公开(公告)号：US08285754B2

公开(公告)日：2012-10-09

申请号：US12428094

申请日：2009-04-22

申请人： Kristin Marie Hazlewood ,  Daw Feng ,  John Mark McConaughy ,  Gary Dale Williams ,  Shevaun-Ann Michelle Fontenot

发明人： Kristin Marie Hazlewood ,  Daw Feng ,  John Mark McConaughy ,  Gary Dale Williams ,  Shevaun-Ann Michelle Fontenot

IPC分类号： G06F17/30 ,  G06F7/00

CPC分类号： H04L61/1517 ,  H04L29/12132 ,  H04L61/1552

摘要： A method, system, and computer usable program product for preserving references to deleted directory entries are provided in the illustrative embodiments. An instruction to delete an entry is received. A second entry referencing the entry is identified. The second entry is marked as a ghost reference to the entry. The entry is converted to a deleted entry. A ghost attribute with a value of “false” may be added to the entry. A ghost attribute or tag with a value of “false” may be added to the second entry. The ghost tag may correspond to an attribute of the second entry that references the entry. An entry may be deleted by setting a value of a ghost attribute in the entry to true. The second entry may be marked as the ghost reference by setting a value of a ghost attribute or a ghost tag in the second entry to true.

摘要翻译： 在说明性实施例中提供了用于保留对删除的目录条目的引用的方法，系统和计算机可用程序产品。 接收到删除条目的指令。 识别引用该条目的第二个条目。 第二个条目被标记为条目的ghost引用。 该条目将转换为已删除的条目。 值为false的ghost属性可能会添加到条目中。 可以将第二个条目中添加值为false的ghost属性或标签。 ghost标签可以对应于引用该条目的第二条目的属性。 可以通过将条目中的ghost属性的值设置为true来删除条目。 通过将第二个条目中的ghost属性或ghost标签的值设置为true，可以将第二个条目标记为ghost引用。

公开(公告)号：US20100274769A1

公开(公告)日：2010-10-28

申请号：US12428115

申请日：2009-04-22

申请人： Kristin Marie Hazlewood ,  John Mark McConaughy ,  Gary Dale Williams ,  Shevaun-Ann Michelle Fontenot ,  Daw Feng

发明人： Kristin Marie Hazlewood ,  John Mark McConaughy ,  Gary Dale Williams ,  Shevaun-Ann Michelle Fontenot ,  Daw Feng

IPC分类号： G06F17/30 ,  G06F12/16

CPC分类号： G06F17/30067

摘要： A method, system, and computer usable program product for managing deleted directory entries are provided in the illustrative embodiments. An instruction to delete the entry is received. A second entry that includes a reference to the entry is identified. A third entry including information to be preserved from the entry is added in a deleted entries subtree. The third entry is modified to include the reference information from the second entry. The third entry is saved such that during a restore of the entry the third entry provides the information to restore the entry and the reference to the entry. The third entry may include a set of attributes that store an identifier of the second entry. The entry is restored from the third entry and made available in the directory. A reference is recreated in the second entry to the restored entry forming a restored second entry.

摘要翻译： 在说明性实施例中提供了用于管理被删除的目录条目的方法，系统和计算机可用程序产品。 收到删除条目的指令。 识别包含对条目的引用的第二个条目。 包含从条目中保留的信息的第三个条目将添加到已删除的条目子树中。 第三个条目被修改为包括来自第二个条目的参考信息。 保存第三个条目，使得在恢复条目期间，第三个条目提供了恢复条目和对该条目的引用的信息。 第三条目可以包括存储第二条目的标识符的一组属性。 该条目从第三个条目恢复，并在目录中可用。 在恢复的条目的第二个条目中重新创建引用，形成恢复的第二个条目。

公开(公告)号：US08073875B2

公开(公告)日：2011-12-06

申请号：US12428115

申请日：2009-04-22

申请人： Kristin Marie Hazlewood ,  John Mark McConaughy ,  Gary Dale Williams ,  Shevaun-Ann Michelle Fontenot ,  Daw Feng

发明人： Kristin Marie Hazlewood ,  John Mark McConaughy ,  Gary Dale Williams ,  Shevaun-Ann Michelle Fontenot ,  Daw Feng

IPC分类号： G06F7/00 ,  G06F17/30

CPC分类号： G06F17/30067

摘要： An instruction to delete the entry is received. A second entry that includes a reference to the entry is identified. A third entry including information to be preserved from the entry is added in a deleted entries subtree. The third entry is modified to include the reference information from the second entry. The third entry is saved such that during a restore of the entry the third entry provides the information to restore the entry and the reference to the entry. The third entry may include a set of attributes that store an identifier of the second entry. The entry is restored from the third entry and made available in the directory. A reference is recreated in the second entry to the restored entry forming a restored second entry.

