| Patent application number | Description | Published |
|---|
| 20080222161 | Distributed Directory Deployment - Each LDIF entry of a directory tree is read, split to a domain of LDIF fragments (corresponding to backend servers) and written to each LDIF fragment. The split may be accomplished through a hash function, establishing, for that iteration of LDIF entry, a write file. The LDIF entry is appended to the write file. A subsequent LDIF entry is read. A corresponding LDIF fragment is determined, which need not be different from the LDIF fragment to which the first LDIF entry was written. The current LDIF entry is written to the currently selected write file. The process continues until all LDIF entries are exhausted from the directory tree. LDIF fragments are each copied to distinct backend servers, where, each LDIF fragment may be loaded into a distributed directory data structure. | 09-11-2008 |
| 20090019514 | METHOD AND SYSTEM FOR ENFORCING PASSWORD POLICY IN A DISTRIBUTED DIRECTORY - The invention describes techniques for enforcing password policy within a distributed directory environment that includes one or more distributed directory servers and a proxy server that acts as an intermediate agent between a client and the distributed directory environment. In one aspect, the proxy server is enhanced to support the passing (from the backend server to the client) of password policy controls. In particular, controls returned from a backend server are parsed and cached (for re-use) for the life of a given client connection. According to another aspect, the proxy server ensures that all compare operations for a single user's password are directed to the same backend server in the distributed directory environment. This insures that a user's most current password is used, and that failed operation counts, resets and operational attributes are up-to-date. According to still another aspect, the proxy server enforces password policy on bind plug-ins and, in particular, through a pair of pre-bind and post-bind extended operations. In particular, pre-bind processing includes checking if an account is locked. Post-bind processing includes checking for expired passwords, grace logins and updating failed/successful bind counters. | 01-15-2009 |
| 20090019533 | METHOD AND SYSTEM FOR ENFORCING PASSWORD POLICY FOR AN EXTERNAL BIND OPERATION IN A DISTRIBUTED DIRECTORY - The invention describes techniques for enforcing password policy within a distributed directory environment that includes one or more distributed directory servers and a proxy server that acts as an intermediate agent between a client and the distributed directory environment. In one aspect, the proxy server is enhanced to support the passing (from the backend server to the client) of password policy controls. In particular, controls returned from a backend server are parsed and cached (for re-use) for the life of a given client connection. According to another aspect, the proxy server ensures that all compare operations for a single user's password are directed to the same backend server in the distributed directory environment. This insures that a user's most current password is used, and that failed operation counts, resets and operational attributes are up-to-date. According to still another aspect, the proxy server enforces password policy on bind plug-ins and, in particular, through a pair of pre-bind and post-bind extended operations. In particular, pre-bind processing includes checking if an account is locked. Post-bind processing includes checking for expired passwords, grace logins and updating failed/successful bind counters. | 01-15-2009 |
| 20090037427 | REDISTRIBUTING A DISTRIBUTED DATABASE - Illustrative embodiments provide a method for redistributing data in a distributed database. The method provides a set of servers, each of which having a respective portion of the distributed database resident thereon, and for routing requests to the set of servers by means of a proxy server. Responsive to a redistribution request to redistribute the distributed database among the set of servers from a first distribution to a second distribution, setting a flag in the proxy server indicating that redistribution is in progress. Further storing configuration data for the first distribution and the second distribution in the proxy server, and redistributing the data in the distributed database in accordance with the configuration data. | 02-05-2009 |
| 20090178105 | REDUCING OVERHEAD ASSOCIATED WITH DISTRIBUTED PASSWORD POLICY ENFORCEMENT OPERATIONS - A computer implemented method, data processing system, and computer program product for reducing the overhead associated with distributed password policy enforcement operations using a proxy server. when a proxy server provides a request from a client to a backend directory server, the proxy server determines whether a password policy check is required to be performed at the backend directory server. If a password policy check is not required to be performed at the backend directory server, the proxy server sends the client request together with a skip password policy control to the backend directory server. This skip password policy control informs the backend directory server to skip the password policy check on the client request. | 07-09-2009 |
| 20090178106 | PASSWORD POLICY ENFORCEMENT IN A DISTRIBUTED DIRECTORY WHEN POLICY INFORMATION IS DISTRIBUTED - A computer implemented method, data processing system, and computer program product for password policy enforcement in a distributed directory when policy information is distributed. When a proxy server is providing a request from a client to a backend directory server, the proxy server performs a series of LDAP operations on a targeted set of backend directory servers to collect password policy information applicable to a target user. The password policy information applicable to the target user is partitioned and distributed across the plurality of backend directory servers. When the password policy information for the target user has been collected, the proxy server evaluates the collected password policy information to determine an effective password policy for the target user. The proxy server then sends the request and subsequent requests with the effective password policy to a backend directory server. | 07-09-2009 |
