Abstract: A computer system creates a view that has a class definition and one or more attributes of a directory to support graphical representation of the directory. A distributed processing system includes the directory and a number of nodes, one of the nodes being a service node. The directory includes entries that are associated with the nodes. The service node receives an attribute value that is associated with one of nodes. The service node determines from the class definition of the view that the received attribute value is associated with an attribute type that describes a new attribute value and creates an updated view without defining the received attribute value in the entries of the directory. The updated view includes the received attribute value.

Abstract: A social networking site host includes, in a user's profile, information that has been attested to and verified by both the user and an independent verifier. The independent verifier is an accepted authority with direct knowledge of the information. Both the user and verifier attest to the information by digitally signing the information and including the digital signature with the information. The host or visitors to the social networking site can authenticate the information by using both digital signatures. By authenticating the information, visitors and users viewing information on the social networking site can assume that the information is trusted and accurate.

Abstract: A method and apparatus for maintaining logs for a Lightweight Directory Access Protocol (LDAP) directory server. The method includes receiving or detecting events or activities in the system to be logged. The events are transformed into LDAP entries and stored in an LDAP repository. The LDAP entries may then be searched and operated on using LDAP operations, thereby providing enhanced utility and functionality for log data using LDAP operations and an LDAP repository.

Abstract: Embodiments of the present invention provide a system and method of assigning unique identifiers in a multi-master directory service. In particular, each server in the system assigns numeric user identifiers in a linear fashion that compliments the series of user identifiers assigned by the other servers. In particular, a first server is selected and assigned a first starting number. Each subsequent server is then assigned their own starting series number by incrementing from the first starting number. Then, all servers are assigned an additive, which is an integer greater than or equal to the number of servers in the system. Each server then generates its own series of unique numeric identifiers based on its own starting series number and the additive.

Abstract: Embodiments of the present invention provide a method and system for determining a probability that a suspected domain name of a domain accessed using a universal resource locator (URL), which can be entered as a character string into a browser associated with a client in a net environment, is a counterfeit of a legitimate domain name. Characters in the suspected domain name can be identified as known as likely to be deceptively substituted for corresponding legitimate characters of a legitimate domain name. An alternate domain name is generated by substituting predetermined characters with the corresponding legitimate characters. An attempt can be made to resolve alternate domains of the alternate domain names. If the names are successfully resolved, a non-zero probability is assigned to the suspected domain name as being counterfeit.

Abstract: A method and apparatus for ordering callbacks for server plug-ins of a Lightweight Directory Access Protocol (LDAP) directory server. Each plug-in registers with the LDAP server and has a designated priority and set of dependencies. The priority and dependency data are stored in an LDAP callback configuration entry or set of entries. The LDAP server analyzes the priority and dependencies to determine the order of each plug-in or individual callback relative to one another. This allows the LDAP directory server and LDAP operations to rely on the order of callbacks thereby improving the efficiency of the system.

Abstract: Embodiments of the present invention provide a method and system for dynamically creating a view in a distributed processing system. The system can have nodes such as a service node and a directory with entries. An object class of a view can be defined as including an attribute type that accommodates a new attribute value. An attribute value associated with one of the nodes can be received at the service node whereupon it can be determined whether the attribute value is associated with the new attribute value. A new view can be created if the attribute value is associated with the new attribute value.

Abstract: A method and apparatus for ordering callbacks for server plug-ins of a Lightweight Directory Access Protocol (LDAP) directory server. Each plug-in registers with the LDAP server and has a designated priority and set of dependencies. The priority and dependency data are stored in an LDAP callback configuration entry or set of entries. The LDAP server analyzes the priority and dependencies to determine the order of each plug-in or individual callback relative to one another. This allows the LDAP directory server and LDAP operations to rely on the order of callbacks thereby improving the efficiency of the system.

Abstract: A method and apparatus for ordering callbacks for server plug-ins of a Lightweight Directory Access Protocol (LDAP) directory server. Each plug-in registers with the LDAP server and has a designated priority and set of dependencies. The priority and dependency data are stored in an LDAP callback configuration entry or set of entries. The LDAP server analyzes the priority and dependencies to determine the order of each plug-in or individual callback relative to one another. This allows the LDAP directory server and LDAP operations to rely on the order of callbacks thereby improving the efficiency of the system.

Abstract: Role is a comprehensive grouping mechanism. In a client-server directory system, roles transfer some of the complexity to the directory server. A role is defined by its role definition entry. Any client with appropriate access privileges can discover, identify and examine any role definition. A “managed” role is one that can be configured to provide search results similar to those available with a static grouping mechanism, i.e., to create a group entry that contains a list of members. Managed roles allow a user to create an explicit enumerated list of members. A managed role is a label stored with a directory entry.

