(12) United States Patent
`Byrne et al.
`
`111111111111111111111111111111111111111111111111111111111111111111111111111
`US006490619Bl
`US 6,490,619 Bl
`Dec. 3, 2002
`
`(10) Patent No.:
`(45) Date of Patent:
`
`(54) METHOD AND SYSTEM FOR MANAGING
`MULTIPLE LIGHTWEIGHT DIRECTORY
`ACCESS PROTOCOL DIRECTORY SERVERS
`
`(75)
`
`Inventors: Debora Jean Byrne, Austin, TX (US);
`Mickella Ann Rosiles, Austin, TX
`(US); Shaw-Ben Shepherd Shi, Austin,
`TX (US)
`
`(73) Assignee: International Business Machines
`Corporation, Armonk, NY (US)
`
`( *) Notice:
`
`Subject to any disclaimer, the term of this
`patent is extended or adjusted under 35
`U.S.C. 154(b) by 0 days.
`
`(21) Appl. No.: 09/455,702
`
`(22) Filed:
`
`Dec. 7, 1999
`
`Int. Cl? .............................................. G06F 15/173
`(51)
`(52) U.S. Cl. ............................ 709/223; 707/3; 345/737
`(58) Field of Search ................................. 709/223, 203,
`709/230, 217, 219, 225; 345/737, 738,
`763, 781, 853; 707/3, 100, 513, 514, 520
`
`(56)
`
`References Cited
`
`U.S. PATENT DOCUMENTS
`6,014,666 A * 1!2000 Helland eta!. ............... 707/10
`
`6,101,539 A * 8/2000 Kennelly et a!.
`........... 709/223
`6,157,953 A * 12/2000 Chang et a!.
`............... 709/225
`6,208,986 B1 * 3/2001 Schneck et a!.
`. ... ... .. ... ... 707/1
`6,339,827 B1 * 1!2002 Stokes et a!. ............... 713/176
`6,366,913 B1 * 4/2002 Fitler et a!. ................... 707/10
`6,366,954 B1 * 4/2002 Traversat eta!. ........ 707/104.1
`* cited by examiner
`
`Primary Examiner---Mehmet B. Geckil
`(74) Attorney, Agent, or Firm-Duke W. Yee; Leslie Van
`Leeuwen
`
`(57)
`
`ABSTRACT
`
`An improved method, apparatus, and instructions for locat(cid:173)
`ing a server in a distributed network using the Lightweight
`Directory Access Protocol (LDAP), maintaining informa(cid:173)
`tion for the server, displaying a tree of servers, browsing the
`tree of servers, and searching the tree of servers for an entry
`with specific attributes is provided. The information main(cid:173)
`tained about the server includes its location, lists of
`attributes, and access control. The tree displayed can be for
`all servers combined or for an individual server. The search
`can be across the entire server or customized to a subset of
`servers. The search can be based on one of the following
`attributes: user, country, group, locality, access group, access
`role, organization, organization unit, domain, or can be
`based on user defined attributes.
`
`34 Claims, 11 Drawing Sheets
`
`STATUS AREA 402
`
`I I
`
`I I
`ldap:/ /local host )ldap:/ /djb:389
`\._ .!"
`~Introduction
`SERVER
`1;J ··1;1 server
`!···~Properties TABS
`!
`! '· ~Rebind 406
`EI····I:;J Schema
`! .... ~View Schema
`! ciJ ... ~ Objectclasses
`! m·~Attributes
`ffi ... ~Tree
`; .... ~Browse Tree
`
`, r: ~ ~:~r~shh T~~:e
`
`EJ· .. ~Objects
`i ... ~Add Object
`; ·-D Delete Object
`: ··[l Edit Object
`' .... ~List Objects
`; · ~ Edit Object RDN
`' .. ~Acls
`
`NAVIGATION
`PANEL
`400
`
`View Server Schema
`
`cn=schema
`! .... abjectclass:subschema
`; .. cn:schema
`! ... ·objectclass:IBMsubschema
`! .. ·Objectclass:top
`ciJ ... attributetypes
`ciJ .. ·objectclasses
`clJ .. syntaxes
`dJ ... matchingRules
`
`OPTIONS
`408
`
`I! Add Server Ill Delete Server !ICE[]
`
`CONTROL BUTIONS
`410
`
`WORK AREA
`404
`
`RingCentral Ex-1004, p. 1
`RingCentral v. Estech
`IPR2021-00574
`
`

`

`U.S. Patent
`
`Dec. 3, 2002
`
`Sheet 1 of 11
`
`US 6,490,619 Bl
`
`RingCentral Ex-1004, p. 2
`RingCentral v. Estech
`IPR2021-00574
`
`

