-
公开(公告)号:US08321662B2
公开(公告)日:2012-11-27
申请号:US12117031
申请日:2008-05-08
IPC分类号: H04L29/06
CPC分类号: H04L9/3268 , H04L9/3271 , H04L63/061 , H04L63/0823 , H04L2209/80
摘要: A method, system, and computer usable program product for certificate renewal using a secure handshake are provided in the illustrative embodiments. A determination is made, forming an expiration determination, whether a validity period associated with a certificate ends within a predetermined period from a time of receiving the certificate. If the expiration determination is true, a holder of the certificate is notified about the expiration. The holder may be an application executing in a data processing system or the data processing system itself. A new certificate is requested on behalf of the holder. The requested new certificate is received. The new certificate is sent to the holder of the certificate over a network.
摘要翻译: 在说明性实施例中提供了用于使用安全握手进行证书更新的方法,系统和计算机可用程序产品。 进行确定,形成到期确定,与证书相关联的有效期是否在从接收证书的时间开始的预定时间段内结束。 如果到期确定为真,则通知证书的持有人有关到期。 持有者可以是在数据处理系统或数据处理系统本身中执行的应用程序。 代表持有人要求新的证书。 收到所请求的新证书。 新证书通过网络发送给证书持有人。
-
公开(公告)号:US08219565B2
公开(公告)日:2012-07-10
申请号:US12484435
申请日:2009-06-15
CPC分类号: G06F17/30389 , H04L61/1517 , H04L61/1523
摘要: A filter range based search control to request a range of data from one or more directory servers. A directory server receives a search request from a client application comprising a search filter control defining a set of requested data, a sort control defining a sorting order of the set of requested data, and a range filter control defining a range of entries in the requested data. Data entries matching a search value defined in the search filter control and sorted according to sort attributes defined in the sort control are obtained from a set of directories associated with the directory server to form a sorted list of matching entries. A subset of data entries in the sorted list that match a range value defined in the range filter control are collected, and a response comprising the collected subset of data entries is then sent to the client application.
摘要翻译: 基于过滤器范围的搜索控制,以从一个或多个目录服务器请求一系列数据。 目录服务器从包括定义一组请求数据的搜索过滤器控件的客户端应用程序接收搜索请求,定义所请求数据集合的排序顺序的分类控件以及定义所请求数据中的条目范围的范围过滤器控件 数据。 从与目录服务器相关联的一组目录获得与搜索过滤器控件中定义的搜索值匹配并根据排序控件中定义的排序属性进行排序的数据条目,以形成匹配条目的排序列表。 收集排序列表中与范围过滤器控件中定义的范围值匹配的数据条目的子集,然后将包含收集的数据条目子集的响应发送到客户端应用程序。
-
公开(公告)号:US20100241688A1
公开(公告)日:2010-09-23
申请号:US12407038
申请日:2009-03-19
IPC分类号: G06F15/16 , G06F15/173
CPC分类号: G06F17/3089
摘要: A method, system, and computer usable program product for transmitting information about dynamic group memberships of an entry stored in a computer memory are provided in the illustrative embodiments. A set of dynamic group filters is received from a server in a distributed data environment. The set of dynamic group filters provides a set of attributes. A determination is made whether the entry includes a subset of the set of attributes. A request for dynamic group memberships of the entry is sent to the server. The request includes the subset of attributes and excludes attributes not used by any of the dynamic group filters. Information about at least one dynamic group of which the entry is a member is received for evaluation. A proxy server may receive the request for dynamic group filters and distribute the request to one or more servers in a distributed data environment.
摘要翻译: 在说明性实施例中提供了用于传送关于存储在计算机存储器中的条目的动态组成员资格的信息的方法,系统和计算机可用程序产品。 从分布式数据环境中的服务器接收一组动态组过滤器。 动态组过滤器提供了一组属性。 确定条目是否包括该属性集的子集。 对该条目的动态组成员资格的请求被发送到服务器。 该请求包括属性子集,并排除任何动态组过滤器未使用的属性。 接收关于该条目是成员的至少一个动态组的信息用于评估。 代理服务器可以接收动态组过滤器的请求,并将请求分发到分布式数据环境中的一个或多个服务器。
-
公开(公告)号:US07801848B2
公开(公告)日:2010-09-21
申请号:US11832966
申请日:2007-08-02
IPC分类号: G06F17/30
CPC分类号: G06F17/30584
摘要: Illustrative embodiments provide a method for redistributing data in a distributed database. The method provides a set of servers, each of which having a respective portion of the distributed database resident thereon, and for routing requests to the set of servers by means of a proxy server. Responsive to a redistribution request to redistribute the distributed database among the set of servers from a first distribution to a second distribution, setting a flag in the proxy server indicating that redistribution is in progress. Further storing configuration data for the first distribution and the second distribution in the proxy server, and redistributing the data in the distributed database in accordance with the configuration data.
