Virtual directory system for LDAP to SCIM proxy service

US 10,505,941 B2
Filed: 07/31/2017
Issued: 12/10/2019
Est. Priority Date: 08/05/2016
Status: Active Grant

First Claim

Patent Images

1. A non-transitory computer-readable medium having instructions stored thereon that, when executed by a processor, cause the processor to provide an on-premises virtual directory system for an LDAP (Lightweight Directory Access Protocol) to SCIM (System for Cross-domain Identity Management) proxy service, the providing comprising:

providing an LDAP Directory Information Tree (DIT) including a plurality of LDAP DIT entries that describe LDAP containers, LDAP users and LDAP groups, each LDAP DIT entry including a Distinguished Name (DN) and a plurality of LDAP attribute-value pairs, the DN providing LDAP DIT hierarchical information that uniquely identifies the LDAP DIT entry and describes a hierarchical position of the LDAP DIT entry in the LDAP DIT, each LDAP attribute-value pair including an attribute name and one or more attribute values;

providing a SCIM directory including a plurality of SCIM resource entries that describe SCIM users and SCIM groups, each SCIM resource entry including a plurality of SCIM attributes including an externalID and a resource type identifying the SCIM resource entry as belonging to a user or a group, each SCIM attribute including a name and one or more values;

migrating the plurality of LDAP DIT entries to the SCIM directory, including storing the LDAP DIT hierarchical information in the SCIM directory by;

mapping LDAP containers to SCIM user or SCIM group attributes,mapping LDAP containers to special marker SCIM groups,mapping LDAP user DNs to SCIM user externalIDs, ormapping LDAP group DNs to SCIM group externalIDs;

creating a virtual LDAP hierarchy based on the LDAP DIT hierarchical information stored in the SCIM directory; and

displaying a graphical user interface (GUI) for a directory services application that includes a data tree pane that depicts the virtual LDAP hierarchy.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method for providing an on-premises virtual directory system for an LDAP (Lightweight Directory Access Protocol) to SCIM (System for Cross-domain Identity Management) proxy service is provided. The method includes providing an LDAP Directory Information Tree (DIT) including LDAP DIT entries, providing a SCIM directory including SCIM resource entries, migrating the LDAP DIT entries to the SCIM directory, creating a virtual LDAP hierarchy based on LDAP DIT hierarchical information stored in the SCIM directory, and displaying a graphical user interface (GUI) for a directory services application that includes a data tree pane that depicts the virtual LDAP hierarchy. Creating the virtual LDAP hierarchy includes storing the LDAP DIT hierarchical information in the SCIM directory by mapping LDAP containers to SCIM user or SCIM group attributes, mapping LDAP containers to special marker SCIM groups, mapping LDAP user DNs to SCIM user externalIDs, or mapping LDAP group DNs to SCIM group externalIDs.

353 Citations

20 Claims

1. A non-transitory computer-readable medium having instructions stored thereon that, when executed by a processor, cause the processor to provide an on-premises virtual directory system for an LDAP (Lightweight Directory Access Protocol) to SCIM (System for Cross-domain Identity Management) proxy service, the providing comprising:
- providing an LDAP Directory Information Tree (DIT) including a plurality of LDAP DIT entries that describe LDAP containers, LDAP users and LDAP groups, each LDAP DIT entry including a Distinguished Name (DN) and a plurality of LDAP attribute-value pairs, the DN providing LDAP DIT hierarchical information that uniquely identifies the LDAP DIT entry and describes a hierarchical position of the LDAP DIT entry in the LDAP DIT, each LDAP attribute-value pair including an attribute name and one or more attribute values;
  
  providing a SCIM directory including a plurality of SCIM resource entries that describe SCIM users and SCIM groups, each SCIM resource entry including a plurality of SCIM attributes including an externalID and a resource type identifying the SCIM resource entry as belonging to a user or a group, each SCIM attribute including a name and one or more values;
  
  migrating the plurality of LDAP DIT entries to the SCIM directory, including storing the LDAP DIT hierarchical information in the SCIM directory by;
  
  mapping LDAP containers to SCIM user or SCIM group attributes,mapping LDAP containers to special marker SCIM groups,mapping LDAP user DNs to SCIM user externalIDs, ormapping LDAP group DNs to SCIM group externalIDs;
  
  creating a virtual LDAP hierarchy based on the LDAP DIT hierarchical information stored in the SCIM directory; and
  
