Role based groups

US 7,725,500 B2
Filed: 02/27/2007
Issued: 05/25/2010
Est. Priority Date: 02/27/2007
Status: Active Grant

First Claim

Patent Images

1. A computer-implemented method of a Lightweight Directory Access Protocol (LDAP) directory server for managing an LDAP directory, the method comprising:

defining a role in the LDAP directory, the role identified by a first distinguished name and represented by a node outside of an organization unit subtree in the LDAP directory;

defining a role attribute for at least one of a plurality of entries in the LDAP directory, the role attribute identified by the first distinguished name of the role;

defining a role-based group at a group management module of the directory server, the role-based group represented by the organization unit subtree and identified by a second distinguished name, a definition of the role-based group comprising the first distinguished name of the role and the second distinguished name of the role-based group, wherein an entry is a member of the role-based group based on the entry possessing the role attribute; and

automatically updating membership of the role-based group when an entry loses the role in the LDAP directory;

determining which of the plurality of entries are members of the role-based group by querying the role attribute of the plurality of entries; and

providing the entries that possess the role attribute to a client as the members of the role-based group.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method and apparatus for managing role based groups in a directory server is described. In one embodiment, a role attribute is defined for one or more entries in the directory server. A group of entries in the directory server is defined with a group role. The group role comprises one or more role attributes of one or more entries. The role attribute of the entries are queried to determine which entry possesses the group role. Entries that possess the group role are provided to the client.

Citations

13 Claims

1. A computer-implemented method of a Lightweight Directory Access Protocol (LDAP) directory server for managing an LDAP directory, the method comprising:
- defining a role in the LDAP directory, the role identified by a first distinguished name and represented by a node outside of an organization unit subtree in the LDAP directory;
  
  defining a role attribute for at least one of a plurality of entries in the LDAP directory, the role attribute identified by the first distinguished name of the role;
  
  defining a role-based group at a group management module of the directory server, the role-based group represented by the organization unit subtree and identified by a second distinguished name, a definition of the role-based group comprising the first distinguished name of the role and the second distinguished name of the role-based group, wherein an entry is a member of the role-based group based on the entry possessing the role attribute; and
  
  automatically updating membership of the role-based group when an entry loses the role in the LDAP directory;
  
  determining which of the plurality of entries are members of the role-based group by querying the role attribute of the plurality of entries; and
  
  providing the entries that possess the role attribute to a client as the members of the role-based group.
- View Dependent Claims (2, 3, 4, 5)
- - 2. The method of claim 1 further comprising:
    - receiving from the client, a query for determining members of the role-based group; and
      
      transparently using the role attribute of the at least one of the plurality of entries to internally fulfill the query.
  - 3. The method of claim 1 wherein the client perceives the plurality of entries that possess one of the role attribute in the role-based group as a static group.
  - 4. The method of claim 1 wherein the plurality of entries that possess one of the role attribute in the role-based group includes a dynamic group, the dynamic group comprising a search criteria for the entries in the directory server based on the role attribute.
  - 5. method of claim 1 wherein determining comprises:
    - evaluating the role attribute of the entries in the LDAP directory; and
      
      determining entries that are members of the role-based group.

6. A Lightweight Directory Access Protocol (LDAP) directory server comprising:
- a storage device configured to store a plurality of entries in an LDAP directory;
  
  a processing device coupled to the storage device, the processing device comprising a group management module configured to define a role in the LDAP directory, the role identified by a first distinguished name and represented by a node outside of an organization unit subtree in the LDAP directory, to define a role attribute for at least one of the plurality of entries in the LDAP directory, the role attribute identified by the first distinguished name of the role, to define a role-based group the role-based group represented by the organization unit subtree and identified by a second distinguished name, a definition of the role-based group comprising the first distinguished name of the role and the second distinguished name of the role-based group, wherein an entry is a member of the role-based group based on the entry possessing the role attribute, to automatically update membership of the role-based group when an entry loses the role in the LDAP directory, to determine which of the plurality of entries are members of the role-based group by querying the role attribute of the plurality of entries, and to provide the entries that possess the role attribute to a client, as the members of the role-based group.
- View Dependent Claims (7, 8, 9)
- - 7. The directory server of claim 6 wherein the directory server is to receive from the client, a query for determining members of the role-based group, and to transparently use the role attribute of the at least one of the plurality of entries to internally fulfill the query.
  - 8. The directory server of claim 6 wherein the client perceives the plurality of entries that possess one of the role attribute in the role-based group as a static group.
  - 9. The directory server of claim 6 wherein the plurality of entries that possess one of the role attribute in the role-based group includes a dynamic group, the dynamic group comprising a search criteria for the entries in the directory server based on the role attribute.

10. A computer-readable storage medium, having instructions stored therein, which when executed, cause a computer system to perform a method comprising:
- defining a role in a Lightweight Directory Access Protocol (LDAP) directory managed by an LDAP directory server, the role identified by a first distinguished name and represented by a node outside of an organization unit subtree in the LDAP directory;
  
  defining a role attribute for at least one of a plurality of entries in the LDAP directory, the role attribute identified by the first distinguished name of the role;
  
  defining a role-based group at a group management module of the LDAP directory server, the role-based group represented by the organization unit subtree and identified by a second distinguished name, a definition of the role-based group comprising the first distinguished name of the role and the second distinguished name of the role-based group, wherein an entry is a member of the role-based group based on the entry possessing the role attribute;
  
  automatically updating membership of the role-based group when an entry loses the role in the LDAP directory;
  
  determining which of the plurality of entries are members of the role-based group by querying the role attribute of the plurality of entries; and
  
  providing the entries that possess the role attribute to a client, as the members of the role-based group.
- View Dependent Claims (11, 12, 13)
- - 11. The computer-readable storage medium of claim 10 wherein the method further comprises:
    - receiving from the client, a query for determining members of the role-based group; and
      
      transparently using the role attribute of the at least one of the plurality of entries to internally fulfill the query.
  - 12. The computer-readable storage medium of claim 10 wherein the client perceives the plurality of entries that possess one of the role attribute in the role-based group as a static group.
  - 13. The computer-readable storage medium of claim 10 wherein the plurality of entries that possess one of the role attribute in the role-based group includes a dynamic group, the dynamic group comprising a search criteria for the entries in the directory server based on the role attribute.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Red Hat, Inc. (International Business Machines Corporation)
Original Assignee
Red Hat, Inc. (International Business Machines Corporation)
Inventors
Rowley, Peter Andrew
Primary Examiner(s)
NGUYEN, CAM LINH T

Application Number

US11/712,289
Publication Number

US 20080208809A1
Time in Patent Office

1,183 Days
Field of Search

707100-102, 707/1, 707/9
US Class Current

707/803
CPC Class Codes

G06F 16/10 File systems; File servers

Role based groups

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

13 Claims

Specification

Solutions

Use Cases

Quick Links

Role based groups

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

13 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links