Integrating sudo rules with entities represented in an LDAP directory
First Claim
Patent Images
1. A computer-implemented method for a Light Weight Directory Access Protocol (LDAP) directory server, the method comprising:
- receiving a request to add a new sudo (substitute user do) rule of a plurality of sudo rules to an LDAP repository, the LDAP repository having an LDAP schema facilitating an integration of the plurality of sudo rules with a plurality of entities represented in the LDAP repository using a plurality of object classes each associated with a set of attributes, the new sudo rule defining at least one sudo command and one or more entities of the plurality of entities for executing the at least one sudo command via one or more sudo clients coupled to the LDAP directory server via a network, the new sudo rule permitting the one or more entities to execute, via the one or more sudo clients, the at least one sudo command with privileges of one or more other entities of the plurality of entities;
identifying an LDAP entry of the at least one sudo command, the LDAP entry of the at least one sudo command entry having attributes associated with a sudo command object class of the plurality of objects classes of the LDAP schema;
identifying one or more LDAP entries of the one or more entities associated with the execution of the at least one sudo command via the respective sudo clients, each LDAP entry of the one or more entities having attributes associated with an entity object class of the plurality of objects classes of the LDAP schema;
creating, by a processing device, an LDAP entry for the new sudo rule using a sudo rule object class of the plurality of objects classes of the LDAP schema;
linking, in the LDAP entry of the new sudo rule, the LDAP entry of the at least one sudo command with the one or more LDAP entries of the one or more entities associated with the execution of the at least one sudo command via the respective sudo clients; and
upon receiving a request to delete the new sudo rule from the LDAP repository, marking the new sudo rule disabled in the LDAP entry of the new sudo rule.
1 Assignment
0 Petitions
Accused Products
Abstract
A method and apparatus for integrating Sudo rules into a Lightweight Directory Access Protocol (LDAP) repository. An LDAP directory server receives a request to add a sudo rule to the LDAP repository. The sudo rule defines at least one sudo command and one or more entities associated with the execution of the sudo command. The LDAP directory server creates an LDAP entry for the sudo rule, and links in the LDAP entry of the sudo rule an LDAP entry of the sudo command and LDAP entries of the entities associated with the execution of the sudo command.
15 Citations
21 Claims
-
1. A computer-implemented method for a Light Weight Directory Access Protocol (LDAP) directory server, the method comprising:
-
receiving a request to add a new sudo (substitute user do) rule of a plurality of sudo rules to an LDAP repository, the LDAP repository having an LDAP schema facilitating an integration of the plurality of sudo rules with a plurality of entities represented in the LDAP repository using a plurality of object classes each associated with a set of attributes, the new sudo rule defining at least one sudo command and one or more entities of the plurality of entities for executing the at least one sudo command via one or more sudo clients coupled to the LDAP directory server via a network, the new sudo rule permitting the one or more entities to execute, via the one or more sudo clients, the at least one sudo command with privileges of one or more other entities of the plurality of entities; identifying an LDAP entry of the at least one sudo command, the LDAP entry of the at least one sudo command entry having attributes associated with a sudo command object class of the plurality of objects classes of the LDAP schema; identifying one or more LDAP entries of the one or more entities associated with the execution of the at least one sudo command via the respective sudo clients, each LDAP entry of the one or more entities having attributes associated with an entity object class of the plurality of objects classes of the LDAP schema; creating, by a processing device, an LDAP entry for the new sudo rule using a sudo rule object class of the plurality of objects classes of the LDAP schema; linking, in the LDAP entry of the new sudo rule, the LDAP entry of the at least one sudo command with the one or more LDAP entries of the one or more entities associated with the execution of the at least one sudo command via the respective sudo clients; and upon receiving a request to delete the new sudo rule from the LDAP repository, marking the new sudo rule disabled in the LDAP entry of the new sudo rule. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A system for a Light Weight Directory Access Protocol (LDAP) directory server, the system comprising:
-
a memory; a processor, coupled to the memory, to; receive a request to add a new sudo (substitute user do) rule of a plurality of sudo rules to an LDAP repository, the LDAP repository having an LDAP schema facilitating an integration of the plurality of sudo rules with a plurality of entities represented in the LDAP repository using a plurality of object classes each associated with a set of attributes, the sudo rule defining at least one sudo command and one or more entities of the plurality of entities for executing the at least one sudo command via one or more sudo clients coupled to the LDAP server via a network, the new sudo rule permitting the one or more entities to execute, via the one or more sudo clients, the at least one sudo command with privileges of one or more other entities of the plurality of entities; identify an LDAP entry of the at least one sudo command, the LDAP entry of the at least one sudo command entry having attributes associated with a sudo command object class of the plurality of objects classes of the LDAP schema; identify one or more LDAP entries of the one or more entities associated with the execution of the at least one sudo command via the respective sudo clients, each LDAP entry of the one or more entities having attributes associated with an entity object class of the plurality of objects classes of the LDAP schema; create an LDAP entry for the new sudo rule using a sudo rule object class of the plurality of objects classes of the LDAP schema; link, in the LDAP entry of the new sudo rule, the LDAP entry of the at least one sudo command with the one or more LDAP entries of the one or more entities associated with the execution of the at least one sudo command via the respective sudo clients; and upon receiving a request to delete the new sudo rule from the LDAP repository, mark the new sudo rule disabled in the LDAP entry of the new sudo rule. - View Dependent Claims (11, 12, 13, 14, 15, 16)
-
-
17. A non-transitory computer readable storage medium storing instructions which when executed cause a˜
- processing device˜
stem to perform a method for a Light Weight Directory Access Protocol (LDAP) directory server, the method comprising;receiving a request to add a new sudo (substitute user do) rule of a plurality of sudo rules to an LDAP repository, the LDAP repository having an LDAP schema facilitating an integration of the plurality of sudo rules with a plurality of entities represented in the LDAP repository using a plurality of object classes each associated with a set of attributes, the new sudo rule defining at least one sudo command and one or more entities of the plurality of entities for executing the at least one sudo command via one or more sudo clients coupled to the LDAP directory server via a network, the new sudo rule permitting the one or more entities to execute, via the one or more sudo clients, the at least one sudo command with privileges of one or more other entities of the plurality of entities; identifying an LDAP entry of the at least one sudo command, the LDAP entry of the at least one sudo command entry having attributes associated with a sudo command object class of the plurality of objects classes of the LDAP schema; identifying one or more LDAP entries of the one or more entities associated with the execution of the at least one sudo command via the respective sudo clients, each LDAP entry of the one or more entities having attributes associated with an entity object class of the plurality of objects classes of the LDAP schema; creating, by the processing device, an LDAP entry for the new sudo rule using a sudo rule object class of the plurality of objects classes of the LDAP schema; linking, in the LDAP entry of the new sudo rule, the LDAP entry of the at least one sudo command with the one or more LDAP entries of the one or more entities associated with the execution of the at least one sudo command via the respective sudo clients; and upon receiving a request to delete the new sudo rule from the LDAP repository, marking the new sudo rule disabled in the LDAP entry of the new sudo rule. - View Dependent Claims (18, 19, 20, 21)
- processing device˜
Specification