SCIM to LDAP mapping using subtype attributes
First Claim
1. A non-transitory computer-readable medium having instructions stored thereon that, when executed by at least one processor, cause the processor to map System for Cross-domain Identity Management (SCIM) resources comprising a flat data model to Lightweight Directory Access Protocol (LDAP) entries comprising a tree-based hierarchical data model, the mapping comprising:
- receiving a request for an on-premises LDAP-based application to access a cloud-based SCIM server to provide identity services to the LDAP-based application;
providing an LDAP DIT including a plurality of LDAP Directory Information Tree (DIT) entries that describe LDAP containers, users and groups, each LDAP DIT entry including a Distinguished Name (DN) and a plurality of LDAP attribute-value pairs, the DN providing LDAP DIT hierarchical information that uniquely identifies the LDAP DIT entry and describes a hierarchical position of the LDAP DIT entry in the LDAP DIT, each LDAP attribute-value pair including an attribute name and one or more attribute values;
providing a SCIM directory including a plurality of SCIM resource entries, each SCIM resource entry including a plurality of SCIM attributes, each SCIM attribute including a name and one or more values;
converting the plurality of SCIM resource entries to corresponding LDAP DIT entries, including, for each SCIM resource entry that has a SCIM complex multi-valued attribute (CMVA), mapping the SCIM CMVA to a plurality of LDAP attributes in the corresponding LDAP DIT entry using LDAP attribute subtypes that comprise an optional subtype expression added after an LDAP attribute name, the converting comprising providing a different LDAP subtype expression for each set of sub-attributes for a CMVA while keeping the subtype expression the same within each of sub-attributes;
the converting the plurality of SCIM resource entries to corresponding LDAP DIT entries further including, for each SCIM resource entry, mapping each SCIM simple attribute (SA) to an LDAP attribute and when converting corresponding LDAP rows back to SCIM data, the SCIM sub-attributes are grouped within one set of CMVA sub-attributes based on the subtype expression, and, for each SCIM resource entry, mapping each SCIM simple multi-valued attribute (SMVA) to an LDAP attribute; and
after the converting, providing the identity services to the LDAP-based application from the SCIM server.
1 Assignment
0 Petitions
Accused Products
Abstract
A method for mapping SCIM resources to LDAP entries is provided. An LDAP Directory Information Tree (DIT), including a plurality of LDAP DIT entries that describe LDAP containers, users and groups, is provided. Each LDAP DIT entry includes a Distinguished Name and a plurality of LDAP attribute-value pairs, each of which include an attribute name and one or more attribute values. A SCIM directory, including a plurality of SCIM resource entries, is also provided. Each SCIM resource entry includes a plurality of SCIM attributes, each of which includes a name and one or more values. The plurality of SCIM resource entries are converted to corresponding LDAP DIT entries, and, for each SCIM resource entry that has a SCIM CMVA, the SCIM CMVA is mapped to a plurality of LDAP attributes in the corresponding LDAP DIT entry using LDAP attribute subtypes.
417 Citations
18 Claims
-
1. A non-transitory computer-readable medium having instructions stored thereon that, when executed by at least one processor, cause the processor to map System for Cross-domain Identity Management (SCIM) resources comprising a flat data model to Lightweight Directory Access Protocol (LDAP) entries comprising a tree-based hierarchical data model, the mapping comprising:
-
receiving a request for an on-premises LDAP-based application to access a cloud-based SCIM server to provide identity services to the LDAP-based application; providing an LDAP DIT including a plurality of LDAP Directory Information Tree (DIT) entries that describe LDAP containers, users and groups, each LDAP DIT entry including a Distinguished Name (DN) and a plurality of LDAP attribute-value pairs, the DN providing LDAP DIT hierarchical information that uniquely identifies the LDAP DIT entry and describes a hierarchical position of the LDAP DIT entry in the LDAP DIT, each LDAP attribute-value pair including an attribute name and one or more attribute values; providing a SCIM directory including a plurality of SCIM resource entries, each SCIM resource entry including a plurality of SCIM attributes, each SCIM attribute including a name and one or more values; converting the plurality of SCIM resource entries to corresponding LDAP DIT entries, including, for each SCIM resource entry that has a SCIM complex multi-valued attribute (CMVA), mapping the SCIM CMVA to a plurality of LDAP attributes in the corresponding LDAP DIT entry using LDAP attribute subtypes that comprise an optional subtype expression added after an LDAP attribute name, the converting comprising providing a different LDAP subtype expression for each set of sub-attributes for a CMVA while keeping the subtype expression the same within each of sub-attributes; the converting the plurality of SCIM resource entries to corresponding LDAP DIT entries further including, for each SCIM resource entry, mapping each SCIM simple attribute (SA) to an LDAP attribute and when converting corresponding LDAP rows back to SCIM data, the SCIM sub-attributes are grouped within one set of CMVA sub-attributes based on the subtype expression, and, for each SCIM resource entry, mapping each SCIM simple multi-valued attribute (SMVA) to an LDAP attribute; and after the converting, providing the identity services to the LDAP-based application from the SCIM server. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. A method for mapping System for Cross-domain Identity Management (SCIM) resources comprising a flat data model to Lightweight Directory Access Protocol (LDAP) entries comprising a tree-based hierarchical data model, the method comprising:
-
receiving a request for an on-premises LDAP-based application to access a cloud-based SCIM server to provide identity services to the LDAP-based application; providing an LDAP DIT including a plurality of LDAP Directory Information Tree (DIT) entries that describe LDAP containers, users and groups, each LDAP DIT entry including a Distinguished Name (DN) and a plurality of LDAP attribute-value pairs, the DN providing LDAP DIT hierarchical information that uniquely identifies the LDAP DIT entry and describes a hierarchical position of the LDAP DIT entry in the LDAP DIT, each LDAP attribute-value pair including an attribute name and one or more attribute values; providing a SCIM directory including a plurality of SCIM resource entries, each SCIM resource entry including a plurality of SCIM attributes, each SCIM attribute including a name and one or more values; converting the plurality of SCIM resource entries to corresponding LDAP DIT entries, including, for each SCIM resource entry that has a SCIM complex multi-valued attribute (CMVA), mapping the SCIM CMVA to a plurality of LDAP attributes in the corresponding LDAP DIT entry using LDAP attribute subtypes that comprise an optional expression added after an LDAP attribute name, the converting comprising providing a different LDAP subtype expression for each set of sub-attributes for a CMVA while keeping the subtype expression the same within each of sub-attributes; the converting the plurality of SCIM resource entries to corresponding LDAP DIT entries further including, for each SCIM resource entry, mapping each SCIM simple attribute (SA) to an LDAP attribute and when converting corresponding LDAP rows back to SCIM data, the SCIM sub-attributes are grouped within one set of CMVA sub-attributes based on the subtype expression, and, for each SCIM resource entry, mapping each SCIM simple multi-valued attribute (SMVA) to an LDAP attribute; and after the converting, providing the identity services to the LDAP-based application from the SCIM server. - View Dependent Claims (8, 9, 10, 11, 12)
-
-
13. A system for mapping System for Cross-domain Identity Management (SCIM) resources comprising a flat data model to Lightweight Directory Access Protocol (LDAP) entries comprising a tree-based hierarchical data model, the system comprising:
-
one or more processors, coupled to a network, configured to; receive a request for an on-premises LDAP-based application to access a cloud-based SCIM server to provide identity services to the LDAP-based application; provide an LDAP DIT including a plurality of LDAP Directory Information Tree (DIT) entries that describe LDAP containers, users and groups, each LDAP DIT entry including a Distinguished Name (DN) and a plurality of LDAP attribute-value pairs, the DN providing LDAP DIT hierarchical information that uniquely identifies the LDAP DIT entry and describes a hierarchical position of the LDAP DIT entry in the LDAP DIT, each LDAP attribute-value pair including an attribute name and one or more attribute values; a second processor, coupled to the network, configured to; provide a SCIM directory including a plurality of SCIM resource entries, each SCIM resource entry including a plurality of SCIM attributes, each SCIM attribute including a name and one or more values; and convert the plurality of SCIM resource entries to corresponding LDAP DIT entries, including, for each SCIM resource entry that has a SCIM complex multi-valued attribute (CMVA), mapping the SCIM CMVA to a plurality of LDAP attributes in the corresponding LDAP DIT entry using LDAP attribute subtypes that comprise an optional expression added after an LDAP attribute name, the converting comprising providing a different LDAP subtype expression for each set of sub-attributes for a CMVA while keeping the subtype expression the same within each of sub-attributes; the converting the plurality of SCIM resource entries to corresponding LDAP DIT entries further including, for each SCIM resource entry, mapping each SCIM simple attribute (SA) to an LDAP attribute and when converting corresponding LDAP rows back to SCIM data, the SCIM sub-attributes are grouped within one set of CMVA sub-attributes based on the subtype expression, and, for each SCIM resource entry, mapping each SCIM simple multi-valued attribute (SMVA) to an LDAP attribute; and after the converting, providing the identity services to the LDAP-based application from the SCIM server. - View Dependent Claims (14, 15, 16, 17, 18)
-
Specification