摘要翻译： 收到删除条目的指令。 识别包含对条目的引用的第二个条目。 包含从条目中保留的信息的第三个条目将添加到已删除的条目子树中。 第三个条目被修改为包括来自第二个条目的参考信息。 保存第三个条目，使得在恢复条目期间，第三个条目提供了恢复条目和对该条目的引用的信息。 第三条目可以包括存储第二条目的标识符的一组属性。 该条目从第三个条目恢复，并在目录中可用。 在恢复的条目的第二个条目中重新创建引用，形成恢复的第二个条目。

公开(公告)号：US20100275059A1

公开(公告)日：2010-10-28

申请号：US12428094

申请日：2009-04-22

申请人： Kristin Marie Hazlewood ,  Daw Feng ,  John Mark McConaughy ,  Gary Dale Williams ,  Shevaun-Ann Michelle Fontenot

发明人： Kristin Marie Hazlewood ,  Daw Feng ,  John Mark McConaughy ,  Gary Dale Williams ,  Shevaun-Ann Michelle Fontenot

IPC分类号： G06F12/02 ,  G06F11/07

CPC分类号： H04L61/1517 ,  H04L29/12132 ,  H04L61/1552

摘要： A method, system, and computer usable program product for preserving references to deleted directory entries are provided in the illustrative embodiments. An instruction to delete an entry is received. A second entry referencing the entry is identified. The second entry is marked as a ghost reference to the entry. The entry is converted to a deleted entry. A ghost attribute with a value of “false” may be added to the entry. A ghost attribute or tag with a value of “false” may be added to the second entry. The ghost tag may correspond to an attribute of the second entry that references the entry. An entry may be deleted by setting a value of a ghost attribute in the entry to true. The second entry may be marked as the ghost reference by setting a value of a ghost attribute or a ghost tag in the second entry to true.

摘要翻译： 在说明性实施例中提供了用于保留对删除的目录条目的引用的方法，系统和计算机可用程序产品。 接收到删除条目的指令。 识别引用该条目的第二个条目。 第二个条目被标记为条目的ghost引用。 该条目将转换为已删除的条目。 可以将一个值为“false”的ghost属性添加到条目中。 可以将第二个条目中添加值为“false”的ghost属性或标签。 ghost标签可以对应于引用该条目的第二条目的属性。 可以通过将条目中的ghost属性的值设置为true来删除条目。 通过将第二个条目中的ghost属性或ghost标签的值设置为true，可以将第二个条目标记为ghost引用。

公开(公告)号：US08042153B2

公开(公告)日：2011-10-18

申请号：US11971382

申请日：2008-01-09

申请人： Daw Feng ,  Kristin Marie Hazlewood ,  Gary Dale Williams

发明人： Daw Feng ,  Kristin Marie Hazlewood ,  Gary Dale Williams

IPC分类号： G06F17/00 ,  G06F7/04 ,  G06F17/30 ,  G06F15/16 ,  H04L29/06

CPC分类号： H04L63/20 ,  H04L63/083 ,  H04L63/0884

摘要： A computer implemented method, data processing system, and computer program product for reducing the overhead associated with distributed password policy enforcement operations using a proxy server. When a proxy server provides a request from a client to a backend directory server, the proxy server determines whether a password policy check is required to be performed at the backend directory server. If a password policy check is not required to be performed at the backend directory server, the proxy server sends the client request together with a skip password policy control to the backend directory server. This skip password policy control informs the backend directory server to skip the password policy check on the client request.

摘要翻译： 一种计算机实现的方法，数据处理系统和计算机程序产品，用于减少与使用代理服务器的分布式密码策略执行操作相关联的开销。 当代理服务器提供客户端到后端目录服务器的请求时，代理服务器确定是否需要在后端目录服务器上执行密码策略检查。 如果不需要在后端目录服务器执行密码策略检查，则代理服务器将客户端请求与跳过密码策略控制一起发送到后端目录服务器。 此跳过密码策略控制通知后端目录服务器跳过客户端请求的密码策略检查。

