CN117453816B - User data unifying method, system, computer and storage medium - Google Patents

User data unifying method, system, computer and storage medium Download PDF

Info

Publication number
CN117453816B
CN117453816B CN202311380662.1A CN202311380662A CN117453816B CN 117453816 B CN117453816 B CN 117453816B CN 202311380662 A CN202311380662 A CN 202311380662A CN 117453816 B CN117453816 B CN 117453816B
Authority
CN
China
Prior art keywords
computer
active directory
cloud
user
user data
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202311380662.1A
Other languages
Chinese (zh)
Other versions
CN117453816A (en
Inventor
刘英戈
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Shanghai Ning Dun Mdt Infotech Ltd
Original Assignee
Shanghai Ning Dun Mdt Infotech Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Shanghai Ning Dun Mdt Infotech Ltd filed Critical Shanghai Ning Dun Mdt Infotech Ltd
Priority to CN202311380662.1A priority Critical patent/CN117453816B/en
Publication of CN117453816A publication Critical patent/CN117453816A/en
Application granted granted Critical
Publication of CN117453816B publication Critical patent/CN117453816B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/20Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
    • G06F16/27Replication, distribution or synchronisation of data between databases or within a distributed database system; Distributed database system architectures therefor
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/45Structures or tools for the administration of authentication

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Databases & Information Systems (AREA)
  • Computer Hardware Design (AREA)
  • Software Systems (AREA)
  • Computing Systems (AREA)
  • Data Mining & Analysis (AREA)
  • Storage Device Security (AREA)

Abstract

The present invention relates to the field of identity access management. The invention discloses a user data unifying method, a system, a computer and a storage medium, wherein the method comprises the following steps: when receiving a request for logging in a cloud active directory sent by a current information interaction device, a computer acquires user data in cloud active directory configuration, wherein the user data comprises user account information and user password information, a current user authentication request is sent to a local active directory according to the user account information and the user password information, and the user data is written into the cloud active directory under the condition that authentication is successful, so that a related person is prevented from manually logging in the cloud active directory by complex and cumbersome parameter configuration, the user data can be automatically synchronized and updated, and the working efficiency of the related person is improved.

Description

User data unifying method, system, computer and storage medium
Technical Field
The present invention relates to the field of identity access management, and in particular, to a user data unifying method, system, computer and storage medium.
Background
Active Directory (Active Directory) and cloud Active Directory (Azure Active Directory) are identity and access management solutions provided by microsoft corporation, and are used for centralized management, identity verification, access control, organization structure, security and other functions of users and computers, which have great influence on the operation and security of enterprises, wherein the Active Directory needs to be deployed locally, and the cloud Active Directory faces the cloud environment, and the enterprises can access and use through the internet.
Because the active directory and the cloud active directory are two cloud platforms which are independently operated, user data between the two platforms are also independent, however, for a nationwide enterprise using microsoft ecology, user data transmission between the two platforms by the enterprise is frequent, and therefore, the requirement for synchronizing the active directory with the cloud active directory by using the user data is common.
At present, if a user wants to synchronize user data of a cloud active directory and a local active directory through a cloud active directory connector provided by the cloud active directory, related personnel are required to manually perform complex and complicated parameter configuration, automatic synchronization and updating of the user data cannot be realized, and the related personnel are required to manually perform user data synchronization, so that the data synchronization is not timely, and the working efficiency of the related personnel is affected.
Disclosure of Invention
The application provides a unified method, a system, a computer and a storage medium for user data, which are used for acquiring user data in cloud activity catalog configuration when receiving a request for logging in the cloud activity catalog sent by current information interaction equipment, wherein the user data comprises user account information and user password information, sending a current user authentication request to a local activity catalog according to the user account information and the user password information, and writing the user data into the cloud activity catalog under the condition that authentication is successful, thereby avoiding related personnel from manually carrying out complex and complicated parameter configuration to log in the cloud activity catalog, enabling the user data to be automatically synchronized and updated, and improving the working efficiency of the related personnel.
