Browse Prior Art Database

A way and method to export and import LDAP abstract ACL rules

IP.com Disclosure Number: IPCOM000237866D
Publication Date: 2014-Jul-17
Document File: 4 page(s) / 83K

Publishing Venue

The IP.com Prior Art Database

Abstract

a way and method is defined to extract and build abstract ACL rule from LDAP server A and then import into LDAP server B, that would save a lot time and effort for administrator to build ACL in LDAP server B.

This text was extracted from a PDF file.
This is the abbreviated version, containing approximately 52% of the total text.

Page 01 of 4

A way and method to export and import LDAP abstract ACL rules

A Light Weight Directory Access Protocol(LDAP) directory is a collection of "entries". Each entry has a name(called the Distinguished Name) and a list of attribute value. The entries in a directory are organized in a tree structure, with major groupings that are subdivided into smaller units. A directory might contain several organization entries, each of which contains several organizationUnit entries. These entries can be further subdivided.

LDAP provides search operations that be performed over specified portions of the directory tree. Tree and subtrees, therefore, are a natural way to deal with data stored in an LDAP directory.

Entries and attributes correspond to a wide variety of data types such as personnel information, server configuration, business relationships ,and user preferences. Since all entries are stored within a single directory, a method is required to restrict the availability of specific information to authorized users.

The method used to control access is via Access Control Lists(ACL). The Directory Server Administrator creates some basic ACL rules that grant permission to certain users to access various information in the directory. And administrator and users can also create additional ACL rules according to their customized requirements.

Attributes requiring similar permission for access are grouped together in classes. Attributes are assigned to an attribute access class within the schema definitions. An attribute in the LDAP server schema entry holds the attribute type's access class. The three attribute access classes are: normal, sensitive and critical. By default, all users have read access to normal attributes.

LDAP can be used in different areas in order for authentication and authorization, for example, store enterprise organization and personnel information, or infrastructure services information, or configuration information, etc. Sometimes in the same area, LDAP server Aand LDAP server Bmay use similar(but not exactly the same) ACL rules. If a way and method could be defined to extract and build abstract ACL rule from LDAP server Aand then import into LDAP server B, that would save a lot time and effort for administrator to build ACL in LDAP server B


B.

               .However, using current LDAP server, ACL information can not be exported and imported from one server to another. So, in this disclosure, a method and way is proposed to extract and build abstract ACL rule that is exportable and importable.

Although two LDAP servers may be used to store information in the same area, their DIT data would not be exactly the same. So it is not feasible to re-use the ACL rule directly from another LDAP server. But it is similar, so firstly the abs...