公开(公告)号：US08935805B2

公开(公告)日：2015-01-13

申请号：US11776332

申请日：2007-07-11

申请人： Kristin Marie Hazlewood ,  Daw Feng ,  Gary Dale Williams

发明人： Kristin Marie Hazlewood ,  Daw Feng ,  Gary Dale Williams

IPC分类号： G06F21/00 ,  H04L29/06 ,  H04L29/12

CPC分类号： H04L63/0281 ,  H04L29/12084 ,  H04L61/1523 ,  H04L63/083 ,  H04L63/20

摘要： The invention describes techniques for enforcing password policy within a distributed directory environment that includes one or more distributed directory servers and a proxy server that acts as an intermediate agent between a client and the distributed directory environment. In one aspect, the proxy server is enhanced to support the passing (from the backend server to the client) of password policy controls. In particular, controls returned from a backend server are parsed and cached (for re-use) for the life of a given client connection. According to another aspect, the proxy server ensures that all compare operations for a single user's password are directed to the same backend server in the distributed directory environment. This insures that a user's most current password is used, and that failed operation counts, resets and operational attributes are up-to-date. According to still another aspect, the proxy server enforces password policy on bind plug-ins and, in particular, through a pair of pre-bind and post-bind extended operations. In particular, pre-bind processing includes checking if an account is locked. Post-bind processing includes checking for expired passwords, grace logins and updating failed/successful bind counters.

摘要翻译： 本发明描述了在包括一个或多个分布式目录服务器的分布式目录环境中执行密码策略的技术，以及充当客户机和分布式目录环境之间的中间代理的代理服务器。 在一个方面，代理服务器被增强以支持密码策略控制的传递（从后端服务器到客户端）。 特别是，在给定的客户端连接的使用寿命期间，从后端服务器返回的控件将被解析和缓存（重新使用）。 根据另一方面，代理服务器确保单个用户密码的所有比较操作被引导到分布式目录环境中的相同后端服务器。 这样可以确保用户最新的密码被使用，并且失败的操作计数，重置和操作属性是最新的。 根据另一方面，代理服务器在绑定插件上强制执行密码策略，特别是通过一对预绑定和后绑定扩展操作。 特别地，预绑定处理包括检查帐户是否被锁定。 后绑定处理包括检查过期的密码，宽限登录和更新失败/成功的绑定计数器。

公开(公告)号：US20090178105A1

公开(公告)日：2009-07-09

申请号：US11971382

申请日：2008-01-09

申请人： Daw Feng ,  Kristin Marie Hazlewood ,  Gary Dale Williams

发明人： Daw Feng ,  Kristin Marie Hazlewood ,  Gary Dale Williams

IPC分类号： G06F21/00

CPC分类号： H04L63/20 ,  H04L63/083 ,  H04L63/0884

摘要： A computer implemented method, data processing system, and computer program product for reducing the overhead associated with distributed password policy enforcement operations using a proxy server. when a proxy server provides a request from a client to a backend directory server, the proxy server determines whether a password policy check is required to be performed at the backend directory server. If a password policy check is not required to be performed at the backend directory server, the proxy server sends the client request together with a skip password policy control to the backend directory server. This skip password policy control informs the backend directory server to skip the password policy check on the client request.

摘要翻译： 一种计算机实现的方法，数据处理系统和计算机程序产品，用于减少与使用代理服务器的分布式密码策略执行操作相关联的开销。 当代理服务器提供从客户端到后端目录服务器的请求时，代理服务器确定是否需要在后端目录服务器上执行密码策略检查。 如果不需要在后端目录服务器执行密码策略检查，则代理服务器将客户端请求与跳过密码策略控制一起发送到后端目录服务器。 此跳过密码策略控制通知后端目录服务器跳过客户端请求的密码策略检查。

公开(公告)号：US08230455B2

公开(公告)日：2012-07-24

申请号：US11776292

申请日：2007-07-11

申请人： Kristin Marie Hazlewood ,  Daw Feng ,  Gary Dale Williams

发明人： Kristin Marie Hazlewood ,  Daw Feng ,  Gary Dale Williams

IPC分类号： H04L29/06

CPC分类号： H04L63/083 ,  H04L63/0846 ,  H04L63/20

摘要： The invention describes techniques for enforcing password policy within a distributed directory environment that includes one or more distributed directory servers and a proxy server that acts as an intermediate agent between a client and the distributed directory environment. In one aspect, the proxy server is enhanced to support the passing (from the backend server to the client) of password policy controls. In particular, controls returned from a backend server are parsed and cached (for re-use) for the life of a given client connection. According to another aspect, the proxy server ensures that all compare operations for a single user's password are directed to the same backend server in the distributed directory environment. This insures that a user's most current password is used, and that failed operation counts, resets and operational attributes are up-to-date. According to still another aspect, the proxy server enforces password policy on bind plug-ins and, in particular, through a pair of pre-bind and post-bind extended operations. In particular, pre-bind processing includes checking if an account is locked. Post-bind processing includes checking for expired passwords, grace logins and updating failed/successful bind counters.

