Abstract: An apparatus and method provide an architected way for a web server to access a user registry in a directory service such as LDAP. In the preferred embodiments, the logic for presenting and processing a web page is encapsulated from the logic that interacts with the directory service, making it easy for a programmer to make changes to the a user registration form without having to have a detailed knowledge of the directory service and its interfaces.

Abstract: An apparatus and method use the built-in authentication and authorization functions of a directory service to perform authentication and authorization for resources that are external to the directory service. A Lightweight Directory Access Protocol (LDAP) service is used in the preferred embodiments. The LDAP directory includes built-in functions for authenticating a user that requests access to an entry. Each resource that needs to be protected is mapped to an entry in the LDAP directory. These entries that correspond to protected resources external to the LDAP directory are called proxy entries. Proxy entries contain the authorization information for the corresponding protected resource in the form of an access control list for each entry that specifies the authorized users of the entry.

Abstract: An apparatus and method provide an architected way for a web server to access a user registry in a directory service such as LDAP. In the preferred embodiments, the logic for presenting and processing a web page is encapsulated from the logic that interacts with the directory service, making it easy for a programmer to make changes to the a user registration form without having to have a detailed knowledge of the directory service and its interfaces.

Abstract: An apparatus and method use the built-in authentication and authorization functions of a directory service to perform authentication and authorization for resources that are external to the directory service. A Lightweight Directory Access Protocol (LDAP) service is used in the preferred embodiments. The LDAP directory includes built-in functions for authenticating a user that requests access to an entry. Each resource that needs to be protected is mapped to an entry in the LDAP directory. These entries that correspond to protected resources external to the LDAP directory are called proxy entries. Proxy entries contain the authorization information for the corresponding protected resource in the form of an access control list for each entry that specifies the authorized users of the entry.

Abstract: An apparatus and method allow a system administrator to manage multiple user identities in multiple user registries in different processing environments. An identity mapping mechanism is provided that includes a directory service that includes entries that reference user identities in the multiple registries, and that reference identity mappings between those entries. The identity mapping mechanism includes an interface defined by a plurality of APIs that allow accessing and correlating the multiple user identities and the identity mappings. A programmer can generate an application or tool that uses the identity mapping mechanism by calling the APIs in the interface. In this manner, administration of user identities occurs with the user as the primary focus, rather than the platform. In addition, a common tool can be used to manage the user identities of different environments, making administration of user identities in a heterogenous network more efficient and cost-effective.

Abstract: An apparatus and method allow a system administrator to manage multiple user identities in multiple user registries in different processing environments. An identity mapping mechanism is provided that includes a directory service that includes entries that reference user identities in the multiple registries, and that reference identity mappings between those entries. The identity mapping mechanism includes an interface defined by a plurality of APIs that allow accessing and correlating the multiple user identities and the identity mappings. A programmer can generate an application or tool that uses the identity mapping mechanism by calling the APIs in the interface. In this manner, administration of user identities occurs with the user as the primary focus, rather than the platform. In addition, a common tool can be used to manage the user identities of different environments, making administration of user identities in a heterogenous network more efficient and cost-effective.

Abstract: An apparatus and method provide an architected way for a web server to access a user registry in a directory service such as LDAP. In the preferred embodiments, the logic for presenting and processing a web page is encapsulated from the logic that interacts with the directory service, making it easy for a programmer to make changes to the a user registration form without having to have a detailed knowledge of the directory service and its interfaces.

Abstract: An apparatus and method use the built-in authentication and authorization functions of a directory service to perform authentication and authorization for resources that are external to the directory service. A Lightweight Directory Access Protocol (LDAP) service is used in the preferred embodiments. The LDAP directory includes built-in functions for authenticating a user that requests access to an entry. Each resource that needs to be protected is mapped to an entry in the LDAP directory. These entries that correspond to protected resources external to the LDAP directory are called proxy entries. Proxy entries contain the authorization information for the corresponding protected resource in the form of an access control list for each entry that specifies the authorized users of the entry.