| Patent application number | Description | Published |
|---|
| 20080216080 | Method and system to alleviate denial-of-service conditions on a server - A method is presented for processing data in a multithreaded application to alleviate impaired or substandard performance conditions. Work items that are pending processing by the multithreaded application are placed into a data structure. The work items are processed by a plurality of threads within the multithreaded application in accordance with a first algorithm, e.g., first-in first-out (FIFO). A thread within the multithreaded application is configured apart from the plurality of threads such that it processes work items in accordance with a second algorithm that differs from the first algorithm, thereby avoiding the impairing condition. For example, the thread may process a pending work item only if it has a particular characteristic. The thread restricts its own processing of work items by intermittently evaluating workflow conditions for the plurality of threads; if the workflow conditions improve or are unimpaired, then the thread does not process any work items. | 09-04-2008 |
| 20090019514 | METHOD AND SYSTEM FOR ENFORCING PASSWORD POLICY IN A DISTRIBUTED DIRECTORY - The invention describes techniques for enforcing password policy within a distributed directory environment that includes one or more distributed directory servers and a proxy server that acts as an intermediate agent between a client and the distributed directory environment. In one aspect, the proxy server is enhanced to support the passing (from the backend server to the client) of password policy controls. In particular, controls returned from a backend server are parsed and cached (for re-use) for the life of a given client connection. According to another aspect, the proxy server ensures that all compare operations for a single user's password are directed to the same backend server in the distributed directory environment. This insures that a user's most current password is used, and that failed operation counts, resets and operational attributes are up-to-date. According to still another aspect, the proxy server enforces password policy on bind plug-ins and, in particular, through a pair of pre-bind and post-bind extended operations. In particular, pre-bind processing includes checking if an account is locked. Post-bind processing includes checking for expired passwords, grace logins and updating failed/successful bind counters. | 01-15-2009 |
| 20090019533 | METHOD AND SYSTEM FOR ENFORCING PASSWORD POLICY FOR AN EXTERNAL BIND OPERATION IN A DISTRIBUTED DIRECTORY - The invention describes techniques for enforcing password policy within a distributed directory environment that includes one or more distributed directory servers and a proxy server that acts as an intermediate agent between a client and the distributed directory environment. In one aspect, the proxy server is enhanced to support the passing (from the backend server to the client) of password policy controls. In particular, controls returned from a backend server are parsed and cached (for re-use) for the life of a given client connection. According to another aspect, the proxy server ensures that all compare operations for a single user's password are directed to the same backend server in the distributed directory environment. This insures that a user's most current password is used, and that failed operation counts, resets and operational attributes are up-to-date. According to still another aspect, the proxy server enforces password policy on bind plug-ins and, in particular, through a pair of pre-bind and post-bind extended operations. In particular, pre-bind processing includes checking if an account is locked. Post-bind processing includes checking for expired passwords, grace logins and updating failed/successful bind counters. | 01-15-2009 |
| 20090037427 | REDISTRIBUTING A DISTRIBUTED DATABASE - Illustrative embodiments provide a method for redistributing data in a distributed database. The method provides a set of servers, each of which having a respective portion of the distributed database resident thereon, and for routing requests to the set of servers by means of a proxy server. Responsive to a redistribution request to redistribute the distributed database among the set of servers from a first distribution to a second distribution, setting a flag in the proxy server indicating that redistribution is in progress. Further storing configuration data for the first distribution and the second distribution in the proxy server, and redistributing the data in the distributed database in accordance with the configuration data. | 02-05-2009 |
| 20090157777 | DYNAMICALLY ADDING PARTITIONS TO BE DISTRIBUTED DIRECTORY SETUP WITH NO DOWNTIME - Dynamically adding n partitions to a distributed directory setup having x existing servers by modifying the configuration file to include the n new servers and implementing a replication setup mechanism with agreements to x+n−1 servers. The migration to dynamically add partitions is carried out while continuing to serve clients. | 06-18-2009 |
| 20090178105 | REDUCING OVERHEAD ASSOCIATED WITH DISTRIBUTED PASSWORD POLICY ENFORCEMENT OPERATIONS - A computer implemented method, data processing system, and computer program product for reducing the overhead associated with distributed password policy enforcement operations using a proxy server. when a proxy server provides a request from a client to a backend directory server, the proxy server determines whether a password policy check is required to be performed at the backend directory server. If a password policy check is not required to be performed at the backend directory server, the proxy server sends the client request together with a skip password policy control to the backend directory server. This skip password policy control informs the backend directory server to skip the password policy check on the client request. | 07-09-2009 |
| 20090178106 | PASSWORD POLICY ENFORCEMENT IN A DISTRIBUTED DIRECTORY WHEN POLICY INFORMATION IS DISTRIBUTED - A computer implemented method, data processing system, and computer program product for password policy enforcement in a distributed directory when policy information is distributed. When a proxy server is providing a request from a client to a backend directory server, the proxy server performs a series of LDAP operations on a targeted set of backend directory servers to collect password policy information applicable to a target user. The password policy information applicable to the target user is partitioned and distributed across the plurality of backend directory servers. When the password policy information for the target user has been collected, the proxy server evaluates the collected password policy information to determine an effective password policy for the target user. The proxy server then sends the request and subsequent requests with the effective password policy to a backend directory server. | 07-09-2009 |
