Role based groups
First Claim
Patent Images
1. A computer-implemented method of a Lightweight Directory Access Protocol (LDAP) directory server for managing an LDAP directory, the method comprising:
- defining a role in the LDAP directory, the role identified by a first distinguished name and represented by a node outside of an organization unit subtree in the LDAP directory;
defining a role attribute for at least one of a plurality of entries in the LDAP directory, the role attribute identified by the first distinguished name of the role;
defining a role-based group at a group management module of the directory server, the role-based group represented by the organization unit subtree and identified by a second distinguished name, a definition of the role-based group comprising the first distinguished name of the role and the second distinguished name of the role-based group, wherein an entry is a member of the role-based group based on the entry possessing the role attribute; and
automatically updating membership of the role-based group when an entry loses the role in the LDAP directory;
determining which of the plurality of entries are members of the role-based group by querying the role attribute of the plurality of entries; and
providing the entries that possess the role attribute to a client as the members of the role-based group.
1 Assignment
0 Petitions
Accused Products
Abstract
A method and apparatus for managing role based groups in a directory server is described. In one embodiment, a role attribute is defined for one or more entries in the directory server. A group of entries in the directory server is defined with a group role. The group role comprises one or more role attributes of one or more entries. The role attribute of the entries are queried to determine which entry possesses the group role. Entries that possess the group role are provided to the client.
-
Citations
13 Claims
-
1. A computer-implemented method of a Lightweight Directory Access Protocol (LDAP) directory server for managing an LDAP directory, the method comprising:
-
defining a role in the LDAP directory, the role identified by a first distinguished name and represented by a node outside of an organization unit subtree in the LDAP directory; defining a role attribute for at least one of a plurality of entries in the LDAP directory, the role attribute identified by the first distinguished name of the role; defining a role-based group at a group management module of the directory server, the role-based group represented by the organization unit subtree and identified by a second distinguished name, a definition of the role-based group comprising the first distinguished name of the role and the second distinguished name of the role-based group, wherein an entry is a member of the role-based group based on the entry possessing the role attribute; and automatically updating membership of the role-based group when an entry loses the role in the LDAP directory; determining which of the plurality of entries are members of the role-based group by querying the role attribute of the plurality of entries; and providing the entries that possess the role attribute to a client as the members of the role-based group. - View Dependent Claims (2, 3, 4, 5)
-
-
6. A Lightweight Directory Access Protocol (LDAP) directory server comprising:
-
a storage device configured to store a plurality of entries in an LDAP directory; a processing device coupled to the storage device, the processing device comprising a group management module configured to define a role in the LDAP directory, the role identified by a first distinguished name and represented by a node outside of an organization unit subtree in the LDAP directory, to define a role attribute for at least one of the plurality of entries in the LDAP directory, the role attribute identified by the first distinguished name of the role, to define a role-based group the role-based group represented by the organization unit subtree and identified by a second distinguished name, a definition of the role-based group comprising the first distinguished name of the role and the second distinguished name of the role-based group, wherein an entry is a member of the role-based group based on the entry possessing the role attribute, to automatically update membership of the role-based group when an entry loses the role in the LDAP directory, to determine which of the plurality of entries are members of the role-based group by querying the role attribute of the plurality of entries, and to provide the entries that possess the role attribute to a client, as the members of the role-based group. - View Dependent Claims (7, 8, 9)
-
-
10. A computer-readable storage medium, having instructions stored therein, which when executed, cause a computer system to perform a method comprising:
-
defining a role in a Lightweight Directory Access Protocol (LDAP) directory managed by an LDAP directory server, the role identified by a first distinguished name and represented by a node outside of an organization unit subtree in the LDAP directory; defining a role attribute for at least one of a plurality of entries in the LDAP directory, the role attribute identified by the first distinguished name of the role; defining a role-based group at a group management module of the LDAP directory server, the role-based group represented by the organization unit subtree and identified by a second distinguished name, a definition of the role-based group comprising the first distinguished name of the role and the second distinguished name of the role-based group, wherein an entry is a member of the role-based group based on the entry possessing the role attribute; automatically updating membership of the role-based group when an entry loses the role in the LDAP directory; determining which of the plurality of entries are members of the role-based group by querying the role attribute of the plurality of entries; and providing the entries that possess the role attribute to a client, as the members of the role-based group. - View Dependent Claims (11, 12, 13)
-
Specification