`

`U.S. Patent
`
`Dec. 3, 2002
`
`Sheet 2 of 11
`
`US 6,490,619 Bl
`
`PROCESSOR I
`I PROCESSOR
`!
`! SYSTEM BUS
`I
`MEMORY
`CONTROLLER/
`CACHE
`f
`LOCAL
`MEMORY
`
`2 02
`
`....
`...
`<
`
`208-.,__
`
`209-.,__
`
`GRAPHICS
`230../ ADAPTER
`
`232../
`
`HARD
`DISK
`
`204
`
`...
`>
`266 ..
`
`1/0
`BRIDGE
`
`--210
`
`....
`...
`212../ ""'-- 1/0
`BUS
`
`...
`
`2)4
`
`PCI BUS
`BRIDGE
`
`218'-.
`222
`I
`PCI BUS
`BRIDGE
`
`~
`\J
`
`....
`...
`
`PCI BUS
`BRIDGE
`\
`224
`FIG. 2
`
`SERVER
`200
`~
`
`PCI BUS
`
`t
`
`MODEM
`
`2)6 ..
`..
`t
`NETWORK v-:
`220
`ADAPTER
`
`.>
`
`PCI BUS
`
`PCI BUS
`
`..
`
`.>
`
`...
`..
`.>
`
`2)6
`
`2)8
`
`RingCentral Ex-1004, p. 3
`RingCentral v. Estech
`IPR2021-00574
`
`

`

`1--"
`~
`\0
`1--"
`'0-,
`Q
`\0
`'l.
`0'1
`rJ'l
`
`e
`
`'"""'
`'"""'
`0 ......,
`~
`~ .....
`'JJ. =(cid:173)~
`
`N c c
`
`N
`
`~~
`!"l
`~
`~
`
`~ = ......
`~ ......
`~
`\Jl .
`d .
`
`...
`>
`..
`3i9
`
`{
`3)8
`
`AUDIO/VIDEO
`
`ADAPTER
`
`ADAPTER
`GRAPHICS
`
`...
`.. >
`
`JJ
`
`}
`
`~ ~
`
`MEMORY
`
`MODEM
`
`MOUSE ADAPTER
`KEYBOARD AND
`
`~ ~ 3)4
`INTERFACE
`
`EXPANSION
`
`BUS
`
`BUS
`
`~ ~
`
`......
`<
`...
`
`<::::::=~
`
`DVD
`
`...
`...
`
`... CD-ROM
`..
`...
`..
`
`TAPE
`
`DISK
`
`,....
`-"
`
`t~
`
`~
`
`RingCentral Ex-1004, p. 4
`RingCentral v. Estech
`IPR2021-00574
`
`I. ~
`
`3J6
`
`~ ~
`
`310_/ ADAPTER
`
`LAN
`
`--312
`
`BUS ADAPTER
`SCSI HOST
`
`~
`
`3~6
`
`--316
`
`ADAPTER
`AUDIO
`
`MEMORY
`
`MAIN
`
`-"
`
`...
`
`.....
`
`.A_
`
`CACHE BRIDGE
`
`HOSYsPCJ
`
`...
`-"
`
`.....
`
`.A_
`
`302---... PROCESSOR
`
`304
`
`308
`
`~
`
`300
`CLIENT
`
`

`

`1--"
`~
`\0
`1--"
`'0-,
`Q
`\0
`'l.
`0'1
`rJ'l
`
`e
`
`'"""'
`'"""'
`0 ......,
`~
`~ .....
`'JJ. =(cid:173)~
`
`N c c
`
`N
`
`~~
`!"l
`~
`~
`
`~ = ......
`~ ......
`~
`\Jl .
`d .
`
`WORK AREA
`
`404
`
`FIG. 4
`
`CONTROL BUTTONS
`
`410
`
`II Add Server Ill Delete Server III]![]
`
`OPTIONS
`
`408
`
`! .... Cl Acls
`!····Cl Edit Object RDN
`! ····Cl List Objects
`! ····Cl Edit Object
`! ····Cl Delete Object
`i····Cl Add Object
`
`I
`
`~1-lloii[RJ
`
`STATUS AREA 402
`
`m···matchingRules
`iil···syntaxes
`liJ···objectclasses
`$ ... attributetypes
`!····objectclass:top
`i .... objectclass:IBt.lsubschema
`! .... cn:schema
`!····Objectclass:subschema
`cn=schema
`
`I VIew Server Schema
`
`ldap:/ /localhost lldap:/ /djb:3B9l
`
`406
`! ····Cl Properties TABS
`SERVER
`,.
`
`B····Cl Objects
`i L.. ·Cl Search Tree
`l····Cl Refresh Tree
`l
`! i····Cl Browse Tree
`G····DTree
`! G···Cl Attributes
`! ciJ···Cl Objectclasses
`i····Cl View Schema
`!
`B····Cl Schema
`! L .. -ClRebind
`l
`a· .. ·D Server
`[)Introduction
`
`~~~ eNetwork Explorer
`
`RingCentral Ex-1004, p. 5
`RingCentral v. Estech
`IPR2021-00574
`
`NAVIGATION
`
`400
`PANEL
`
`