In a first aspect, the present application provides a user data unifying method, which includes: when receiving a request for logging in a cloud active directory sent by a current information interaction device, the computer judges whether cloud active directory configuration of the current information interaction device is stored or not; the cloud active directory configuration comprises user data of the current information interaction device in the local active directory, wherein the user data comprises user account information and user password information; if the cloud active directory configuration of the current information interaction equipment is stored, the computer sends a current user authentication request to the local active directory, so that the local active directory authenticates the user account information and the password information; and the computer writes the user data into the cloud active directory under the condition that the computer receives an authentication success instruction sent by the local active directory.
By adopting the technical scheme, when receiving the request for logging in the cloud active directory sent by the current information interaction equipment, the computer acquires the user data in the cloud active directory configuration, sends the current user authentication request to the local active directory according to the user account information and the user password information in the user data, and writes the user data into the cloud active directory under the condition of successful authentication, thereby avoiding the complex and complicated parameter configuration by related personnel to log in the cloud active directory manually, enabling the user data to be automatically synchronized and updated, and improving the working efficiency of the related personnel.
In combination with some embodiments of the first aspect, in some embodiments, after the step of sending, by the computer, a current user authentication request to the local active directory if the cloud active directory configuration of the current information interaction device is stored, so that the local active directory authenticates the user account information and the password information, the step further includes: under the condition that the computer receives an authentication failure instruction sent by the local active directory, the computer acquires the distinguished name of the user account information; the computer queries the current user state according to the distinguished name; and under the condition that the current user state is deleted, the computer sends first prompt information to the current information interaction equipment, wherein the first prompt information is used for prompting related personnel that the user is in the deleted state.
By adopting the technical scheme, under the condition that authentication fails, the distinguishing name of the user account information is acquired and the user state is inquired, so that the state information of the user in the local active directory can be timely acquired, if the user state is deleted, the computer sends first prompt information to the current information interaction equipment to prompt related personnel that the user is in the deleted state, thereby providing real-time feedback of the user state, leading the related personnel to know the latest state of the user, definitely informing the related personnel that the user is deleted, avoiding misunderstanding and confusion, ensuring the accuracy and safety of the user information, and providing better user management and protection.
With reference to some embodiments of the first aspect, in some embodiments, after the step of querying the current user state by the computer according to the distinguished name, the step further includes: under the condition that the current user authentication fails, the computer detects the cloud activity directory configuration according to a preset configuration rule; when the cloud active directory configuration has errors, the computer sends second prompt information to the current information interaction device, wherein the second prompt information is used for prompting related personnel that the cloud active directory configuration has errors.
By adopting the technical scheme, by detecting the cloud active directory configuration, the computer detects that the cloud active directory configuration has errors, and sends the second prompt information to the current information interaction equipment to remind related personnel of the errors in the cloud active directory configuration, so that the related personnel can timely acquire notification of the configuration errors, further necessary measures are taken to modify the error configuration, and the real-time configuration error notification is provided to help the related personnel to respond and solve the problems more quickly, thereby improving the stability and reliability of the system.
With reference to some embodiments of the first aspect, in some embodiments, the cloud active directory is any one of a domestic version of the cloud active directory and an international version of the cloud active directory, and the step of writing the user account information and the user password information into the cloud active directory by a computer specifically includes: under the condition that the cloud active directory is a cloud active directory domestic version, the computer calls an interface corresponding to the cloud active directory domestic version and writes the user data into the cloud active directory domestic version; and under the condition that the cloud active directory is the cloud active directory international edition, the computer calls an interface corresponding to the cloud active directory international edition and writes the user data into the cloud active directory international edition.
By adopting the technical scheme, the computer can select the cloud active directory domestic version or the cloud active directory international version to be used by the user by calling the interfaces corresponding to the cloud active directory domestic version and the cloud active directory international version, so that the user can better adapt to the regional environment where the user is located and meet the requirements of the user, wherein the cloud active directory international version is suitable for the international user, user data are written into the cloud active directory international version, the overseas user can conveniently perform identity authentication, access control and platform data synchronization, and globalization service can be provided.
With reference to some embodiments of the first aspect, in some embodiments, after the step of writing the user data into the cloud active directory by the computer in a case where the computer receives an authentication success instruction sent by the local active directory, the step further includes: the computer detects the user data according to a preset time period to obtain a time stamp corresponding to the user data; when the timestamp of the user data changes, the computer resynchronizes the new user data into the cloud active directory.