摘要翻译: 说明性实施例提供了一种在分布式数据库中重新分配数据的方法。 该方法提供一组服务器,每个服务器具有驻留在其上的分布式数据库的相应部分,并且用于通过代理服务器将请求路由到服务器集合。 响应于从第一分发到第二分发在所述服务器集合中重新分发分布式数据库的再分发请求,在代理服务器中设置指示再分配正在进行的标志。 在代理服务器中进一步存储用于第一分发和第二分发的配置数据,并根据配置数据重新分布在分布式数据库中的数据。
-
公开(公告)号:US20090254579A1
公开(公告)日:2009-10-08
申请号:US12061695
申请日:2008-04-03
申请人: Kristin Marie Hazlewood , Shevaun-Ann Michelle Fontenot , Yogesh Vilas Golwalkar , Gary Dale Williams
发明人: Kristin Marie Hazlewood , Shevaun-Ann Michelle Fontenot , Yogesh Vilas Golwalkar , Gary Dale Williams
IPC分类号: G06F17/30
CPC分类号: G06F17/30286 , H04L61/1523
摘要: A method, system, and computer usable program product for deploying directory instances are provided in the illustrative embodiments. A configuration of an existing directory instance is cloned to the new directory instance. The existing directory instance may execute in a first data processing system and the new directory instance may execute in a second data processing system. A schema of the existing directory instance is cloned to the new directory instance. A determination is made whether the new directory instance is a peer of the existing directory instance. Data from the existing directory instance is cloned to the new directory instance if the new directory instance is a peer of the existing directory instance. The new directory instance is made operational in a directory topology.
摘要翻译: 在说明性实施例中提供了用于部署目录实例的方法,系统和计算机可用程序产品。 现有目录实例的配置被克隆到新的目录实例。 现有的目录实例可以在第一数据处理系统中执行,并且新的目录实例可以在第二数据处理系统中执行。 现有目录实例的模式被克隆到新的目录实例。 确定新目录实例是否是现有目录实例的对等体。 如果新的目录实例是现有目录实例的对等体,则将现有目录实例中的数据克隆到新目录实例。 新目录实例在目录拓扑中可操作。
-
公开(公告)号:US20090193013A1
公开(公告)日:2009-07-30
申请号:US12022412
申请日:2008-01-30
CPC分类号: G06F17/30286
摘要: A method, system, and computer usable program product for storing messages in a directory executing in a data processing system are provided in the illustrative embodiments. A message is received over a network and identified in the directory. A base message entry that corresponds to the message is selected in a hierarchy of entries in the directory. A message instance entry for the message is created, such that the message instance entry becomes a child entry of the base message entry in the hierarchy.
摘要翻译: 在说明性实施例中提供了一种在数据处理系统中执行的目录中存储消息的方法,系统和计算机可用程序产品。 通过网络接收消息并在目录中标识。 在目录中的条目的层次结构中选择与消息对应的基本消息条目。 创建消息的消息实例条目,使消息实例条目成为层次结构中基本消息条目的子条目。
-
7.发明申请公开(公告)号:US20090178106A1
公开(公告)日:2009-07-09
申请号:US11971510
申请日:2008-01-09
IPC分类号: G06F21/00
CPC分类号: H04L63/20 , H04L63/083 , H04L63/0884
摘要: A computer implemented method, data processing system, and computer program product for password policy enforcement in a distributed directory when policy information is distributed. When a proxy server is providing a request from a client to a backend directory server, the proxy server performs a series of LDAP operations on a targeted set of backend directory servers to collect password policy information applicable to a target user. The password policy information applicable to the target user is partitioned and distributed across the plurality of backend directory servers. When the password policy information for the target user has been collected, the proxy server evaluates the collected password policy information to determine an effective password policy for the target user. The proxy server then sends the request and subsequent requests with the effective password policy to a backend directory server.
摘要翻译: 一种计算机实现的方法,数据处理系统和计算机程序产品,用于在分布式目录中分发策略信息时执行密码策略。 当代理服务器向客户端向后端目录服务器提供请求时,代理服务器对目标一组后端目录服务器执行一系列LDAP操作,以收集适用于目标用户的密码策略信息。 适用于目标用户的密码策略信息被分割并分布在多个后端目录服务器中。 当收集目标用户的密码策略信息时,代理服务器评估收集的密码策略信息,以确定目标用户的有效密码策略。 然后,代理服务器将具有有效密码策略的请求和后续请求发送到后端目录服务器。
-
公开(公告)号:US20090037427A1
公开(公告)日:2009-02-05
申请号:US11832966
申请日:2007-08-02
IPC分类号: G06F7/00
CPC分类号: G06F17/30584
摘要: Illustrative embodiments provide a method for redistributing data in a distributed database. The method provides a set of servers, each of which having a respective portion of the distributed database resident thereon, and for routing requests to the set of servers by means of a proxy server. Responsive to a redistribution request to redistribute the distributed database among the set of servers from a first distribution to a second distribution, setting a flag in the proxy server indicating that redistribution is in progress. Further storing configuration data for the first distribution and the second distribution in the proxy server, and redistributing the data in the distributed database in accordance with the configuration data.