`

`U.S. Patent
`
`Dec. 3, 2002
`
`Sheet 5 of 11
`
`US 6,490,619 Bl
`
`500
`~
`LDAPServer
`HASH TABLE
`
`0
`
`HASH
`FUNCTION
`504
`
`djb:389 ~
`502
`
`?-3
`
`CONNECTION
`TO DIRECTORY
`
`2
`
`4
`
`5
`
`"
`~8
`
`512
`
`localhost:389
`
`6
`
`7
`
`514
`HASH
`FUNCTION
`
`CONNECTION
`TO DIRECTORY
`
`•
`•
`•
`•
`
`FIG. 5
`
`TCP/IP
`
`508 "
`
`~506
`
`LOCAL AREA NEnNORK
`
`518 "
`
`~516
`
`RingCentral Ex-1004, p. 6
`RingCentral v. Estech
`IPR2021-00574
`
`

`

`1--"
`~
`\0
`1--"
`'0-,
`Q
`\0
`'l.
`0'1
`\Jl
`
`e
`
`'"""'
`'"""'
`0 ......,
`0'1
`~ .....
`'JJ. =(cid:173)~
`
`N c c
`
`N
`
`~~
`!"l
`~
`~
`
`~ = ......
`~ ......
`~
`\Jl .
`d .
`
`lmJ Edit RDN
`
`WORK. AREA
`
`604
`
`!!J ... cn=Linda Carlesberg
`!!J ... cn=Wayne Nguyen
`!!J ... cn=Kyle Nguyen
`!!J ... cn=Henry Nguyen
`!!J ... cn=Ricardo Garcia
`!!J ... cn=Bob Garcia
`~ ... ou=Widget Division
`l m cn=Ben Garcia Jr
`! !!J cn=AI Garcia
`: IB···Cn=James G1ham
`i $···cn=Marshall .~iely
`i!J· .. cn-lt1arvm lt1cGee
`;
`I!
`
`....... I
`
`FIG. 6A
`
`II Add Server Ill Delete Server I[JEI
`
`L ... D Acls
`! .... DEdit entry RON
`!····D Delete entry
`:····D Ed1t entry
`:····DAd~ enlry ----.._606
`
`;
`
`"
`
`I
`
`" ......
`
`EJ .... ~.II
`
`_..r608
`
`61 O
`
`0 Organization 0 Other
`o Access role 0 Domain
`0 Access group 0 Locality
`o Country
`o Group
`0 Organizational unit
`t!> User
`Choose an entry type
`
`IB
`$
`i·
`
`B· .. ·D
`
`STATUS ~REA 602
`
`NAVIGATION PANEL 600
`
`RingCentral Ex-1004, p. 7
`RingCentral v. Estech
`IPR2021-00574
`
`

`

`1--"
`~
`\0
`1--"
`'0-,
`Q
`\0
`'l.
`0'1
`rJ'l
`
`e
`
`'"""
`'"""
`0 ......,
`-..J
`~ ......
`'JJ. =(cid:173)~
`
`N c c
`
`N
`
`~~
`!"l
`~
`~
`
`~ = ......
`~ ......
`~
`\Jl .
`d .
`
`[~
`
`626
`
`...
`r=
`I
`1-
`I
`I
`I
`I
`I
`1 .:,
`
`---. 618
`
`622
`
`}
`
`I
`I
`I
`I
`
`ll!J lmJ Edit RON
`
`?
`
`llol@
`
`II
`
`i. Parent DN: I ou=Austin,o=IBt.l,c mformahon for the user.
`!o creal~ a new user, type in a common name, last name, and any other
`OTCreate an LDAP User
`'ldap:/ /localhost:389 ( ldap:/ 1 djb:389)11 Browse directory tree
`~I IBM SecureWay Directory Management Tool
`
`-
`
`STATUS AREA 602
`
`NAVIGATION PANEL 600
`
`! · 0 Access role
`~ ?.
`i 8 o Grou;'\.614 o Country
`i ci:J
`1" Cho""' "'" typ• 612 C
`ommon name.
`:
`, .
`;
`DN:
`,
`,
`B· .. ·Cl
`i ! .
`!
`8 .... Cl
`lntrod .01 Create an LDAP Entry
`
`WORK AREA
`
`604
`
`I
`
`628--..ll Create Ill Cancel I
`
`(ff,
`
`'\prrPirv ·
`
`Pager number: 01
`Office phone: @I
`Office number: 01
`@I
`Manager:
`Employee type: 01
`I
`Employee number:
`@I
`(/) 1
`
`Department
`Business] Person all Other I ...,..-62 4
`initials:
`
`FIG. 6B
`
`I Add Server Ill Delete Server I[]![] ..
`
`i
`
`! .... D Acls
`l ··· ·Cl Edit entry RDN
`j ··· ·Cl Delete entry
`! ··· ·Cl Edit entry
`! ····Cl Add entry
`
`RingCentral Ex-1004, p. 8
`RingCentral v. Estech
`IPR2021-00574
`
`0 Organization 0 Other
`
`0 Domain
`0 Access group 0 Locality
`
`~····!;l 616~ E-mail:
`~ 8
`j
`
`(/) r
`(/) I
`1
`. (lJ
`cn=micki,ou=Austin,o=IBt.l,c=us
`I inetOrgPerson
`
`Last name:
`
`o Organizati
`
`@I User
`
`620 ~
`
`Object class:
`
`\
`Entry RDN: I cn=m1ck1~
`.
`
`.
`
`