By adopting the technical scheme, the computer detects the user data according to the preset time period so as to discover the change of the user data in time and resynchronize the new user data to the cloud active directory, so that the data in the cloud active directory and the user data in the local active directory can be ensured to be consistent, the automatic synchronization and updating of the user data can be realized, related personnel can see the latest data in the cloud active directory, the data do not need to be synchronized manually, and the working efficiency of the related personnel is improved.
With reference to some embodiments of the first aspect, in some embodiments, after the step of determining, by the computer, whether to save the cloud active directory configuration of the current information interaction device when the computer receives the request for logging in the cloud active directory sent by the current information interaction device, the step further includes: if the cloud activity directory configuration of the current information interaction device is not stored, the computer sends a configuration instruction to the current information interaction device, so that the current information interaction device completes the cloud activity directory configuration, and the cloud activity directory configuration specifically comprises type setting, version setting, user source setting, operation list setting, user authentication mode setting, user suffix setting and scope setting.
By adopting the technical scheme, when the current information interaction equipment does not perform cloud activity directory configuration, the computer sends the configuration instruction to the current information interaction equipment, so that the current information interaction equipment completes cloud activity directory configuration including type setting, version setting, user source setting and the like, related personnel can complete cloud activity directory configuration, and the computer can conveniently perform subsequent user authentication request, login to the cloud activity directory and user data transmission steps.
With reference to some embodiments of the first aspect, in some embodiments, after the step of sending, by the computer, a configuration instruction to the current information interaction device if the cloud activity directory configuration of the current information interaction device is not saved, the step further includes: when the computer detects that the current information interaction equipment performs the cloud activity catalog configuration, the computer configures the user authentication mode setting default as an open authorization setting; the computer sends third prompt information to the current information interaction device, wherein the third prompt information is used for prompting relevant personnel to fill in user suffixes.
By adopting the technical scheme, the related personnel authentication flow can be simplified by adopting the open authorization setting, the complicated identity verification steps are reduced, the use convenience of related personnel is improved, a unique authentication mark can be customized for each user by filling in the user suffix, the subsequent user identification and management are convenient, the authority management can be conveniently carried out according to the user suffix, and different access control and authority allocation are carried out on different users or user groups.
In a second aspect, an embodiment of the present application provides a user data unifying system, the data unifying system including a computer, the computer including: the device comprises a judging module, a sending module, a writing module, an acquisition module and a synchronization module; the computer is for performing the method as described in the first aspect and any possible implementation of the first aspect.
The judging module is used for judging whether cloud activity catalog configuration of the current information interaction equipment is stored or not when a request for logging in the cloud activity catalog sent by the current information interaction equipment is received; the cloud active directory configuration comprises user data of the current information interaction device in the local active directory, wherein the user data comprises user account information and user password information;
The sending module is used for sending a current user authentication request to the local active directory if the cloud active directory configuration of the current information interaction device is stored, so that the local active directory authenticates the user account information and the password information;
the writing module is used for writing the user data into the cloud active directory under the condition that an authentication success instruction sent by the local active directory is received;
In a third aspect, an embodiment of the present application provides a computer including: one or more processors and memory; the memory is coupled to the one or more processors, the memory for storing computer program code comprising computer instructions that the one or more processors call for causing the computer to perform the method as described in the first aspect and any possible implementation of the first aspect.
In a fourth aspect, embodiments of the present application provide a computer readable storage medium comprising instructions which, when run on a computer, cause the computer to perform a method as described in the first aspect and any possible implementation of the first aspect.
One or more technical solutions provided in the embodiments of the present application at least have the following technical effects or advantages:
1. According to the application, when receiving a request for logging in the cloud active directory sent by the current information interaction device, the computer acquires the user data in the cloud active directory configuration, wherein the user data comprises user account information and user password information, and sends a current user authentication request to the local active directory according to the user account information and the user password information, and the user data is written into the cloud active directory under the condition of successful authentication, so that the situation that related personnel manually perform complex and cumbersome parameter configuration to log in the cloud active directory is avoided, the user data can be automatically synchronized and updated, and the working efficiency of the related personnel is improved.
