server stores and provides access to user account information associated with a second operating system based on user account information associated with a first operating system, when the user account information associated with the second operating system is needed to access data stored in accordance with the second operating system.

37 Citations

View as Search Results

15 Claims

1. A method comprising:
- operating a first Lightweight Directory Access Protocol (LDAP) directory server and a second LDAP directory server which communicate with a storage server through a network;
  
  extending an LDAP directory schema of the first LDAP directory server and the second LDAP directory server to store, at the first LDAP directory server, a first mapping of user account information from a first operating system to a second operating system, and to store, at the second LDAP directory server, a second mapping of the user account information from the second operating system to the first operating system, wherein each of the first and second LDAP directory serves retrieving the first and second mappings by searching LDAP records using user IDs, and by automatically limiting searches of the LDAP records for the user account information within a domain to which the user belongs, the domain being a subtree of a directory tree;
  
  in response to a first request from the storage server to map a Unix user'"'"'s ID to a Windows account, searching for and identifying the Unix user by the first LDAP directory server with ldap.nssmap.objectClass.posixAccount and ldap.nssmap.attribute.uid, retrieving the Windows account with ldap.usermap.attribute.windowsaccount as an LDAP query attribute, and returning the Windows account, to the storage server; and
  
  in response to a second request from the storage server to map the Windows account to the Unix user, determining an identifier of the Unix user by the second LDAP directory server with ldap.usermap.windows-to-unix.objectClass and ldap.usermap.attribute.unixaccount, and returning the identifier of the Unix user, to the storage server,wherein the identifier of the Unix user determined in response to the second request is different from the Unix user'"'"'s ID in the first request.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The method as recited in claim 1, wherein the second account information associated with the second operating system is used to provide a user with access to data stored by the storage server in accordance with the second operating system.
  - 3. The method as recited in claim 1, wherein the second account information associated with the second operating system is stored as an attribute in an entry of a user account associated with the first operating system in the first LDAP directory server.
  - 4. The method as recited in claim 3, wherein the attribute containing the second account information associated with the second operating system is created via a directory schema extension.
  - 5. The method as recited in claim 1, wherein the first LDAP directory server maps the first account information associated with the first operating system to the second account information associated with the second operation system in response to a determination that a user initiating the request is a valid user based on the first account information associated with the first operating system.
  - 6. The method as recited in claim 1, further comprising:
    - using the second LDAP directory server to map the second account information associated with the second operating system to the first account information associated with the first operating system.
  - 7. The method as recited in claim 1, wherein the second directory server is an active directory.
  - 8. The method as recited in claim 1, wherein the first operating system is a Unix operating system and the second operating system is a Windows based operating system.

9. A method comprising:
- accessing, from a storage server, a first Lightweight Directory Access Protocol (LDAP) directory server that stores a first mapping of user account information from a first operating system to a second operating system and a second LDAP directory server that stores a second mapping of the user account information from the second operating system to the first operating system, wherein each of the first and second LDAP directory servers retrieving the first and second mappings by searching LDAP records using user identifiers, and by automatically limiting searches of the LDAP records for the user account information within a domain to which the user belongs, the domain being a subtree of a directory tree;
  
  in response to a first request from a first client, the storage server accessing the first LDAP directory server to map a Unix user'"'"'s ID to a Windows account, wherein the first LDAP directory server searches for and identifies the Unix user with ldap.nssmap.objectClass.posix.Account and ldap.nssmap.attribute.uid, retrieves the Windows account with ldap.usermap.attribute.windowsaccount as an LDAP query attribute, and returns the Windows account to the storage server; and
  
  in response to a second request from a second client, the storage server accessing the second LDAP directory server to map the Windows account to the Unix user, wherein the second LDAP directory server determines an identifier of the Unix user with lap.usermap.windows-to-unix.objectClass and ldap.usermap.attribute.unixaccount, and returns the identifier of the Unix user to the storage server,wherein the identifier of the Unix user determined in response to the second request is different from the Unix user'"'"'s ID in the first request; and
  
  operating the storage server to provide the first client and the second client with access to data on the storage server upon the storage server receiving the user account information from the first LDAP directory server and the second LDAP directory server.
- View Dependent Claims (10, 11)
- - 10. The method as recited in claim 9, wherein the second account information associated with the second operating system is stored as an attribute in an entry of a user account associated with the first operating system in the first LDAP directory server.
  - 11. The method as recited in claim 9, wherein the storage server receives the second account information associated with the second operating system in response to a determination that a user initiating the request is a valid user based on the first account information associated with the first operating system.

12. A storage server comprising:
- a processor;
  
  a storage adapter through which to communicate with a set of mass storage devices;
  
  a network adapter through which to communicate with a client; and
  
  a memory containing instructions to cause the processor to;
  
  receive at the storage server a request by a client for access to data stored by the storage server, the request including a first set of user account information of a user associated with a first operating system;
  
  access a first Lightweight Directory Access Protocol (LDAP) directory server that stores a first mapping of user account information from a first operating system to a second operating system and a second LDAP directory server that stores a second mapping from the second operating system to the first operating system,wherein each of the first and second LDAP directory servers retrieving the first and second mappings by searching LDAP records using user identifiers, and by automatically limiting searches of the LDAP records for the user account information within a domain to which the user belongs, the domain being a subtree of a directory tree representing the first mapping or the second mapping;
  
  in response to a first request, access the first LDAP directory server to map a Unix user'"'"'s ID to a Windows account, wherein the first LDAP directory server searches for and identifies the Unix user with ldap.nssmap.objectClass.posix.Account and ldap.nssmap.attribute.uid, retrieves the Windows account with the ldap.usermap.attribute.windowsaccount as an LDAP query attribute, and returns the Windows account to the storage server;
  
  in response to a second request, access the second LDAP directory server to map the Windows account to the Unix user, wherein the second LDAP directory server determines an identifier of the Unix user with the ldap.usermap.windows-to-unix.objectClass and ldap.usermap.attribute.unixaccount, and returns the identifier of the Unix user to the storage server,wherein the identifier of the Unix user determined in response to the second request is different from the Unix user'"'"'s ID in the first request; and
  
  receive at the storage server user account information.
- View Dependent Claims (13, 14, 15)
- - 13. The storage server as recited in claim 12, wherein the data is stored by the storage server in accordance with the second operating system.
  - 14. The storage server as recited in claim 12, wherein the second set of user account information associated with the second operating system is stored as an attribute in an entry of a user account associated with the first operating system in the first LDAP server.
  - 15. The storage server as recited in claim 12, further comprising validating the second set of user account information associated with the second operating system.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Network Appliance Incorporated (NetApp, Inc.)
Original Assignee
Network Appliance Incorporated (NetApp, Inc.)
Inventors
Pradhan, Gyanendra, Cai, Bingxue, Witte, Wesley R.
Primary Examiner(s)
Cottingham; John R.
Assistant Examiner(s)
Badawi; Sherief

Application Number

US11/111,178
Time in Patent Office

1,770 Days
Field of Search

707/204, 707/102, 707/3, 707/10, 707/200, 709/225, 709/223, 709/245
US Class Current

707/609
CPC Class Codes

G06F 21/6236   between heterogeneous systems

G06F 2221/2115   Third party

H04L 61/4523   using lightweight directory...

Providing mapped user account information to a storage server

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

37 Citations

15 Claims

Specification

Solutions

Use Cases

Quick Links

Providing mapped user account information to a storage server

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

37 Citations

15 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links