`

`1--"
`~
`\0
`1--"
`'0-,
`Q
`\0
`'l.
`0'1
`rJ'l
`
`e
`
`""""
`""""
`0 ......,
`00
`~ .....
`'JJ. =(cid:173)~
`
`N c c
`
`N
`
`~~
`!"l
`~
`~
`
`~ = ......
`~ ......
`~
`\Jl .
`d .
`
`} 714
`
`710
`
`I
`I
`
`I
`I
`I
`I
`
`I
`
`?
`
`I! oil§
`
`II
`
`Ready
`IAdd directory server
`
`El····l;l Server
`Introduction
`ldap:l l1ocalhost:3B9 rldap:l 1 djb:3B9
`~!IBM SecureWay Directory Management Tool
`
`STATUS AREA 702
`
`NAVIGATION PANEL 700
`
`i. ... Cl r ull search
`j .... c:J Simple search
`
`:
`:
`t ~ ... Cl Search Tree
`i .... c:J Refresh Tree
`i
`: ! .... C:. Browse Tree
`r$J .... Cl Tree
`: B .. ·D Attributes
`i ~· .. C:. Object classes
`: ! ... -c:J Refresh schema
`! i .... c:J Browse schema
`I$J .... Cl Schema
`i .... C:.Rebind
`~ .... C:. Properties
`
`WORK AREA
`
`704
`
`I II Cancel I
`
`~
`
`716
`)
`OK
`
`I!
`
`708
`!
`
`I
`I
`L3B9
`
`Keyclass file password: I
`I
`Keyclass file name:
`DUse SSL....___ 712
`User password:
`
`User DN:
`
`Port:
`Server name: ldap:/ I I
`Connect to directory server
`
`706 FIG. 7
`!
`~::~~~:::~~:~~~Jill Delete Server I[E]
`
`RingCentral Ex-1004, p. 9
`RingCentral v. Estech
`IPR2021-00574
`
`i.. .. c:J Acls
`! .... D Edit entry RDN
`! .... C:. Delete entry
`! .... D Edit entry
`! .... c:J Add entry
`: .... C:. List entries
`
`a .... Cl Entries
`
`

`

`1--"
`~
`\0
`1--"
`'0-,
`Q
`\0
`'l.
`0'1
`\Jl
`
`e
`
`'"""'
`'"""'
`0 ......,
`'0
`~ .....
`'JJ. =(cid:173)~
`
`N c c
`
`N
`
`~~
`!"l
`~
`~
`
`~ = ......
`~ ......
`~
`\Jl .
`d .
`
`804
`
`WORK. AREA
`
`FIG. 8
`
`II Add Server Ill Delete Server 1[[]0
`
`RingCentral Ex-1004, p. 10
`RingCentral v. Estech
`IPR2021-00574
`
`808
`
`Server properties
`
`./806
`
`B····[) Entries
`!
`L .. ·[)Full search
`!
`!····[)Simple search
`i ~-··[)Search Tree
`! !-···[)Refresh Tree
`! ! ····[)Browse Tree
`B····D Tree
`! G···[) Attributes
`i $--·[)Object classes
`! !-···[)Refresh schema
`! ! ····[)Browse schema
`~····~Schema
`· ····[) Rebmd ~
`!
`i i ····[) Pro~ertfZ
`$····9 Server
`Introduction
`
`!.. .. [) Acls
`i ····[)Edit entry RON
`! ····[)Delete entry
`! ··· ·[) Edit entry
`!····[)Add entry
`! ··· ·[) List entries
`
`STATUS ~REA 802
`
`NAVIGATION. PANEL800
`
`