Abstract: A method and apparatus for ordering callbacks for server plug-ins of a Lightweight Directory Access Protocol (LDAP) directory server. Each plug-in registers with the LDAP server and has a designated priority and set of dependencies. The priority and dependency data are stored in an LDAP callback configuration entry or set of entries. The LDAP server analyzes the priority and dependencies to determine the order of each plug-in or individual callback relative to one another. This allows the LDAP directory server and LDAP operations to rely on the order of callbacks thereby improving the efficiency of the system.

Abstract: Embodiments of the present invention provide a method and system for dynamically creating a view in a distributed processing system. The system can have nodes such as a service node and a directory with entries. An object class of a view can be defined as including an attribute type that accommodates a new attribute value. An attribute value associated with one of the nodes can be received at the service node whereupon it can be determined whether the attribute value is associated with the new attribute value. A new view can be created if the attribute value is associated with the new attribute value.

Abstract: A method and apparatus for maintaining logs for a Lightweight Directory Access Protocol (LDAP) directory server. The method includes receiving or detecting events or activities in the system to be logged. The events are transformed into LDAP entries and stored in an LDAP repository. The LDAP entries may then be searched and operated on using LDAP operations, thereby providing enhanced utility and functionality for log data using LDAP operations and an LDAP repository.

Abstract: A social networking site host includes, in a user's profile, information that has been attested to and verified by both the user and an independent verifier. The independent verifier is an accepted authority with direct knowledge of the information. Both the user and verifier attest to the information by digitally signing the information and including the digital signature with the information. The host or visitors to the social networking site can authenticate the information by using both digital signatures. By authenticating the information, visitors and users viewing information on the social networking site can assume that the information is trusted and accurate.

Abstract: Embodiments of the present invention provide a method and system for determining a probability that a suspected domain name of a domain accessed using a universal resource locator (URL), which can be entered as a character string into a browser associated with a client in a net environment, is a counterfeit of a legitimate domain name. Characters in the suspected domain name can be identified as known as likely to be deceptively substituted for corresponding legitimate characters of a legitimate domain name. An alternate domain name is generated by substituting predetermined characters with the corresponding legitimate characters. An attempt can be made to resolve alternate domains of the alternate domain names. If the names are successfully resolved, a non-zero probability is assigned to the suspected domain name as being counterfeit.

Abstract: Embodiments of the present invention provide a system and method of assigning unique identifiers in a multi-master directory service. In particular, each server in the system assigns numeric user identifiers in a linear fashion that compliments the series of user identifiers assigned by the other servers. In particular, a first server is selected and assigned a first starting number. Each subsequent server is then assigned their own starting series number equal by incrementing from the first starting number. Then, all servers are assigned an additive, which is an integer greater than or equal to the number of servers in the system. Each server then generates its own series of unique numeric identifiers based on its own starting series number and the additive.

Abstract: Role is a comprehensive grouping mechanism. In a client-server directory system, roles transfer some of the complexity to the directory server. A role is defined by its role definition entry. Assigning entries to roles enables applications to locate the roles of an entry, rather than select a group and browse the members list. Additionally, roles allow for support of generated attribute values, and directory server-performed membership verification for clients. By changing a role definition, a user can change an entire organization with ease. Any client with appropriate access privileges can discover, identify and examine any role definition.

Abstract: Class of Service (CoS) is a mechanism that allows a user to share attributes between directory entries in a way transparent to an application. A CoS scheme includes a CoS Definition entry and a CoS Template entry. These two entries interact to provide attribute values to target entries within their CoS “scope”. In Classic CoS, an attribute-value pair is matched with a target entry based on the target entry's DN. The CoS Definition entry, which is stored as an LDAP subentry below the branch at which it is effective, identifies the type of CoS being used. The Template entry contains a list of attribute values that are shared. Any change made to the template entry's attribute values is automatically applied to all entries that share the attribute.

Abstract: Class of Service (CoS) allows a user to share attributes between entries in a way that is transparent to an application. This is achieved by generating the values of the attributes by a CoS logic at the time of or immediately prior to the time the entry is transmitted to an application, rather than storing the values of the attributes with the attribute itself. In alternative embodiments, the attributes may be generated at a time well before the time the entry is transmitted to an application. A CoS includes a CoS Definition entry and a Template entry. These two entries interact to provide attribute values to target entries within their CoS “scope” based on the target entry's DN, presence or absence of the target entry's CoS attribute, the attribute value stored in the target entry's CoS Template, and other factors. The CoS Definition entry, which is stored as an LDAP subentry below the branch at which it is effective, identifies the type of CoS being used.

Abstract: Role is a comprehensive grouping mechanism used in a directory server. In a client-server directory system, roles transfer some of the complexity to the directory server. A role is defined by its role definition entry. Assigning entries to roles enables applications to locate the roles of a target entry, rather than select a group and browse the members list. By changing a role definition, a user can change an entire organization with ease. Any client with appropriate access privileges can discover, identify and examine any role definition. An enumerated role is one that contains a list of target entries as members. By simply searching for the membership of the enumerated role, a client application will obtain a list of all members that possess that enumerated role.