摘要翻译： 本发明描述了在包括一个或多个分布式目录服务器的分布式目录环境中执行密码策略的技术，以及充当客户机和分布式目录环境之间的中间代理的代理服务器。 在一个方面，代理服务器被增强以支持密码策略控制的传递（从后端服务器到客户端）。 特别是，在给定的客户端连接的使用寿命期间，从后端服务器返回的控件将被解析和缓存（重新使用）。 根据另一方面，代理服务器确保单个用户密码的所有比较操作被引导到分布式目录环境中的相同后端服务器。 这样可以确保用户最新的密码被使用，并且失败的操作计数，重置和操作属性是最新的。 根据另一方面，代理服务器在绑定插件上强制执行密码策略，特别是通过一对预绑定和后绑定扩展操作。 特别地，预绑定处理包括检查帐户是否被锁定。 后绑定处理包括检查过期的密码，宽限登录和更新失败/成功的绑定计数器。

公开(公告)号：US20090019533A1

公开(公告)日：2009-01-15

申请号：US11776292

申请日：2007-07-11

申请人： Kristin Marie Hazlewood ,  Daw Feng ,  Gary Dale Williams

发明人： Kristin Marie Hazlewood ,  Daw Feng ,  Gary Dale Williams

IPC分类号： H04L9/32

CPC分类号： H04L63/083 ,  H04L63/0846 ,  H04L63/20

摘要： The invention describes techniques for enforcing password policy within a distributed directory environment that includes one or more distributed directory servers and a proxy server that acts as an intermediate agent between a client and the distributed directory environment. In one aspect, the proxy server is enhanced to support the passing (from the backend server to the client) of password policy controls. In particular, controls returned from a backend server are parsed and cached (for re-use) for the life of a given client connection. According to another aspect, the proxy server ensures that all compare operations for a single user's password are directed to the same backend server in the distributed directory environment. This insures that a user's most current password is used, and that failed operation counts, resets and operational attributes are up-to-date. According to still another aspect, the proxy server enforces password policy on bind plug-ins and, in particular, through a pair of pre-bind and post-bind extended operations. In particular, pre-bind processing includes checking if an account is locked. Post-bind processing includes checking for expired passwords, grace logins and updating failed/successful bind counters.

摘要翻译： 本发明描述了在包括一个或多个分布式目录服务器的分布式目录环境中执行密码策略的技术，以及充当客户机和分布式目录环境之间的中间代理的代理服务器。 在一个方面，代理服务器被增强以支持密码策略控制的传递（从后端服务器到客户端）。 特别是，在给定的客户端连接的使用寿命期间，从后端服务器返回的控件将被解析和缓存（重新使用）。 根据另一方面，代理服务器确保单个用户密码的所有比较操作被引导到分布式目录环境中的相同后端服务器。 这样可以确保用户最新的密码被使用，并且失败的操作计数，重置和操作属性是最新的。 根据另一方面，代理服务器在绑定插件上强制执行密码策略，特别是通过一对预绑定和后绑定扩展操作。 特别地，预绑定处理包括检查帐户是否被锁定。 后绑定处理包括检查过期的密码，宽限登录和更新失败/成功的绑定计数器。

公开(公告)号：US08347347B2

公开(公告)日：2013-01-01

申请号：US11971510

申请日：2008-01-09

申请人： Daw Feng ,  Kristin Marie Hazlewood ,  Gary Dale Williams

发明人： Daw Feng ,  Kristin Marie Hazlewood ,  Gary Dale Williams

IPC分类号： H04L29/06 ,  G06F17/00

CPC分类号： H04L63/20 ,  H04L63/083 ,  H04L63/0884

摘要： A computer implemented method, data processing system, and computer program product for password policy enforcement in a distributed directory when policy information is distributed. When a proxy server is providing a request from a client to a backend directory server, the proxy server performs a series of LDAP operations on a targeted set of backend directory servers to collect password policy information applicable to a target user. The password policy information applicable to the target user is partitioned and distributed across the plurality of backend directory servers. When the password policy information for the target user has been collected, the proxy server evaluates the collected password policy information to determine an effective password policy for the target user. The proxy server then sends the request and subsequent requests with the effective password policy to a backend directory server.

摘要翻译： 一种计算机实现的方法，数据处理系统和计算机程序产品，用于在分布式目录中分发策略信息时执行密码策略。 当代理服务器向客户端向后端目录服务器提供请求时，代理服务器对目标一组后端目录服务器执行一系列LDAP操作，以收集适用于目标用户的密码策略信息。 适用于目标用户的密码策略信息被分割并分布在多个后端目录服务器中。 当收集目标用户的密码策略信息时，代理服务器评估收集的密码策略信息，以确定目标用户的有效密码策略。 然后，代理服务器将具有有效密码策略的请求和后续请求发送到后端目录服务器。