`

`1--"
`~
`\0
`1--"
`'0-,
`Q
`\0
`'l.
`0'1
`rJ'l
`
`e
`
`'"""'
`'"""'
`0 ......,
`'"""' c
`~ .....
`'JJ. =-~
`
`N c c
`
`N
`
`~~
`!"l
`~
`~
`
`~ = ......
`~ ......
`~
`\Jl .
`d .
`
`j dl•
`
`II
`
`~910
`
`908
`\
`
`· ciJ ... cn=Jerry Chevy
`·
`1 1 1 @ ... cn=Ron Edwards
`!!J ... cn=Jeffrey James
`j
`j
`j
`ciJ ... cn=Doug Edwards
`j
`j
`j
`! 8 ... cn=Cynthia Flowers
`i
`j
`i ~ ... ou=Home Entertainment
`j
`i 1 ffi ... ou=ln Flight Systems
`i !!J ... ou=Austin
`9 ... o=IBM
`
`EJ ... c.=us
`~ ... cn=localhost
`ldap:/ /djb:389
`
`$ ... cn=Wayne Nguyen
`!!J ... cn=Kyle Nguyen
`ciJ ... cn=Henry Nguyen
`~ ... cn=Ricardo Garcia
`@ ... cn=Bob Garcia
`liJ ... ou=Widget Division
`. ~ ... cn=Ben Garcia Jr
`~ ... cn=AI Garcia
`@ ... cn=James Giliam
`ciJ ... cn=Marshall Riely
`@ ... cn=Marvin McGee
`
`WORK AREA
`
`904
`
`1
`
`FIG. 9
`
`II Add ServeriiiDelete Serveri[IJ![]III:I
`
`RingCentral Ex-1004, p. 11
`RingCentral v. Estech
`IPR2021-00574
`
`L .. f!Full search
`j .. ·n Simple search
`
`! .... Cl Acls
`j· .. ·Cl Edit entry RDN
`j ... ·Cl Delete entry
`! ... ·D Edit entry
`! ... ·D Add entry
`! .... D List entries
`
`G .... Cl Entries
`.
`
`g ... [) Search Tree
`! .... D Refresh Tree
`! .... D Browse Tree
`
`II ~ ACL Jl m Edit RDN
`
`II ~Edit II ·oB Delete
`
`II[ ~ Search II ~ Expand II ~ Add
`Ready
`
`j .... D Properties
`
`?
`
`"'\}
`
`Browse directory tree
`
`ldap:/ /localhost:389 ldap:/ /djb:389
`
`STATUS AREA 902
`
`Directory
`
`[O[IBM "·
`
`NAVIGATION PANEL 900
`
`~
`906
`
`~ .... l;lTree
`. EJ· .. D Attributes
`
`ciJ ... D Object classes
`! .... D Refresh schema
`' i .... D Browse schema
`~J-.. ·l;l Schema
`j L .. DRebind
`j
`'?····~ Server
`Introduction
`
`

`

`1--"
`~
`\0
`1--"
`'0-,
`Q
`\0
`'l.
`0'1
`\Jl
`
`e
`
`'"""'
`'"""'
`'"""' 0 ......,
`'"""'
`~ .....
`'JJ. =(cid:173)~
`
`N c c
`
`N
`
`~~
`~ !"l
`~
`
`~ = ......
`~ ......
`~
`\Jl .
`d .
`
`...-/ 1 018
`
`?
`
`lfOIWX]
`
`WORK AREA
`
`1004
`
`FIG. 10
`
`II Add Server Ill Delete Server III]!]
`
`RingCentral Ex-1004, p. 12
`RingCentral v. Estech
`IPR2021-00574
`
`I II Cancel I
`
`OK
`
`II
`
`1008
`!
`
`Search for:
`
`1014
`(
`4
`
`1016
`
`10 ...-/
`
`I!> Show all 0 Search on: laccessH~nt
`Select which directory entries to include in the results
`
`0
`
`1 O 12
`
`10 ...,/
`
`101 O
`
`}
`
`0 Organizational unit
`o Orgamzat1on
`o Lacali~y
`o Country
`
`0
`
`0 Other
`o Domain
`o Access role
`0 Access group
`0 Group
`I!> User
`Select the type of directory entry to find
`
`laaa
`
`Ready
`
`Simple directory search
`
`L.. ·[)A cis
`1····1::1 Edit entry RDN
`!····[)Delete entry
`!····[)Edit entry
`!····[)Add entry
`!---·D List entries 1 006
`
`"\
`
`G····D Entries
`!
`j
`
`'····[)Full se~1\
`i····[) Simple~rch
`
`!
`~····[)Tree
`j G···[) Attributes
`j ~···[)Object classes
`l ! .... [)Refresh schema
`! ····[)Browse schema
`1
`$····[)Schema
`L.. ·[)Rebind
`j
`!···{~Properties
`1
`$····[)Server
`Introduction
`
`G···D Search Tree
`!····[)Refresh Tree
`!···-[)Browse Tree
`
`STATUS AREA 1 002
`
`NAVIGATION PANEL 1 000
`
`Tool
`
`lbiiBt.l SecureWay Directory
`
`

