Role based groups
First Claim
Patent Images
1. A computer-implemented method of a Lightweight Directory Access Protocol (LDAP) directory server for managing an LDAP directory, the method comprising:
- defining a group represented by an organization unit subtree in the LDAP directory, the group being identified by a first distinguished name and including a list for at least one of a plurality of entries in the LDAP directory;
defining a group attribute for the at least one entry, the group attribute identified by the first distinguished name of the group;
defining a group-based role, at a role management module of the LDAP directory server, the group-based role identified by a second distinguished name and represented by a node outside of the organization subtree, a definition of the group-based role comprising the first distinguished name of the group and the second distinguished name of the group-based role, wherein an entry possesses the group-based role based on being on the list as a member of the group;
automatically updating the role of the at least one entry when the at least one entry is removed from membership of the group;
determining which of the plurality of entries possess the group based role by querying members in the group; and
providing the entries that possess the group based role to a client, the entries being the members of the group.
1 Assignment
0 Petitions
Accused Products
Abstract
A method and apparatus for managing group based roles in a directory server is described. In one embodiment, a group of entries is defined in the directory server. One or more of the entries possess a group based role. The group based role points to one or more groups. Entries that belong to a group pointed by the group based role also possess the group based role.
-
Citations
13 Claims
-
1. A computer-implemented method of a Lightweight Directory Access Protocol (LDAP) directory server for managing an LDAP directory, the method comprising:
-
defining a group represented by an organization unit subtree in the LDAP directory, the group being identified by a first distinguished name and including a list for at least one of a plurality of entries in the LDAP directory; defining a group attribute for the at least one entry, the group attribute identified by the first distinguished name of the group; defining a group-based role, at a role management module of the LDAP directory server, the group-based role identified by a second distinguished name and represented by a node outside of the organization subtree, a definition of the group-based role comprising the first distinguished name of the group and the second distinguished name of the group-based role, wherein an entry possesses the group-based role based on being on the list as a member of the group; automatically updating the role of the at least one entry when the at least one entry is removed from membership of the group; determining which of the plurality of entries possess the group based role by querying members in the group; and providing the entries that possess the group based role to a client, the entries being the members of the group. - View Dependent Claims (2, 3, 4, 5)
-
-
6. A directory server comprising:
-
a storage device configured to store a plurality of entries in a Lightweight Directory Access Protocol (LDAP) directory; a processing device coupled to the storage device, the processing device comprising a role management module configured to define a group represented by an organization unit subtree in the LDAP directory, the group being identified by a first distinguished name and including a list for at least one of the entries, to define a group attribute for the at least one entry, the group attribute identified by the first distinguished name of the group, to define a group-based role that is identified by a second distinguished name and represented by a node outside of the organization subtree, a definition of the group-based role comprising the first distinguished name of the group and the second distinguished name of the group-based role, wherein an entry possesses the group-based role based on being on the list as a member of the group, to automatically update the role of the at least one entry when the at least one entry is removed from membership of the group, to determine which of the plurality of entries possess the group based role by querying members in the group, and to provide the entries that possess the group based role to a client, the entries being the members of the group. - View Dependent Claims (7, 8, 9)
-
-
10. A computer-readable storage medium, having instructions stored therein, which when executed, cause a computer system to perform a method comprising:
-
defining a group represented by an organization unit subtree in a Lightweight Directory Access Protocol (LDAP) directory managed by an LDAP directory server, the group being identified by a first distinguished name and including a list for at least one of a plurality of entries in the LDAP directory; defining a group attribute for the at least one entry, the group attribute identified by the first distinguished name of the group; defining a group-based role at a role management module of the LDAP directory server, the group-based role identified by a second distinguished name and represented by a node outside of the organization subtree, a definition of the group-based role comprising the first distinguished name of the group and the second distinguished name of the group-based role, wherein an entry possesses the group-based role based on being on the list as a member of the group automatically updating the role of the at least one entry when the at least one entry is removed from membership of the group; determining which of the plurality of entries possess the group based role by querying members in the group; and providing the entries that possess the group based role to a client, the entries being the members of the group. - View Dependent Claims (11, 12, 13)
-
Specification