| 20090193013 | METHOD FOR STORING MESSAGES IN A DIRECTORY - A method, system, and computer usable program product for storing messages in a directory executing in a data processing system are provided in the illustrative embodiments. A message is received over a network and identified in the directory. A base message entry that corresponds to the message is selected in a hierarchy of entries in the directory. A message instance entry for the message is created, such that the message instance entry becomes a child entry of the base message entry in the hierarchy. | 07-30-2009 |
| 20090216779 | TRANSFERRING MESSAGES TO A DIRECTORY - A method, system, and computer usable program product for transferring messages to a directory are provided in the illustrative embodiments. A listing of message templates that is stored in a computer usable storage medium is received. A list of messages is received. The listing of message templates is loaded in a directory. The directory executes in a data processing system and is configured to store messages. The list of messages are loaded in the directory. Messages are loaded in the directory by receiving a list of messages in the directory. A message is selected and identified from the list of messages. A determination is made if the message corresponds to an existing base message entry in the directory. A message instance entry is created in relation to the existing base message entry if the message corresponds to an existing base message entry and the message is otherwise handled if not. | 08-27-2009 |
| 20090234805 | SORTED SEARCH IN A DISTRIBUTED DIRECTORY ENVIRONMENT USING A PROXY SERVER - A mechanism for performing a sorted search in a distributed directory environment using a proxy server. A sorted search request for a set of top entries is sent to each backend server. The proxy server identifies a target server which returned a top entry in the set and sends another sorted search request to the target server for all entries having a sort order higher than or equal to the top entry and a sort order lower than or equal to the next top entry of the set, and returns the entries to a requesting client. The proxy server sends another sorted search request to the target server for a new top entry having a sort order greater than the next top entry and adds the new top entry to the set. The proxy server returns to the evaluating step until no top entries remain in the set. | 09-17-2009 |
| 20090254579 | DEPLOYING DIRECTORY INSTANCES - A method, system, and computer usable program product for deploying directory instances are provided in the illustrative embodiments. A configuration of an existing directory instance is cloned to the new directory instance. The existing directory instance may execute in a first data processing system and the new directory instance may execute in a second data processing system. A schema of the existing directory instance is cloned to the new directory instance. A determination is made whether the new directory instance is a peer of the existing directory instance. Data from the existing directory instance is cloned to the new directory instance if the new directory instance is a peer of the existing directory instance. The new directory instance is made operational in a directory topology. | 10-08-2009 |
| 20090313468 | CERTIFICATE RENEWAL USING SECURE HANDSHAKE - A method, system, and computer usable program product for certificate renewal using a secure handshake are provided in the illustrative embodiments. A determination is made, forming an expiration determination, whether a validity period associated with a certificate ends within a predetermined period from a time of receiving the certificate. If the expiration determination is true, a holder of the certificate is notified about the expiration. The holder may be an application executing in a data processing system or the data processing system itself. A new certificate is requested on behalf of the holder. The requested new certificate is received. The new certificate is sent to the holder of the certificate over a network. | 12-17-2009 |
| 20090327708 | CERTIFICATE DISTRIBUTION USING SECURE HANDSHAKE - A method, system, and computer usable program product for certificate distribution using a secure handshake are provided in the illustrative embodiments. A client sends an indication in a request, the request being a part of a secure data communication with a server. The indication indicates an ability of the client to accept a certificate as a part of a response from the server. The server retrieves a new certificate. The server sends as a result of the indication, a new certificate in the response corresponding to the request. The client receives as a result of the indication, the new certificate in a response that corresponds to the request. The client separates the new certificate from the response and uses the new certificate in the secure data communication with the server. The server uses the new certificate in the secure data communication with the client. | 12-31-2009 |
| 20100036952 | LOAD BALANCING USING REPLICATION DELAY - A method, system, and computer usable program product for load balancing using replication delay are provided in the illustrative embodiments. In response to a request to update, a system updates data associated with a write server, forming updated data of a data partition. The system receives a read request for the data partition. The system calculates a time difference between an arrival time of the request to update and an arrival time of the read request. The system receives a set of average replication delays for a set of replica servers serving the data partition. The system directs the read request to a replica server in the set of replica servers whose average replication delay is less than or equal to the time difference. | 02-11-2010 |
| 20100057697 | VIRTUAL LIST VIEW SUPPORT IN A DISTRIBUTED DIRECTORY - A computer implemented method, data processing system, and computer program product for performing a virtual list view search in a distributed directory environment using a proxy server. The mechanism described in the illustrative embodiments enables a proxy server to provide virtual list view search support in a distributed directory environment when data is partitioned across multiple directory servers | 03-04-2010 |
| 20100061233 | FLOW CONTROL IN A DISTRIBUTED ENVIRONMENT - A computer implemented method, apparatus, and computer program product for managing requests. Responsive to receiving a request from a client, a determination is made as to whether a connection within a pool of connections has a set of outstanding requests for the client to handle a previous request from the same client. Responsive to a determination that the connection has any outstanding request, a determination is made as to whether a set of requests queued for the connection is equal to or exceeds a threshold. Responsive to a determination that the set of outstanding requests is equal to or exceeds the threshold, subsequent requests from the client are unprocessed until the set of outstanding requests becomes less than the threshold. | 03-11-2010 |
