Abstract: A method for securing and processing sparse access control list (ACL) data in a relational database used as a backing store for a hierarchical-based directory service. The sparse ACL data is secured in a plurality of tables. An owner table stores data objects with explicitly set ACLs. A propagation table stores data on whether individual ACLs are inherited by descendant objects. A permissions table stores data regarding permissions which a user may perform on an object. A source table stores data for a set of ancestor objects having respective ACLs for each of a set of descendant objects. Preferably, the tables are stored in the relational database together with the objects. For a given object, data in the tables is used to determine the given object's entry owner and ACL. The inventive technique has particular applicability in a Lightweight Directory Access Protocol (LDAP) directory service having a relational database as a backing store.

Abstract: A process for maintaining authentication information in a distributed network of servers generates and maintains a non-local access server list, queries non-local servers using a Lightweight Directory Access Protocol (LDAP) search request, caches responses to queries from non-local servers, updates the cached directory entries and applies an LDAP operation to the cached directory entries and the local access control data. A variety of techniques are used to update cache information. When a request to authenticate a user with a distinguished name is received, the cached directory entries and the local access control data are searched for the distinguished name and, once the distinguished name is located, the user is authenticated with each server in the non-local access server list.

Abstract: A caching mechanism for a directory service having a backing store. According to the invention, directory search results are cached over a given data capture period, with the information then being used by a data analysis routine to generate a data access history for the user for a particular application. That history is then used to generate a recommended pre-fetch time, a filter key for the pre-fetch, and a preferred cache replacement policy (e.g., static or LRU). Based on that information, a control routine pre-fetches and populates the cache with information that is expected to be needed by the user as a result of that access history.

Abstract: An improved method, apparatus, and instructions for locating a server in a distributed network using the Lightweight Directory Access Protocol (LDAP), maintaining information for the server, displaying a tree of servers, browsing the tree of servers, and searching the tree of servers for an entry with specific attributes is provided. The information maintained about the server includes its location, lists of attributes, and access control. The tree displayed can be for all servers combined or for an individual server. The search can be across the entire server or customized to a subset of servers. The search can be based on one of the following attributes: user, country, group, locality, access group, access role, organization, organization unit, domain, or can be based on user defined attributes.

Abstract: A method for securing sparse access control list (ACL) data in a relational database used as a backing store for a hierarchical-based directory service. The sparse ACL data is secured in a plurality of tables. An owner table stores data objects with explicitly set ACLs. A propagation table stores data on whether individual ACLs are inherited by descendant objects. A permissions table stores data regarding permissions which a user may perform on an object. A source table stores data for a set of ancestor objects having respective ACLs for each of a set of descendant objects. Preferably, the tables are stored in the relational database together with the objects. For a given object, data in the tables is used to determine the given object's entry owner and ACL. The inventive technique has particular applicability in a Lightweight Directory Access Protocol (LDAP) directory service having a relational database as a backing store.

Abstract: A method of hierarchical LDAP searching in an LDAP directory service having a relational database management system (DBMS) as a backing store. The method begins in response to a search query to the relational database. Search results retrieved in response to the search query are cached, preferably in a pair of caches in the directory service. The first cache receives a set of identifiers indexed by a filter key of the search query. The search results, namely entries corresponding to the set of identifiers, are then stored in the second cache. In response to subsequent issuance of the search query, the cached search results are then used in lieu of accessing the relational database to increase search efficiency. To maintain the integrity of the cached information, routines are provided to invalidate the caches during given directory service operations.

Abstract: A method of hierarchical LDAP wildcard searching in an LDAP directory service having a relational database management system (DBMS) as a backing store. The relational database normally includes a forward index of the character strings in the database. The method begins by generating a reverse index of the character strings in the relational database. Depending on the position of one or more wildcards in the string, the forward index, the reverse index, or both indices, are used to generate the relational database query.