摘要翻译: 说明性实施例提供了一种在分布式数据库中重新分配数据的方法。 该方法提供一组服务器,每个服务器具有驻留在其上的分布式数据库的相应部分,并且用于通过代理服务器将请求路由到服务器集合。 响应于从第一分发到第二分发在所述服务器集合中重新分发分布式数据库的再分发请求,在代理服务器中设置指示再分配正在进行的标志。 在代理服务器中进一步存储用于第一分发和第二分发的配置数据,并根据配置数据重新分布在分布式数据库中的数据。
-
公开(公告)号:US20080222161A1
公开(公告)日:2008-09-11
申请号:US12108416
申请日:2008-04-23
IPC分类号: G06F17/30
CPC分类号: G06F17/30067 , Y10S707/99943 , Y10S707/99953
摘要: Each LDIF entry of a directory tree is read, split to a domain of LDIF fragments (corresponding to backend servers) and written to each LDIF fragment. The split may be accomplished through a hash function, establishing, for that iteration of LDIF entry, a write file. The LDIF entry is appended to the write file. A subsequent LDIF entry is read. A corresponding LDIF fragment is determined, which need not be different from the LDIF fragment to which the first LDIF entry was written. The current LDIF entry is written to the currently selected write file. The process continues until all LDIF entries are exhausted from the directory tree. LDIF fragments are each copied to distinct backend servers, where, each LDIF fragment may be loaded into a distributed directory data structure.
摘要翻译: 读取目录树的每个LDIF条目,分割为LDIF片段的域(对应于后端服务器)并写入每个LDIF片段。 可以通过散列函数完成拆分,为LDIF条目的迭代建立写入文件。 LDIF条目附加到写入文件。 读取随后的LDIF条目。 确定对应的LDIF片段,其不需要与写入第一LDIF条目的LDIF片段不同。 当前的LDIF条目写入当前选择的写入文件。 该过程继续,直到所有LDIF条目从目录树中用尽。 LDIF片段都被复制到不同的后端服务器,其中每个LDIF片段可以被加载到分布式目录数据结构中。
-
10.发明授权公开(公告)号:US08935805B2
公开(公告)日:2015-01-13
申请号:US11776332
申请日:2007-07-11
CPC分类号: H04L63/0281 , H04L29/12084 , H04L61/1523 , H04L63/083 , H04L63/20
摘要: The invention describes techniques for enforcing password policy within a distributed directory environment that includes one or more distributed directory servers and a proxy server that acts as an intermediate agent between a client and the distributed directory environment. In one aspect, the proxy server is enhanced to support the passing (from the backend server to the client) of password policy controls. In particular, controls returned from a backend server are parsed and cached (for re-use) for the life of a given client connection. According to another aspect, the proxy server ensures that all compare operations for a single user's password are directed to the same backend server in the distributed directory environment. This insures that a user's most current password is used, and that failed operation counts, resets and operational attributes are up-to-date. According to still another aspect, the proxy server enforces password policy on bind plug-ins and, in particular, through a pair of pre-bind and post-bind extended operations. In particular, pre-bind processing includes checking if an account is locked. Post-bind processing includes checking for expired passwords, grace logins and updating failed/successful bind counters.
摘要翻译: 本发明描述了在包括一个或多个分布式目录服务器的分布式目录环境中执行密码策略的技术,以及充当客户机和分布式目录环境之间的中间代理的代理服务器。 在一个方面,代理服务器被增强以支持密码策略控制的传递(从后端服务器到客户端)。 特别是,在给定的客户端连接的使用寿命期间,从后端服务器返回的控件将被解析和缓存(重新使用)。 根据另一方面,代理服务器确保单个用户密码的所有比较操作被引导到分布式目录环境中的相同后端服务器。 这样可以确保用户最新的密码被使用,并且失败的操作计数,重置和操作属性是最新的。 根据另一方面,代理服务器在绑定插件上强制执行密码策略,特别是通过一对预绑定和后绑定扩展操作。 特别地,预绑定处理包括检查帐户是否被锁定。 后绑定处理包括检查过期的密码,宽限登录和更新失败/成功的绑定计数器。
-
-
-
-
-
-
-
-
-
搜索结果
49 条记录 (耗时 0.025 秒)