  displaying a graphical user interface (GUI) for a directory services application that includes a data tree pane that depicts the virtual LDAP hierarchy.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The computer-readable medium of claim 1, wherein the mapping LDAP containers to SCIM user or SCIM group attributes includes, for each LDAP user or LDAP group present in an LDAP container having a DN including a Relative Distinguished Name (RDN) having an attribute name and an attribute value, adding a SCIM attribute to the corresponding SCIM user or SCIM group based on the attribute name and the attribute value of the RDN.
  - 3. The computer-readable medium of claim 2, wherein the attribute name of the RDN is organizational unit (OU), common name (CN), domain component (DC), organization (O) or location (L).
  - 4. The computer-readable medium of claim 1, wherein the mapping LDAP containers to special marker SCIM groups includes, for each LDAP user or LDAP group present in an LDAP container having DN including a Relative Distinguished Name (RDN) having an attribute name and an attribute value, creating a new SCIM group based on the attribute name and attribute value of the RDN, and adding the corresponding SCIM user or SCIM group to the new SCIM group.
  - 5. The computer-readable medium of claim 4, wherein the attribute name of the RDN is OU, CN, DC, O or L.
  - 6. The computer-readable medium of claim 1,wherein the mapping LDAP user DNs to SCIM user externalIDs includes, for each LDAP user, setting the corresponding SCIM user externalID to the DN of the LDAP user, andwherein the mapping LDAP group DNs to SCIM group externalIDs includes, for each LDAP group, setting the corresponding SCIM group externalID to the DN of the LDAP group.
  - 7. The computer-readable medium of claim 6, wherein the DN includes a plurality of attribute-value pairs arranged in a hierarchical sequence.

8. A method for providing an on-premises virtual directory system for an LDAP (Lightweight Directory Access Protocol) to SCIM (System for Cross-domain Identity Management) proxy service, the method comprising:
- providing an LDAP Directory Information Tree (DIT) including a plurality of LDAP DIT entries that describe LDAP containers, LDAP users and LDAP groups, each LDAP DIT entry including a Distinguished Name (DN) and a plurality of LDAP attribute-value pairs, the DN providing LDAP DIT hierarchical information that uniquely identifies the LDAP DIT entry and describes a hierarchical position of the LDAP DIT entry in the LDAP DIT, each LDAP attribute-value pair including an attribute name and one or more attribute values;
  
  providing a SCIM directory including a plurality of SCIM resource entries that describe SCIM users and SCIM groups, each SCIM resource entry including a plurality of SCIM attributes including an externalID and a resource type identifying the SCIM resource entry as belonging to a User or a Group, each SCIM attribute including a name and one or more values;
  
  migrating the plurality of LDAP DIT entries to the SCIM directory, including storing the LDAP DIT hierarchical information in the SCIM directory by;
  
  mapping LDAP containers to SCIM user or SCIM group attributes,mapping LDAP containers to special marker SCIM groups,mapping LDAP user DNs to SCIM user externalIDs, ormapping LDAP group DNs to SCIM group externalIDs;
  
  creating a virtual LDAP hierarchy based on the LDAP DIT hierarchical information stored in the SCIM directory; and
  
  displaying a graphical user interface (GUI) for a directory services application that includes a data tree pane that depicts the virtual LDAP hierarchy.
- View Dependent Claims (9, 10, 11, 12, 13, 14)
- - 9. The method of claim 8, wherein the mapping LDAP containers to SCIM user or SCIM group attributes includes, for each LDAP user or LDAP group present in an LDAP container having a DN including a Relative Distinguished Name (RDN) an RDN having an attribute name and an attribute value, adding a SCIM attribute to the corresponding SCIM user or SCIM group based on the attribute name and the attribute value of the RDN.
  - 10. The method of claim 9, wherein the attribute name of the RDN is organizational unit (OU), common name (CN), domain component (DC), organization (O) or location (L).
  - 11. The method of claim 8, wherein the mapping LDAP containers to special marker SCIM groups includes, for each LDAP user or LDAP group present in an LDAP container having DN including a Relative Distinguished Name (RDN) having an attribute name and an attribute value, creating a new SCIM group based on the attribute name and attribute value of the RDN, and adding the corresponding SCIM user or SCIM group to the new SCIM group.
  - 12. The method of claim 11, wherein the attribute name of the RDN is OU, CN, DC, O or L.
  - 13. The method of claim 8,wherein the mapping LDAP user DNs to SCIM user externalIDs includes, for each LDAP user, setting the corresponding SCIM user externalID to the DN of the LDAP user, andwherein the mapping LDAP group DNs to SCIM group externalIDs includes, for each LDAP group, setting the corresponding SCIM group externalID to the DN of the LDAP group.
  - 14. The method of claim 13, wherein the DN includes a plurality of attribute-value pairs arranged in a hierarchical sequence.

