Browse Prior Art Database

System and method to support multiple environment requirements in a centralized information management environment

IP.com Disclosure Number: IPCOM000033915D
Original Publication Date: 2005-Jan-04
Included in the Prior Art Database: 2005-Jan-04
Document File: 4 page(s) / 79K

Publishing Venue

IBM

Abstract

Current user directories address the problem of having to administer users on each node of a network system separately, by centralizing user information in one place. However, current user directories implementation force same user attributes on all the nodes of the network participating in the domain that the registries control. In other words, the current user directories do not allow for different user attributes for different computer systems. All systems participating in (using) the same central registry have to be content with same user limits, disk space, cpu time, number of opened files, etc... In this paper we detail one possible solution to address the need for the same user to have different attributes on different nodes while maintaining user management in a central registry.

This text was extracted from a PDF file.
At least one non-text object (such as an image or picture) has been suppressed.
This is the abbreviated version, containing approximately 48% of the total text.

Page 1 of 4

System and method to support multiple environment requirements in a centralized information management environment

Before this solution, in order to address the need for different user attributes on different nodes, the administrator had to create multiple registries with each registry providing different attributes of the same users, complicating the job of the administrator. In addition, there was no distinction between attribute sets in a centralized user registry, and all attributes are associated with the base user entry as shown in figure 1.

An example scenario is an SP system which exploits the solution of directory enabled user authentication and management. An SP system is composed of a cluster of nodes. Some of the nodes are designated as login nodes and some as working nodes (see figure 1). Users can only login to the login nodes, to submit their jobs which will run on the working nodes. Intuitively, the resources, CPU time, disk space, etc... needed by users on the working nodes to run their jobs are much greater than the same resources needed on the login nodes. Many customers require that a user be given one set of resource limits on the login nodes and another set of resource limits on the working nodes. But the current directory solution does not provide such functionality.

host2

Directory Server

Cluster

Figure 1. Current user data organization in a typical LDAP directory and usage by a cluster of systems

user subtree

uid=user1

Login nodes

host1 host5 host3

host4 host6

CWS

Compute nodes

uid=user1

base attrs

base attrs

ext. attrs

ext. attrs

1

[This page contains 3 pictures or other non-text objects]

Page 2 of 4

All of the nodes in the cluster are configured to use the global user registry in the directory. Regardless whether a user is running simple job on a login node or running a batch job on a compute node, the resource limits for the user are the same.

Some existing directory implementations solve this problem by storing only basic user attributes in the directory, while leaving the rest of user attributes to be handled locally by each system of the domain. Such implementations do not fully exploit the directory. They leave the administrator with the burden to manage host specific user information on each system, separately.

This article provides for a solution where the administrator has a much more granular control on the users while still using a single directory. Simplifying the administrator's job tremendously and allowing for more granular control for each machine which eventually lead to a better security on the network.

The proposed solution features a directory which not only support users with one set of fixed basic attributes, but also multiple sets of extended attributes, possibly one set per host. While all of the systems in the same domain, sharing the same directory, make use of the basic attributes, different systems can use different extended attributes. This solution would allow an administrato...