`

`US 6,490,619 Bl
`
`1
`METHOD AND SYSTEM FOR MANAGING
`MULTIPLE LIGHTWEIGHT DIRECTORY
`ACCESS PROTOCOL DIRECTORY SERVERS
`
`FIELD OF THE INVENTION
`
`The present invention relates generally to an improved
`distributed data processing system and in particular to an
`improved method and apparatus for accessing information in
`a distributed system. Still more particularly, the present
`invention relates to a method and apparatus for managing
`LDAP directory servers.
`
`BACKGROUND OF THE INVENTION
`
`A directory service is a central point where network
`services, security services and applications can form an
`integrated distributed computing environment. Typical uses
`of a directory services may be classified into several cat(cid:173)
`egories. A "naming service", such as Directory Naming
`Service (DNS) DNS or Cell Directory Service (CDS), uses
`the directory as a source to locate an Internet Host address
`or the location of a given server. A "user registry", such as
`Novel Directory Services (NDS), stores information about
`users is a system comprised of a number of interconnected 25
`machines. Still another directory service is a "white pages"
`lookup provided by some mail clients, such as Netscape
`Communicator or Lotus Notes.
`With more and more applications and system services
`demanding a central information repository, the next gen(cid:173)
`eration directory server will need to provide system admin(cid:173)
`istrators with a data repository that can significantly ease
`administrative burdens. In the Internet/intranet environment,
`it will be required to provide user access to such information
`in a secure manner. It will be equally important to provide 35
`robust, and simple administrative tools to manage the direc(cid:173)
`tory content.
`LDAP (Lightweight Directory Access Protocol) is a soft(cid:173)
`ware protocol for providing directory service enablement to
`a large number of applications. These applications range 40
`from e-mail to distributed system management tools. LDAP
`is an evolving protocol model based on the client-server
`model in which a client makes a TCP/IP connection to an
`LDAP server. LDAP is a "lightweight" version of DAP
`(Directory Access Protocol), which is part of X.SOO, a 45
`standard for directory services in a network.
`The LDAP information model in particular, is based on an
`"entry", which contains information about some object.
`Entries are typically organized in a specified tree structure,
`and each entry is composed of attributes. An example LDAP 50
`directory is organized in a simple "tree" hierarchy consisting
`of the following levels:
`The "root" directory (the starting place or the source of
`the tree), which branches out to
`Countries, each of which branches out to
`Organizations, which branch out to
`Organizational units (divisions, departments, and so
`forth), which branches out to (includes an entry for)
`Individuals (which includes people, files, and shared
`resources such as printers)
`LDAP provides a number of known functions for manipu(cid:173)
`lating the data in the information model. These include
`search, compare, add, delete, and edit. It provides a rich set
`of searching capability with which users can assemble 65
`complex queries to return desired information for later
`viewing and updating.
`
`2
`An LDAP directory can be distributed among many
`servers, with parts of data residing on a set of machines.
`Another scenario is where each server contains a replicated
`version of the total directory that is synchronized periodi(cid:173)
`cally. An LDAP server is called a Directory System Agent
`(DSA). An LDAP server that receives a request from a user
`takes responsibility for the request, passing it to other DSAs
`as necessary, either through server chaining or client refer(cid:173)
`rals. Both cases ensure a single coordinated response for the
`10 user. Although directory structures can reside on a single
`server, there are several reasons for splitting directories
`across multiple machines. First, the directory may be too
`large to make it practical to store on a single server. Second,
`network administrators may want to keep the physical
`15 location of the server close to the expected clients to
`minimize network traffic.
`A referral is used to show where a parent tree may be
`located. LDAP provides a mechanism for searching direc(cid:173)
`tories and for "chasing" referrals; however, the mechanism
`20 has several limitations. First, it is not possible to search the
`entire domain since a base domain name must be provided.
`The best that can be done is to search the main domain one
`suffix at a time.
`Second, a referral chase does not show where the final
`results were found. A query that dereferences referrals may
`attempt many servers before finding the right one. This
`could drastically affect performance on subsequent related
`queries. Although these subsequent queries eventually may
`succeed, they go through the same server search as the
`30 original query rather that proceed directly to the correct
`server.
`Third, where chasing referrals, the client must bind to
`each referred to server. This means the bind request will
`either be treated as an anonymous request or the client will
`be prompted for additional account information. This could
`be especially important if access control is set in a manner
`where a different authorization ID must be used in order for
`the operation to succeed.
`Fourth, the search process cannot be customized by the
`user. For example, the user may want the search to be
`restricted to only two servers in an enterprise, but the LDAP
`search software forces all servers to be searched.
`To overcome these limitations it would be advantageous
`to have an improved method and apparatus for searching and
`manipulating data within a set of servers in a distributed
`network.
`
`SUMMARY OF THE INVENTION
`
`The present invention provides an improved method,
`apparatus, and instructions for locating a server in a distrib(cid:173)
`uted network using the Lightweight Directory Access Pro(cid:173)
`tocol (LDAP), maintaining information for the server, dis(cid:173)
`playing a tree of servers, browsing the tree of servers, and
`searching the tree of servers for an entry with specific
`55 attributes. The information maintained about the server
`includes its location, lists of attributes, and access control.
`The tree displayed can be for all servers combined or for an
`individual server. The search can be across the entire server
`or customized to a subset of servers. The search can be based
`60 on one of the following attributes: user, country, group,
`locality, access group, access role, organization, organiza(cid:173)
`tion unit, domain, or can be based on user defined attributes.
`
`BRIEF DESCRIPTION OF THE DRAWINGS
`
`The novel features believed characteristic of the invention
`are set forth in the appended claims. The invention itself,
`
`RingCentral Ex-1004, p. 13
`RingCentral v. Estech
`IPR2021-00574
`
`