15. A system, comprising:
- a memory; and
  
  a processor, coupled to the memory and a network, to provide an on-premises virtual directory system for an LDAP (Lightweight Directory Access Protocol) to SCIM (System for Cross-domain Identity Management) proxy service, the processor configured to;
  
  provide an LDAP Directory Information Tree (DIT) including a plurality of LDAP DIT entries that describe LDAP containers, LDAP users and LDAP groups, each LDAP DIT entry including a Distinguished Name (DN) and a plurality of LDAP attribute-value pairs, the DN providing LDAP DIT hierarchical information that uniquely identifies the LDAP DIT entry and describes a hierarchical position of the LDAP DIT entry in the LDAP DIT, each LDAP attribute-value pair including an attribute name and one or more attribute values;
  
  provide a SCIM directory including a plurality of SCIM resource entries that describe SCIM users and SCIM groups, each SCIM resource entry including a plurality of SCIM attributes including an externalID and a resource type identifying the SCIM resource entry as belonging to a User or a Group, each SCIM attribute including a name and one or more values;
  
  migrate the plurality of LDAP DIT entries to the SCIM directory, including storing the LDAP DIT hierarchical information in the SCIM directory by;
  
  mapping LDAP containers to SCIM user or SCIM group attributes,mapping LDAP containers to special marker SCIM groups,mapping LDAP user DNs to SCIM user externalIDs, ormapping LDAP group DNs to SCIM group externalIDs;
  
  create a virtual LDAP hierarchy based on the LDAP DIT hierarchical information stored in the SCIM directory; and
  
  display a graphical user interface (GUI) for a directory services application that includes a data tree pane that depicts the virtual LDAP hierarchy.
- View Dependent Claims (16, 17, 18, 19, 20)
- - 16. The system of claim 15, wherein the mapping LDAP containers to SCIM user or SCIM group attributes includes, for each LDAP user or LDAP group present in an LDAP container having a DN including a Relative Distinguished Name (RDN) having an attribute name and an attribute value, adding a SCIM attribute to the corresponding SCIM user or SCIM group based on the attribute name and the attribute value of the RDN.
  - 17. The system of claim 16, wherein the attribute name of the RDN is organizational unit (OU), common name (CN), domain component (DC), organization (O) or location (L).
  - 18. The system of claim 15, wherein the mapping LDAP containers to special marker SCIM groups includes, for each LDAP user or LDAP group present in an LDAP container having DN including a Relative Distinguished Name (RDN) having an attribute name and an attribute value, creating a new SCIM group based on the attribute name and attribute value of the RDN, and adding the corresponding SCIM user or SCIM group to the new SCIM group.
  - 19. The system of claim 18, wherein the attribute name of the RDN is OU, CN, DC, O or L.
  - 20. The system of claim 15,wherein the DN includes a plurality of attribute-value pairs arranged in a hierarchical sequence,wherein the mapping LDAP user DNs to SCIM user externalIDs includes, for each LDAP user, setting the corresponding SCIM user externalID to the DN of the LDAP user, andwherein the mapping LDAP group DNs to SCIM group externalIDs includes, for each LDAP group, setting the corresponding SCIM group externalID to the DN of the LDAP group.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Oracle International Corporation (Oracle Corporation)
Original Assignee
Oracle International Corporation (Oracle Corporation)
Inventors
Vats, Kanika, Janakiraman, Vinoth, Neelakanteshwar, Manohari, Purushothaman, Rajesh, Ramasamy, Loganathan, Murugesan, Anand, Sastry, Hari
Primary Examiner(s)
Pwu, Jeffrey C
Assistant Examiner(s)
Mahmoudi, Rodman Alexander

Application Number

US15/665,157
Publication Number

US 20180041516A1
Time in Patent Office

862 Days
Field of Search
US Class Current
CPC Class Codes

G06F 16/188   Virtual file systems

G06F 21/604   Tools and structures for ma...

G06F 21/629   to features or functions of...

H04L 41/22   comprising specially adapte...

H04L 63/0281   Proxies

H04L 63/102   Entity profiles

H04L 63/104   Grouping of entities

H04L 67/1095   Replication or mirroring of...

H04L 67/306   User profiles

H04L 67/567   Integrating service provisi...

Virtual directory system for LDAP to SCIM proxy service

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

353 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Virtual directory system for LDAP to SCIM proxy service

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

353 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links