| 20090193013 | METHOD FOR STORING MESSAGES IN A DIRECTORY - A method, system, and computer usable program product for storing messages in a directory executing in a data processing system are provided in the illustrative embodiments. A message is received over a network and identified in the directory. A base message entry that corresponds to the message is selected in a hierarchy of entries in the directory. A message instance entry for the message is created, such that the message instance entry becomes a child entry of the base message entry in the hierarchy. | 07-30-2009 |
| 20090216779 | TRANSFERRING MESSAGES TO A DIRECTORY - A method, system, and computer usable program product for transferring messages to a directory are provided in the illustrative embodiments. A listing of message templates that is stored in a computer usable storage medium is received. A list of messages is received. The listing of message templates is loaded in a directory. The directory executes in a data processing system and is configured to store messages. The list of messages are loaded in the directory. Messages are loaded in the directory by receiving a list of messages in the directory. A message is selected and identified from the list of messages. A determination is made if the message corresponds to an existing base message entry in the directory. A message instance entry is created in relation to the existing base message entry if the message corresponds to an existing base message entry and the message is otherwise handled if not. | 08-27-2009 |
| 20090254579 | DEPLOYING DIRECTORY INSTANCES - A method, system, and computer usable program product for deploying directory instances are provided in the illustrative embodiments. A configuration of an existing directory instance is cloned to the new directory instance. The existing directory instance may execute in a first data processing system and the new directory instance may execute in a second data processing system. A schema of the existing directory instance is cloned to the new directory instance. A determination is made whether the new directory instance is a peer of the existing directory instance. Data from the existing directory instance is cloned to the new directory instance if the new directory instance is a peer of the existing directory instance. The new directory instance is made operational in a directory topology. | 10-08-2009 |
| 20100241688 | TRANSMITTING INFORMATION ABOUT DISTRIBUTED GROUP MEMBERSHIPS - A method, system, and computer usable program product for transmitting information about dynamic group memberships of an entry stored in a computer memory are provided in the illustrative embodiments. A set of dynamic group filters is received from a server in a distributed data environment. The set of dynamic group filters provides a set of attributes. A determination is made whether the entry includes a subset of the set of attributes. A request for dynamic group memberships of the entry is sent to the server. The request includes the subset of attributes and excludes attributes not used by any of the dynamic group filters. Information about at least one dynamic group of which the entry is a member is received for evaluation. A proxy server may receive the request for dynamic group filters and distribute the request to one or more servers in a distributed data environment. | 09-23-2010 |
| 20100274769 | MANAGING DELETED DIRECTORY ENTRIES - A method, system, and computer usable program product for managing deleted directory entries are provided in the illustrative embodiments. An instruction to delete the entry is received. A second entry that includes a reference to the entry is identified. A third entry including information to be preserved from the entry is added in a deleted entries subtree. The third entry is modified to include the reference information from the second entry. The third entry is saved such that during a restore of the entry the third entry provides the information to restore the entry and the reference to the entry. The third entry may include a set of attributes that store an identifier of the second entry. The entry is restored from the third entry and made available in the directory. A reference is recreated in the second entry to the restored entry forming a restored second entry. | 10-28-2010 |
| 20100275059 | PRESERVING REFERENCES TO DELETED DIRECTORY ENTRIES - A method, system, and computer usable program product for preserving references to deleted directory entries are provided in the illustrative embodiments. An instruction to delete an entry is received. A second entry referencing the entry is identified. The second entry is marked as a ghost reference to the entry. The entry is converted to a deleted entry. A ghost attribute with a value of “false” may be added to the entry. A ghost attribute or tag with a value of “false” may be added to the second entry. The ghost tag may correspond to an attribute of the second entry that references the entry. An entry may be deleted by setting a value of a ghost attribute in the entry to true. The second entry may be marked as the ghost reference by setting a value of a ghost attribute or a ghost tag in the second entry to true. | 10-28-2010 |
| 20110082879 | Proxy Support For Special Subtree Entries In A Directory Information Tree Using Attribute Rules - A mechanism for providing proxy support for special subtree entries in a directory information tree by defining filters at the proxy level to indicate relationships between main subtree entries and associated special subtree entries. A proxy server receives a request from a client for a special subtree entry and determines whether the distinguished name of the main subtree entry can be built using information in the request and pre-defined relationships between the main subtree entry and the requested subtree entry. If so, the proxy server builds the distinguished name of the main subtree entry associated with the special subtree entry and applies a partitioning filter to the distinguished name of the main subtree entry to determine a target directory server in the plurality of backend directory servers that comprise the special subtree. The proxy server then sends the request to the target directory server. | 04-07-2011 |
