Browse Prior Art Database

A method for dynamically creating a sparsely populated subset of a directory.

IP.com Disclosure Number: IPCOM000033498D
Original Publication Date: 2004-Dec-13
Included in the Prior Art Database: 2004-Dec-13
Document File: 4 page(s) / 41K

Publishing Venue

IBM

This text was extracted from a PDF file.
At least one non-text object (such as an image or picture) has been suppressed.
This is the abbreviated version, containing approximately 53% of the total text.

Page 1 of 4

A method for dynamically creating a sparsely populated subset of a directory .

Overview:

Disclosed is a method for creating for creating a sparsely populated, loosely coupled directory server authentication cache for an Lightweight Directory Access Protocol (LDAP) based directory server. This cache can be used to keep a subset of authentication information from a master directory server locally.

Terminology.

For the purposes of this discussion two terms are introduced:

Local directory: An LDAP based directory server on which this specific technique being disclosed is employed.

Master Directory: An LDAP based directory server which is the master server for accounts (e.g. inetOrgPerson directory entries) and account administration.

Disclosure:

It may be desirable or necessary for a directory server to make use an authentication master directory server which is not tightly coupled to the local directory server.

In such circumstances the local directory may not have sufficient resources to be a full replica of the master or the local directory may only wish to obtain authentication services from the master, or the local directory may wish to remain loosely coupled from the master for other reasons (availability, speed, alternate schema, etc). Additionally the local directory may not even have the permission necessary to replicate the master directory.

What is proposed here is a way to obtain authentication services from a master directory while keeping a local directory completely separate and detached from the master.

The local directory is only dependent on the master for authentication services and even then only when accounts are initiated in the local directory or established account passwords are changed at the master. This gives the local directory the ability to be relatively detached from the master while providing a common authentication mechanism with the master. So a completely separate local schema and/or local availability and processing situations are possible.

1

Page 2 of 4

Fig 1. Overall architecture.

The key is in the bind function (See Fig. 2). The bin...