2. According to the application, the user account information distinguishing name is acquired and the user state is inquired under the condition of authentication failure, so that the state information of the user in the local active directory can be timely acquired, and if the user state is deleted, the computer sends the first prompt information to the current information interaction equipment to prompt related personnel that the user is in the deleted state, so that real-time feedback of the user state is provided, the related personnel can know the latest state of the user, and can clearly inform the related personnel that the user is deleted, the misunderstanding and confusion are avoided, the accuracy and safety of the user information can be ensured, and better user management and protection are provided.
3. According to the cloud active directory international edition and the cloud active directory international edition, interfaces corresponding to the cloud active directory domestic edition and the cloud active directory international edition are called by the computer, so that a user can select to use the cloud active directory domestic edition or the cloud active directory international edition, the regional environment where the user is located can be better adapted to the requirements of the user, the cloud active directory international edition is suitable for the international user, user data are written into the cloud active directory international edition, identity authentication, access control and platform data synchronization can be conveniently carried out by overseas users, and globalization services can be provided.
Drawings
FIG. 1 is a schematic diagram of an interactive scenario of a user data unification system in accordance with an embodiment of the present application.
Fig. 2 is a flow chart of a scheme method for logging in a cloud active directory and synchronizing data by related personnel in the related art of the application.
FIG. 3 is a flow chart of a user data unification method according to an embodiment of the present application.
Fig. 4 is another flow chart of the user data unifying method in the embodiment of the present application.
Fig. 5 is another flow chart of the user data unifying method in the embodiment of the present application.
Fig. 6 is a schematic diagram of a functional module structure of a user data unifying system in an embodiment of the present application.
Fig. 7 is a schematic diagram of a physical device structure of a user data unifying system according to an embodiment of the present application.
Detailed Description
The terminology used in the following embodiments of the application is for the purpose of describing particular embodiments only and is not intended to be limiting of the application. As used in the specification of the present application and the appended claims, the singular forms "a," "an," "the," and "the" are intended to include the plural forms as well, unless the context clearly indicates to the contrary. It should also be understood that the term "and/or" as used in this disclosure refers to and encompasses any or all possible combinations of one or more of the listed items.
The terms "first," "second," and the like, are used below for descriptive purposes only and are not to be construed as implying or implying relative importance or implicitly indicating the number of technical features indicated. Thus, a feature defining "a first" or "a second" may explicitly or implicitly include one or more such feature, and in the description of embodiments of the application, unless otherwise indicated, the meaning of "a plurality" is two or more.
Fig. 1 is a schematic diagram of an interaction scenario of the user data unified system of the present application, where the user data unified system includes a computer, and an information interaction device, a local active directory, and a cloud active directory that are communicatively connected to the computer, where the cloud active directory is divided into a domestic version of the cloud active directory and an international version of the cloud active directory. When a related person can use the information interaction device to send a request for logging in the cloud active directory to the computer, the computer can send a cloud active directory configuration instruction to the information interaction device, the computer can send a current user authentication request and a user data acquisition request to the local active directory, the local active directory can send a request result to the computer, and the computer can write user data into the cloud active directory so as to complete user data synchronization.
Fig. 2 is a flow chart of a scheme method for logging in a cloud active directory and synchronizing data by related personnel in the related art of the present application.
S201, configuring a cloud active directory connector by related personnel to finish the login of the cloud active directory, wherein the login comprises the steps of setting parameters of the connector, configuring a communication mode between the connector and the cloud active directory, designating the position and the connection mode of a local active directory and the like;
S202, using an importing tool provided by a cloud active directory connector by related personnel, manually importing user data of a local active directory into the cloud active directory;
and S203, when the user data is updated, the related personnel log in the cloud active directory connector again, and the user data of the local active directory is imported into the cloud active directory by manual operation by using an import tool provided by the cloud active directory connector.
It can be understood that in the related art, a user can manually synchronize the cloud active directory with the user data of the local active directory through a cloud active directory connector provided by the cloud active directory, but the use of the cloud active directory connector requires that related personnel manually perform complex and complicated parameter configuration, and automatic synchronization and update of the user data cannot be realized, and the related personnel are required to manually perform user data synchronization, so that the data synchronization is not timely, and the working efficiency of the related personnel is affected.