`

`US 6,490,619 Bl
`
`10
`
`15
`
`4
`application from another computer coupled to the network.
`In the depicted example, server 104 provides data, such as
`boot files, operating system images, and applications to
`clients 108-112. Clients 108, 110, and 112 are clients to
`server 104. Distributed data processing system 100 may
`include additional servers, clients, and other devices not
`shown. In the depicted example, distributed data processing
`system 100 is the Internet with network 102 representing a
`worldwide collection of networks and gateways that use the
`TCP liP suite of protocols to communicate with one another.
`At the heart of the Internet is a backbone of high-speed data
`communication lines between major nodes or host
`computers, consisting of thousands of commercial,
`government, educational and other computer systems that
`route data and messages. Of course, distributed data pro(cid:173)
`cessing system 100 also may be implemented as a number
`of different types of networks, such as for example, an
`intranet, a local area network (LAN), or a wide area network
`(WAN). FIG. 1 is intended as an example, and not as an
`20 architectural limitation for the present invention.
`Referring to FIG. 2, a block diagram depicts a data
`processing system that may be implemented as a server, such
`as server 104 in FIG. 1, in accordance with a preferred
`embodiment of the present invention. Data processing sys-
`25 tern 200 may be a symmetric multiprocessor (SMP) system
`including a plurality of processors 202 and 204 connected to
`system bus 206. Alternatively, a single processor system
`may be employed. Also connected to system bus 206 is
`memory controller/cache 208, which provides an interface
`30 to local memory 209. 1/0 bus bridge 210 is connected to
`system bus 206 and provides an interface to 1!0 bus 212.
`Memory controller/cache 208 and 1!0 bus bridge 210 may
`be integrated as depicted.
`Peripheral component interconnect (PCI) bus bridge 214
`35 connected to 1!0 bus 212 provides an interface to PCI local
`bus 216. A number of modems may be connected to PCI bus
`216. Typical PCI bus implementations will support four PCI
`expansion slots or add-in connectors. Communications links
`to network computers 108-112 in FIG. 1 may be provided
`40 through modem 218 and network adapter 220 connected to
`PCI local bus 216 through add-in boards.
`Additional PCI bus bridges 222 and 224 provide inter(cid:173)
`faces for additional PCI buses 226 and 228, from which
`additional modems or network adapters may be supported.
`In this manner, server 200 allows connections to multiple
`network computers. A memory-mapped graphics adapter
`230 and hard disk 232 may also be connected to 1!0 bus 212
`as depicted, either directly or indirectly.
`Those of ordinary skill in the art will appreciate that the
`hardware depicted in FIG. 2 may vary. For example, other
`peripheral devices, such as optical disk drives and the like,
`also may be used in addition to or in place of the hardware
`depicted. The depicted example is not meant to imply
`55 architectural limitations with respect to the present inven-
`tion.
`The data processing system depicted in FIG. 2 may be, for
`example, an IBM RISC/System 6000 system, a product of
`International Business Machines Corporation in Armonk,
`60 N.Y., running the Advanced Interactive Executive (AIX)
`operating system.
`With reference now to FIG. 3, a block diagram illustrates
`a data processing system in which the present invention may
`be implemented. Data processing system 300 is an example
`of a client computer. Data processing system 300 employs a
`peripheral component interconnect (PCI) local bus architec(cid:173)
`ture. Although the depicted example employs a PCI bus,
`
`3
`however, as well as a preferred mode of use, further objec(cid:173)
`tives and advantages thereof, will best be understood by
`reference to the following detailed description of an illus(cid:173)
`trative embodiment when read in conjunction with the
`accompanying drawings, wherein:
`FIG. 1 is a pictorial representation of a distributed data
`processing system in which the present invention may be
`implemented;
`FIG. 2 is a block diagram of a data processing system that
`may be implemented as a server in accordance with a
`preferred embodiment of the present invention;
`FIG. 3 is a block diagram of a data processing system in
`which the present invention may be implemented in accor(cid:173)
`dance with a preferred embodiment of the present invention;
`FIG. 4 is a screen image of the user interface in accor(cid:173)
`dance with a preferred embodiment of the present invention;
`FIG. 5 is a block diagram showing an LDAP server hash
`table in accordance with a preferred embodiment of the
`present invention;
`FIG. 6A and FIG. 6B are screen images showing creation
`of an LDAP entry in accordance with a preferred embodi(cid:173)
`ment of the present invention;
`FIG. 7 is a screen image showing the creation of an LDAP
`directory server in accordance with a preferred embodiment
`of the present invention;
`FIG. 8 is a screen image showing the display of server
`properties in accordance with a preferred embodiment of the
`present invention;
`FIG. 9 is a screen image of the browse tree option in
`accordance with a preferred embodiment of the present
`invention; and
`FIG. 10 is a screen image of a directory tree search in
`accordance with a preferred embodiment of the present
`invention.
`
`DETAILED DESCRIPTION OF 1HE
`PREFERRED EMBODIMENT
`
`45
`
`This invention is designed to overcome the limitations of
`chasing LDAP referrals and to provide a user-friendly
`environment that allows server information to be displayed
`and manipulated in an intuitive manner. To understand the
`functionality of the invention it is best to examine a
`sequence of screen images showing how the user interacts
`with the system. The screen images shown are for a search
`operation but those of ordinary skill in the art will appreciate
`that any other LDAP operation could be performed.
`With reference now to the figures, FIG. 1 depicts a
`pictorial representation of a distributed data processing 50
`system in which the present invention may be implemented.
`Distributed data processing system 100 is a network of
`computers in which the present invention may be imple(cid:173)
`mented. Distributed data processing system 100 contains a
`network 102, which is the medium used to provide commu(cid:173)
`nications links between various devices and computers
`connected together within distributed data processing sys(cid:173)
`tem 100. Network 102 may include permanent connections,
`such as wire or fiber optic cables, or temporary connections
`made through telephone connections.
`In the depicted example, a server 104 is connected to
`network 102 along with storage unit 106. In addition, clients
`108, 110, and 112 also are connected to a network 102.
`These clients 108, 110, and 112 may be, for example,
`personal computers or network computers. For purposes of 65
`this application, a network computer is any computer,
`coupled to a network, which receives a program or other
`
`RingCentral Ex-1004, p. 14
`RingCentral v. Estech
`IPR2021-00574
`
`

