Dynamic management of groups
First Claim
Patent Images
1. A method comprising:
- configuring a Lightweight Directory Access Protocol (LDAP) directory comprising a first LDAP node and a second LDAP node, the first LDAP node comprising one or more group entries each representing a group, wherein the group is a static group, and the second LDAP node comprising one or more individual data entries in a directory, each of the individual data entries in the second LDAP node being associated with one or more group entries of the first LDAP node via a membership attribute;
receiving an identifier of groups;
receiving a change request to change a first value of the membership attribute of a particular individual data entry in the second LDAP node to a second value, wherein the first value and the second value are identifiers of the groups;
determining whether the first LDAP node contains a group entry in the one or more group entries that matches the second value of the membership attribute for the particular individual data entry;
associating the particular individual data entry with the group entry that matches the second value based on a determination that the first LDAP node contains a matching group entry;
creating a new group entry in the first LDAP node using the second value of the membership attribute from the change request based on a determination that the first LDAP node does not contain a matching group entry;
changing content of the new group in view of the identifier of the group, wherein the second value of the membership attribute designated for indicating LDAP group membership of the particular individual data entry is an identifier of the new group entry;
determining, by a processing device, whether the one or more group entries is not associated with any of the one or more individual data entries via the membership attribute; and
deleting the one or more group entries that are not associated with any of the one or more individual data entries via the membership attribute.
1 Assignment
0 Petitions
Accused Products
Abstract
A method and apparatus for managing groups in a directory server is described. In one embodiment, an addition of an identifier of a group to an entry in the directory server is received. A value of an attribute in the entry is updated with the identifier of the group. A content of the group is dynamically changed based on the addition of the identifier of the group to the entry in the directory server.
14 Citations
3 Claims
-
1. A method comprising:
-
configuring a Lightweight Directory Access Protocol (LDAP) directory comprising a first LDAP node and a second LDAP node, the first LDAP node comprising one or more group entries each representing a group, wherein the group is a static group, and the second LDAP node comprising one or more individual data entries in a directory, each of the individual data entries in the second LDAP node being associated with one or more group entries of the first LDAP node via a membership attribute; receiving an identifier of groups; receiving a change request to change a first value of the membership attribute of a particular individual data entry in the second LDAP node to a second value, wherein the first value and the second value are identifiers of the groups; determining whether the first LDAP node contains a group entry in the one or more group entries that matches the second value of the membership attribute for the particular individual data entry; associating the particular individual data entry with the group entry that matches the second value based on a determination that the first LDAP node contains a matching group entry; creating a new group entry in the first LDAP node using the second value of the membership attribute from the change request based on a determination that the first LDAP node does not contain a matching group entry; changing content of the new group in view of the identifier of the group, wherein the second value of the membership attribute designated for indicating LDAP group membership of the particular individual data entry is an identifier of the new group entry; determining, by a processing device, whether the one or more group entries is not associated with any of the one or more individual data entries via the membership attribute; and deleting the one or more group entries that are not associated with any of the one or more individual data entries via the membership attribute.
-
-
2. An apparatus comprising:
-
a memory; a processing device coupled to the memory; a storage device to store a Lightweight Directory Access Protocol (LDAP) directory, the LDAP directory comprising a first LDAP node and a second LDAP node, the first LDAP node comprising one or more group entries each representing a group, wherein the group is a static group, and the second LDAP node comprising one or more individual data entries in a directory, each of the individual data entries in the second LDAP node being associated with one or more group entries of the first LDAP node via a membership attribute; and a group management module coupled to the storage device and executed from the memory by the processing device to; receive an identifier of groups, receive a change request to change a first value of the membership attribute of a particular individual data entry in the second LDAP node to a second value, wherein the first value and the second value are identifiers of the groups, determine whether the first LDAP node contains a group entry in the one or more group entries that matches the second value of the membership attribute for the particular individual data entry, associate the particular individual data entry with the group entry that matches the second value based on a determination that the first LDAP node contains a matching group entry; create a new group entry in the first LDAP node using the second value of the membership attribute from the change request based on a determination that the first LDAP node does not contain a matching group entry; change content of the new group in view of the identifier of the group, wherein the second value of the membership attribute designated for indicating LDAP group membership of the particular individual data entry is an identifier of the new group entry; determine whether the one or more group entries is not associated with any of the one or more individual data entries via the membership attribute; and delete the one or more group entries that are not associated with any of the one or more individual data entries via the membership attribute.
-
-
3. A non-transitory machine-accessible storage medium including data that, when accessed by a processing device, cause the computer to execute operations comprising:
-
configuring a Lightweight Directory Access Protocol (LDAP) directory comprising a first LDAP node and a second LDAP node, the first LDAP node comprising one or more group entries each representing a group, wherein the group is a static group, and the second LDAP node comprising one or more individual data entries in a directory, each of the individual data entries in the second LDAP node being associated with one or more group entries of the first LDAP node via a membership attribute; receiving an identifier of the group; receiving a change request to change a first value of the membership attribute of a particular individual data entry in the second LDAP node to a second value, wherein the first value and the second value are identifiers of the groups; determining whether the first LDAP node contains a group entry in the one or more group entries that matches; associating the particular individual data entry with the group entry that matches the second value based on a determination that the first LDAP node contains a matching group entry; creating a new group entry in the first LDAP node using the second value of the membership attribute from the change request based on a determination that the first LDAP node does not contain a matching group entry; changing content of the new group in view of the identifier of the group, wherein the second value of the membership attribute designated for indicating LDAP group membership of the particular individual data entry is an identifier of the new group entry; determining, by a processing device, whether the one or more group entries is not associated with any of the one or more individual data entries via the membership attribute; and deleting the one or more group entries that are not associated with any of the one or more individual data entries via the membership attribute.
-
Specification