Dynamic management of groups

US 8,606,832 B2
Filed: 10/24/2006
Issued: 12/10/2013
Est. Priority Date: 10/24/2006
Status: Active Grant

First Claim

Patent Images

1. A method comprising:

configuring a Lightweight Directory Access Protocol (LDAP) directory comprising a first LDAP node and a second LDAP node, the first LDAP node comprising one or more group entries each representing a group, wherein the group is a static group, and the second LDAP node comprising one or more individual data entries in a directory, each of the individual data entries in the second LDAP node being associated with one or more group entries of the first LDAP node via a membership attribute;

receiving an identifier of groups;

receiving a change request to change a first value of the membership attribute of a particular individual data entry in the second LDAP node to a second value, wherein the first value and the second value are identifiers of the groups;

determining whether the first LDAP node contains a group entry in the one or more group entries that matches the second value of the membership attribute for the particular individual data entry;

associating the particular individual data entry with the group entry that matches the second value based on a determination that the first LDAP node contains a matching group entry;

creating a new group entry in the first LDAP node using the second value of the membership attribute from the change request based on a determination that the first LDAP node does not contain a matching group entry;

changing content of the new group in view of the identifier of the group, wherein the second value of the membership attribute designated for indicating LDAP group membership of the particular individual data entry is an identifier of the new group entry;

determining, by a processing device, whether the one or more group entries is not associated with any of the one or more individual data entries via the membership attribute; and

deleting the one or more group entries that are not associated with any of the one or more individual data entries via the membership attribute.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method and apparatus for managing groups in a directory server is described. In one embodiment, an addition of an identifier of a group to an entry in the directory server is received. A value of an attribute in the entry is updated with the identifier of the group. A content of the group is dynamically changed based on the addition of the identifier of the group to the entry in the directory server.

14 Citations

View as Search Results

3 Claims

1. A method comprising:
- configuring a Lightweight Directory Access Protocol (LDAP) directory comprising a first LDAP node and a second LDAP node, the first LDAP node comprising one or more group entries each representing a group, wherein the group is a static group, and the second LDAP node comprising one or more individual data entries in a directory, each of the individual data entries in the second LDAP node being associated with one or more group entries of the first LDAP node via a membership attribute;
  
  receiving an identifier of groups;
  
  receiving a change request to change a first value of the membership attribute of a particular individual data entry in the second LDAP node to a second value, wherein the first value and the second value are identifiers of the groups;
  
  determining whether the first LDAP node contains a group entry in the one or more group entries that matches the second value of the membership attribute for the particular individual data entry;
  
  associating the particular individual data entry with the group entry that matches the second value based on a determination that the first LDAP node contains a matching group entry;
  
  creating a new group entry in the first LDAP node using the second value of the membership attribute from the change request based on a determination that the first LDAP node does not contain a matching group entry;
  
  changing content of the new group in view of the identifier of the group, wherein the second value of the membership attribute designated for indicating LDAP group membership of the particular individual data entry is an identifier of the new group entry;
  
  determining, by a processing device, whether the one or more group entries is not associated with any of the one or more individual data entries via the membership attribute; and
  
  deleting the one or more group entries that are not associated with any of the one or more individual data entries via the membership attribute.

2. An apparatus comprising:
- a memory;
  
  a processing device coupled to the memory;
  
  a storage device to store a Lightweight Directory Access Protocol (LDAP) directory, the LDAP directory comprising a first LDAP node and a second LDAP node, the first LDAP node comprising one or more group entries each representing a group, wherein the group is a static group, and the second LDAP node comprising one or more individual data entries in a directory, each of the individual data entries in the second LDAP node being associated with one or more group entries of the first LDAP node via a membership attribute; and
  
  a group management module coupled to the storage device and executed from the memory by the processing device to;
  
  receive an identifier of groups,receive a change request to change a first value of the membership attribute of a particular individual data entry in the second LDAP node to a second value, wherein the first value and the second value are identifiers of the groups,determine whether the first LDAP node contains a group entry in the one or more group entries that matches the second value of the membership attribute for the particular individual data entry,associate the particular individual data entry with the group entry that matches the second value based on a determination that the first LDAP node contains a matching group entry;
  
  create a new group entry in the first LDAP node using the second value of the membership attribute from the change request based on a determination that the first LDAP node does not contain a matching group entry;
  
  change content of the new group in view of the identifier of the group, wherein the second value of the membership attribute designated for indicating LDAP group membership of the particular individual data entry is an identifier of the new group entry;
  
  determine whether the one or more group entries is not associated with any of the one or more individual data entries via the membership attribute; and
  
  delete the one or more group entries that are not associated with any of the one or more individual data entries via the membership attribute.

3. A non-transitory machine-accessible storage medium including data that, when accessed by a processing device, cause the computer to execute operations comprising:
- configuring a Lightweight Directory Access Protocol (LDAP) directory comprising a first LDAP node and a second LDAP node, the first LDAP node comprising one or more group entries each representing a group, wherein the group is a static group, and the second LDAP node comprising one or more individual data entries in a directory, each of the individual data entries in the second LDAP node being associated with one or more group entries of the first LDAP node via a membership attribute;
  
  receiving an identifier of the group;
  
  receiving a change request to change a first value of the membership attribute of a particular individual data entry in the second LDAP node to a second value, wherein the first value and the second value are identifiers of the groups;
  
  determining whether the first LDAP node contains a group entry in the one or more group entries that matches;
  
  associating the particular individual data entry with the group entry that matches the second value based on a determination that the first LDAP node contains a matching group entry;
  
  creating a new group entry in the first LDAP node using the second value of the membership attribute from the change request based on a determination that the first LDAP node does not contain a matching group entry;
  
  changing content of the new group in view of the identifier of the group, wherein the second value of the membership attribute designated for indicating LDAP group membership of the particular individual data entry is an identifier of the new group entry;
  
  determining, by a processing device, whether the one or more group entries is not associated with any of the one or more individual data entries via the membership attribute; and
  
  deleting the one or more group entries that are not associated with any of the one or more individual data entries via the membership attribute.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Red Hat, Inc. (International Business Machines Corporation)
Original Assignee
Red Hat, Inc. (International Business Machines Corporation)
Inventors
Rowley, Peter Andrew
Primary Examiner(s)
Saeed, Usmaan
Assistant Examiner(s)
Zhao, Yu

Application Number

US11/588,094
Publication Number

US 20080098009A1
Time in Patent Office

2,604 Days
Field of Search

None
US Class Current

707/822
CPC Class Codes

G06F 16/282 Hierarchical databases, e.g...

Dynamic management of groups

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

14 Citations

3 Claims

Specification

Solutions

Use Cases

Quick Links

Dynamic management of groups

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

14 Citations

3 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links