Utilizing LDAP directories for application access control and personalization

Assignee

• ATTACHMATE CORPORATION · US

Inventor

• Vyacheslav Minyailov · Redmond, US

Key dates

Classification

• Technology area (CPC Y)Emerging Cross-Sectional Technologies
• CPC primaryY10S707/99943
• WIPO fieldDigital communication
• WIPO sectorElectrical engineering

Abstract

Lightweight LDAP Access Control for authorization and personalization integrates with a directory service for defining sessions for users and groups without requiring read access or modification to directory schemas. In one exemplary illustrative non-limiting implementation, authorization/personalization data is stored in a private data store outside of the LDAP directory (e.g., on a management or other server). When a user attempts to log on to the computer system, the LDAP directory is queried for a list of associated groups and/or organizational units in the normal way. To compute a resulting set of authorization/personalization rules applicable to the user, an entity (.e.g., the management or other server) traverses the organizational hierarchy of the directory groups/OU's, overriding the inherited attributes with explicitly associated ones. Integration with existing user/group/organization unit infrastructures is provided while avoiding the need to deploy additional user/group databases. In one example arrangement, an LDAP directory is queried for the list of groups and OUs during user logon. There is no need to replicate user/group directory data in a private data store of th…