| 20100241688 | TRANSMITTING INFORMATION ABOUT DISTRIBUTED GROUP MEMBERSHIPS - A method, system, and computer usable program product for transmitting information about dynamic group memberships of an entry stored in a computer memory are provided in the illustrative embodiments. A set of dynamic group filters is received from a server in a distributed data environment. The set of dynamic group filters provides a set of attributes. A determination is made whether the entry includes a subset of the set of attributes. A request for dynamic group memberships of the entry is sent to the server. The request includes the subset of attributes and excludes attributes not used by any of the dynamic group filters. Information about at least one dynamic group of which the entry is a member is received for evaluation. A proxy server may receive the request for dynamic group filters and distribute the request to one or more servers in a distributed data environment. | 09-23-2010 |
| 20100274769 | MANAGING DELETED DIRECTORY ENTRIES - A method, system, and computer usable program product for managing deleted directory entries are provided in the illustrative embodiments. An instruction to delete the entry is received. A second entry that includes a reference to the entry is identified. A third entry including information to be preserved from the entry is added in a deleted entries subtree. The third entry is modified to include the reference information from the second entry. The third entry is saved such that during a restore of the entry the third entry provides the information to restore the entry and the reference to the entry. The third entry may include a set of attributes that store an identifier of the second entry. The entry is restored from the third entry and made available in the directory. A reference is recreated in the second entry to the restored entry forming a restored second entry. | 10-28-2010 |
| 20100275059 | PRESERVING REFERENCES TO DELETED DIRECTORY ENTRIES - A method, system, and computer usable program product for preserving references to deleted directory entries are provided in the illustrative embodiments. An instruction to delete an entry is received. A second entry referencing the entry is identified. The second entry is marked as a ghost reference to the entry. The entry is converted to a deleted entry. A ghost attribute with a value of “false” may be added to the entry. A ghost attribute or tag with a value of “false” may be added to the second entry. The ghost tag may correspond to an attribute of the second entry that references the entry. An entry may be deleted by setting a value of a ghost attribute in the entry to true. The second entry may be marked as the ghost reference by setting a value of a ghost attribute or a ghost tag in the second entry to true. | 10-28-2010 |
| 20100318541 | Filter Range Bound Paged Search - A filter range based search control to request a range of data from one or more directory servers. A directory server receives a search request from a client application comprising a search filter control defining a set of requested data, a sort control defining a sorting order of the set of requested data, and a range filter control defining a range of entries in the requested data. Data entries matching a search value defined in the search filter control and sorted according to sort attributes defined in the sort control are obtained from a set of directories associated with the directory server to form a sorted list of matching entries. A subset of data entries in the sorted list that match a range value defined in the range filter control are collected, and a response comprising the collected subset of data entries is then sent to the client application. | 12-16-2010 |
| 20110029683 | Real-time Attribute Processor and Syntax Schema for Directory Access Protocol Services - A processor which cooperates with directory servers to handle requests for values of dynamic attributes which would otherwise present a real-time processing challenge to the directory server due to the server's dependence on the data normally being static in nature. Special schema syntax identifiers are used to identify dynamic attributes which then are not stored directly in the directory, but whose values are resolved at the time a read request is made for those attributes. This approach eliminates the need to store the dynamic information in the directory, and allows user-supplied modules to perform the resolution of the dynamic attributes in a real-time manner, including not only retrieving a value from a dynamic data source, but optionally performing calculations or manipulations on the data as well. One embodiment of the invention cooperates with Lightweight Directory Access Protocol (“LDAP”) directory servers. | 02-03-2011 |
| 20110082879 | Proxy Support For Special Subtree Entries In A Directory Information Tree Using Attribute Rules - A mechanism for providing proxy support for special subtree entries in a directory information tree by defining filters at the proxy level to indicate relationships between main subtree entries and associated special subtree entries. A proxy server receives a request from a client for a special subtree entry and determines whether the distinguished name of the main subtree entry can be built using information in the request and pre-defined relationships between the main subtree entry and the requested subtree entry. If so, the proxy server builds the distinguished name of the main subtree entry associated with the special subtree entry and applies a partitioning filter to the distinguished name of the main subtree entry to determine a target directory server in the plurality of backend directory servers that comprise the special subtree. The proxy server then sends the request to the target directory server. | 04-07-2011 |
| 20110106822 | Virtual List View Support in a Distributed Directory - A computer implemented method, data processing system, and computer program product for performing a virtual list view search in a distributed directory environment using a proxy server. The mechanism described in the illustrative embodiments enables a proxy server to provide virtual list view search support in a distributed directory environment when data is partitioned across multiple directory servers. | 05-05-2011 |
