公开(公告)号：US06356892B1

公开(公告)日：2002-03-12

申请号：US09160022

申请日：1998-09-24

申请人： Cynthia Fleming Corn ,  Larry George Fichtner ,  Rodolfo Augusto Mancisidor ,  Shaw-Ben Shi

发明人： Cynthia Fleming Corn ,  Larry George Fichtner ,  Rodolfo Augusto Mancisidor ,  Shaw-Ben Shi

IPC分类号： G06F1730

CPC分类号： H04L61/1523 ,  G06F17/30451 ,  Y10S707/99933 ,  Y10S707/99934 ,  Y10S707/99944

摘要： A method of hierarchical LDAP searching in an LDAP directory service having a relational database management system (DBMS) as a backing store. The method begins by parsing an LDAP filter-based query for elements and logical operators of the filter query. For each filter element, the method generates an SQL subquery according to a set of translation rules. For each SQL subquery, the method then generates a set of entry identifiers for the LDAP filter query. Then, the SQL subqueries are combined into a single SQL query according to a set of combination rules chosen corresponding to the logical operators of the LDAP filter query.

摘要翻译： 在具有关系数据库管理系统（DBMS）作为后备存储的LDAP目录服务中分层LDAP搜索的方法。 该方法开始于对筛选器查询的元素和逻辑运算符解析基于LDAP过滤器的查询。 对于每个过滤元素，该方法根据一组转换规则生成SQL子查询。 对于每个SQL子查询，该方法然后生成一组LDAP过滤器查询的条目标识符。 然后，SQL子查询根据与LDAP过滤器查询的逻辑运算符相对应选择的一组组合规则组合成单个SQL查询。

公开(公告)号：US6085188A

公开(公告)日：2000-07-04

申请号：US050503

申请日：1998-03-30

申请人： David W. Bachmann ,  Cynthia Fleming Corn ,  Larry George Fichtner ,  Rodolfo Augusto Mancisidor ,  Shaw-Ben Shi

发明人： David W. Bachmann ,  Cynthia Fleming Corn ,  Larry George Fichtner ,  Rodolfo Augusto Mancisidor ,  Shaw-Ben Shi

IPC分类号： G06F17/30

CPC分类号： G06F17/30595 ,  Y10S707/99933 ,  Y10S707/99942

摘要： A method of hierarchical LDAP searching in an LDAP directory service having a relational database management system (DBMS) as a backing store. According to the invention, entries in a naming hierarchy are mapped into first and second relational tables: a parent table, and a descendant table. These tables are used to "filter" lists of entries returned from a search to ensure that only entries within a given search scope are retained for evaluation. Thus, for example, the parent table is used during an LDAP one level search, and the descendant table is used during an LDAP subtree search. In either case, use of the parent or descendant table obviates recursive queries through the naming directory.

摘要翻译： 在具有关系数据库管理系统（DBMS）作为后备存储的LDAP目录服务中分层LDAP搜索的方法。 根据本发明，命名层级中的条目被映射到第一和第二关系表中：父表和后代表。 这些表用于“过滤”从搜索返回的条目的列表，以确保仅保留给定搜索范围内的条目以供评估。 因此，例如，在LDAP一级搜索期间使用父表，并且在LDAP子树搜索期间使用后代表。 在任一情况下，使用父表或后代表都可以通过命名目录来消除递归查询。

公开(公告)号：US07039804B2

公开(公告)日：2006-05-02

申请号：US09895230

申请日：2001-06-29

申请人： Larry George Fichtner ,  Dah-Haur Lin

发明人： Larry George Fichtner ,  Dah-Haur Lin

IPC分类号： G06F17/00

CPC分类号： H04L63/0815 ,  G06F21/6236 ,  H04L63/101

摘要： A method and system for sharing existing user and group registry information between heterogeneous application servers is provided. The method and system make use of an adapter that communicates with each registry associated with each application server through a registry communication mechanism. In a preferred embodiment, the present invention provides an additional application-specific database to protect application-specific data that is required for each application server's operation but is not part of an existing database registry. Both the application-specific databases and existing user and group definitions in a user and group registry form a new registry abstraction which is required for each application server. As a result, each application server automatically shares user and group definitions with the existing database server. Furthermore, both the database server and each application server maintain a centralized user and group management model across different application domains.

公开(公告)号：US07146637B2

公开(公告)日：2006-12-05

申请号：US09895978

申请日：2001-06-29

申请人： Michael Bradford Ault ,  Garry Lee Child ,  Larry George Fichtner ,  Dah-Haur Lin

发明人： Michael Bradford Ault ,  Garry Lee Child ,  Larry George Fichtner ,  Dah-Haur Lin

IPC分类号： G06F7/04 ,  G06F7/58 ,  G06F15/16 ,  G06F17/30 ,  G06K9/00 ,  G06K19/00 ,  H04L19/32

CPC分类号： H04L63/102 ,  G06F21/41 ,  G06F21/6236 ,  H04L63/0815

摘要： A method, computer program product, and data processing system, with which a unified security policy may be implemented using existing application components with disparate security mechanisms and user registries is disclosed. The present invention provides a generic application programming interface (API) that forms a framework for creating registry adapters. Registry adapters allow a policy director (an item of software for imposing a sitewide security policy) to operate with new or unfamiliar registry types by acting as a drop-in translator for converting generic registry-access commands into operations specific to the particular registry in question.