Attribute rule enforcer for a directory
First Claim
1. An apparatus comprising at least one of hardware and a computer readable storage medium, the apparatus comprising:
- a transaction monitor and a rule validator, the transaction monitor and the rule validator being interposed between a client computer and a directory access server for providing access to a directory,wherein the transaction monitor is capable of intercepting a request from a client computer to said directory access server, diverting the intercepted request to the rule validator if the call includes one of a request to add data to a directory accessed by the directory access server, a request to modify data in the directory, and a request to delete data from the directory, and being further capable of forwarding the intercepted request to the directory access server if the request does not include one of a request to add data to the directory, a request to modify data in the directory, and a request to delete data from the directory,wherein the rule validator is capable of determining whether an attribute of the request complies with a first rule governing content of data that is permissible to be forwarded to the directory access server and a second rule governing structure of data that is permissible to be forwarded to the directory access server, the first and second rules including a data addition rule when the request includes a request to add data to the directory, the first and second rules including a data modification rule when the request includes a request to modify data in the directory, and the first and second data rules including a data deletion rule when the request includes a request to delete data from the directory, andwherein the rule validator is further capable of forwarding the request to the directory access server if the attribute complies with one of the first rule and the second rule and is further capable of rejecting the request to the directory access server and returning an error message to a source of the request if the attribute does not comply with the first rule and the second rule.
6 Assignments
0 Petitions
Accused Products
Abstract
An attribute rule enforcer for evaluating the attributes of a call to add, modify, or delete information in a directory, such as a lightweight directory access protocol (LDAP) directory. The attribute rule enforcer determines if the attributes of the call comply with predetermined rules governing the directory'"'"'s content. The directory attribute rule enforcer may be located at the front end of the directory'"'"'s access server, and intercepts calls to the directory access server. If the directory attribute rule enforcer determines that the attributes of a call complies with the rules governing the content of the directory, it will forward the call to the directory'"'"'s access server for action. If, on the other hand, directory attribute rule enforcer determines that the attributes of a call do not comply with the rules governing the content of the directory, the attribute rule enforcer will reject the call. Further, it may forward an appropriate error message to the source of the call.
-
Citations
20 Claims
-
1. An apparatus comprising at least one of hardware and a computer readable storage medium, the apparatus comprising:
-
a transaction monitor and a rule validator, the transaction monitor and the rule validator being interposed between a client computer and a directory access server for providing access to a directory, wherein the transaction monitor is capable of intercepting a request from a client computer to said directory access server, diverting the intercepted request to the rule validator if the call includes one of a request to add data to a directory accessed by the directory access server, a request to modify data in the directory, and a request to delete data from the directory, and being further capable of forwarding the intercepted request to the directory access server if the request does not include one of a request to add data to the directory, a request to modify data in the directory, and a request to delete data from the directory, wherein the rule validator is capable of determining whether an attribute of the request complies with a first rule governing content of data that is permissible to be forwarded to the directory access server and a second rule governing structure of data that is permissible to be forwarded to the directory access server, the first and second rules including a data addition rule when the request includes a request to add data to the directory, the first and second rules including a data modification rule when the request includes a request to modify data in the directory, and the first and second data rules including a data deletion rule when the request includes a request to delete data from the directory, and wherein the rule validator is further capable of forwarding the request to the directory access server if the attribute complies with one of the first rule and the second rule and is further capable of rejecting the request to the directory access server and returning an error message to a source of the request if the attribute does not comply with the first rule and the second rule. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 19)
-
-
13. An apparatus comprising at least one of hardware and a computer readable storage medium, the apparatus comprising:
a transaction monitor interposed between a client and a directory access server for providing access to a directory, the transaction monitor being capable of intercepting a request from a client computer to said directory access server, diverting the intercepted request to a rule validator if the request includes one of a request to add data to a directory accessed by the directory access server, a request to modify data in the directory, and a request to delete data from the directory, and being further capable of forwarding the intercepted request to the directory access server if the request does not include one of a request to add data to the directory, a request to modify data in the directory, and a request to delete data from the directory, the request from a client computer to a directory access server comprising an operation selected from one of retrieve, add, delete and modify and an attribute comprising one of a telephone number field, a street address field, a city field, a state field and a zip code field, wherein said attribute has a value and an associated rule, the transaction monitor, responsive to receipt of a request, creating a monitoring process for a request to the directory access server via a command line comprising the identities of a port address of a rule validator and of a port address of the directory access server such that said directory access server and said rule validator may be implemented on different programmable computers. - View Dependent Claims (20)
-
14. A method for processing requests from clients to a directory access server, the method being performed by an attribute rule enforcer interposed between a client and said directory access server, the method comprising:
-
intercepting a request from a client to said directory access server, the request consisting of one of a request to add data to a directory associated with the directory access server, a request to modify data in the directory, and a request to delete data from the directory, the request further including at least one attribute associated with data having a data content and a data structure; evaluating the attribute according to a first rule governing content of data that is permissible to be forwarded to the directory access server and a second rule governing structure of data that is permissible to be forwarded to the directory access server, the first and second rules including a data addition rule when the request includes a request to add data to the directory, the first and second rules including a data modification rule when the request includes a request to modify data in a directory, the first and second data rules including a data deletion rule when the request includes a request to delete data from the directory; determining whether the attribute complies with the first and second rules; forwarding the request to the directory access server if the attribute complies with the first and second rules; and rejecting the request to the directory access server and forwarding an error message to the client if the call attribute does not comply with the first and second rules. - View Dependent Claims (15, 16, 17, 18)
-
Specification