`

`US 6,490,619 Bl
`
`5
`other bus architectures such as Micro Channel and Industry
`Standard Architecture may be used. Processor 302 and main
`memory 304 are connected to PCI local bus 306 through PCI
`bridge 308. PCI bridge 308 also may include an integrated
`memory controller and cache memory for processor 302.
`Additional connections to PCI local bus 306 may be made
`through direct component interconnection or through add-in
`boards. In the depicted example, local area network (LAN)
`adapter 310, Small Computer System Interface host bus
`adapter 312, and expansion bus interface 314 are connected 10
`to PCI local bus 306 by direct component connection. In
`contrast, audio adapter 316, graphics adapter 318, and
`audio/video adapter 319 are connected to PCI local bus 306
`by add-in boards inserted into expansion slots. Expansion
`bus interface 314 provides a connection for a keyboard and 15
`mouse adapter 320, modem 322, and additional memory
`324. SCSI host bus adapter 312 provides a connection for
`hard disk drive 326, tape drive 328, and CD-ROM drive 330.
`Typical PCI local bus implementations will support three or
`four PCI expansion slots or add-in connectors.
`An operating system runs on processor 302 and is used to
`coordinate and provide control of various components
`within data processing system 300 in FIG. 3. The operating
`system may be a commercially available operating system
`such as OS/2, which is available from International Business 25
`Machines Corporation. "OS/2" is a trademark of Interna(cid:173)
`tional Business Machines Corporation. An object oriented
`programming system such as Java may run in conjunction
`with the operating system and provides calls to the operating
`system from Java programs or applications executing on
`data processing system 300. "Java" is a trademark of Sun
`Microsystems, Inc. Instructions for the operating system, the
`object-oriented operating system, and applications or pro(cid:173)
`grams are located on storage devices, such as hard disk drive
`326, and may be loaded into main memory 304 for execution
`by processor 302.
`Those of ordinary skill in the art will appreciate that the
`hardware in FIG. 3 may vary depending on the implemen(cid:173)
`tation. Other internal hardware or peripheral devices, such as
`flash ROM (or equivalent nonvolatile memory) or optical
`disk drives and the like, may be used in addition to or in 40
`place of the hardware depicted in FIG. 3. Also, the processes
`of the present invention may be applied to a multiprocessor
`data processing system.
`For example, data processing system 300, if optionally
`configured as a network computer, may not include SCSI 45
`host bus adapter 312, hard disk drive 326, tape drive 328,
`and CD-ROM 330, as noted by dotted line 332 in FIG. 3
`denoting optional inclusion. In that case, the computer, to be
`properly called a client computer, must include some type of
`network communication interface, such as LAN adapter 50
`310, modem 322, or the like. As another example, data
`processing system 300 may be a stand-alone system con(cid:173)
`figured to be boatable without relying on some type of
`network communication interface, whether or not data pro(cid:173)
`cessing system 300 comprises some type of network com(cid:173)
`munication interface. As a further example, data processing 55
`system 300 may be a Personal Digital Assistant (PDA)
`device which is configured with ROM and/or flash ROM in
`order to provide nonvolatile memory for storing operating
`system files and/or user-generated data.
`The depicted example in FIG. 3 and above-described 60
`examples are not meant to imply architectural limitations.
`For example, data processing system 300 also may be a
`notebook computer or hand held computer in addition to
`taking the form of a PDA. Data processing system 300 also
`may be a kiosk or a Web appliance.
`FIG. 4 shows the basic layout of the screen. There are
`three major areas: Navigation Panel400 appears on the left,
`
`6
`Status Area 402 appears on the top right, Work Area 404
`appears on the middle/lower right. Navigation Panel 400 is
`where the user controls the search operation. Each server is
`associated with a tab 406 at the top of the navigation panel.
`Clicking on the tab brings the panel for the associated server
`to the front of the view area. Each server has a list of options
`408. Most options are self-explanatory; a few wil