The foregoing is a scheme for logging in a cloud active directory and synchronizing data by related personnel in the related art of the present application, and the following describes a scheme of the user data unifying method of the present application with reference to fig. 3:
fig. 3 is a schematic flow chart of a user data unifying method in an embodiment of the present application.
S301, when a computer receives a request for logging in a cloud active directory sent by a current device, the computer judges whether cloud active directory configuration of the current information interaction device is stored or not;
The computer checks whether the configuration file or the database record of the information interaction device exists in the local storage, if the configuration file or the database record exists, the computer continues to execute the subsequent steps, if the configuration file or the database record does not exist, the computer sends a configuration instruction to the current information interaction device, the cloud activity catalog configuration comprises the step of obtaining user data in the local activity catalog, and the user data comprises user account information and user password information of the current information interaction device in the local activity catalog.
S302, if the cloud active directory configuration of the current information interaction equipment is stored, the computer sends a current user authentication request to the local active directory, so that the local active directory authenticates the user account information and the user password information;
After encrypting the user account information and the user password information, the computer constructs a current user authentication request message, wherein the current user authentication request message contains information such as the name of the computer, the user account, the user password hash value and the like, and encrypts and transmits the information by using a network identity authentication protocol, wherein the network identity authentication protocol is a protocol used for authenticating identity in a computer network.
S303, under the condition that the computer receives an authentication success instruction sent by the local active directory, the computer writes the user data into the cloud active directory;
The local active directory decrypts and analyzes the current user authentication request message, compares authentication information of a user with user data in the local active directory, judges whether the user is legal, namely whether user account information exists in the local active directory, whether user password information corresponds to the user account information, if the user is legal, the local active directory sends an authentication success instruction to a computer, then the computer calls a cloud active directory interface, writes the user account information and the password information into a corresponding data table of the cloud active directory, after the writing process is completed, the computer inquires the user account information in the cloud active directory, verifies whether the user account information and the user password information are successfully written, if so, the computer sends the user data to the cloud active directory, and the cloud active directory receives the data and carries out corresponding processing to ensure that the user data is kept synchronous with the user data in the local active directory in the cloud active directory.
In the above embodiment, when receiving the request for logging in the cloud active directory sent by the current information interaction device, the computer acquires the user data in the cloud active directory configuration, where the user data includes user account information and user password information, and sends the current user authentication request to the local active directory according to the user account information and the user password information, and the user data is written into the cloud active directory under the condition that authentication is successful, so that the user data is prevented from being manually logged in the cloud active directory by related personnel through complex and cumbersome parameter configuration, and the user data can be automatically synchronized and updated, and the working efficiency of the related personnel is improved.
The above is that the computer logs in the cloud active directory and synchronizes the user data, and the following describes the scheme of the present application with reference to fig. 4:
as shown in fig. 4, fig. 4 is another flow chart of the user data unifying method in the embodiment of the present application.
S401, if the cloud active directory configuration of the current information interaction equipment is stored, the computer sends a current user authentication request to the local active directory, so that the local active directory authenticates the user account information and the password information;
This step is similar to step S302 and will not be described again here.
S402, under the condition that the computer receives an authentication failure instruction sent by the local active directory, the computer acquires a distinguished name of the user account information;
Under the condition that an authentication failure instruction sent by a local active directory is received, the computer needs to acquire a distinguished name of user account information, wherein the distinguished name is a unique identifier for identifying a user account, in the local active directory system, the distinguished name is a character string for uniquely identifying each object, usually the position of each user account in a directory tree, each object can be uniquely identified through the distinguished name, and the user account can be searched, operated and quoted by using the distinguished name.
S403, the computer queries the current user state according to the distinguished name; under the condition that the current user state is deleted, the computer sends first prompt information to the current information interaction equipment;
the computer transmits the distinguished name to the local active directory by calling an interface of the local active directory, analyzes the returned data and obtains the state information of the current user from the returned data, wherein the state information of the user comprises different states such as deleted, disabled, enabled and the like, and if the state of the current user is deleted, the computer sends first prompt information to the current information interaction equipment, wherein the first prompt information is used for prompting related personnel that the current user is deleted.
S404, the computer detects the cloud activity directory configuration according to a preset configuration rule;
The preset rules are preset correct cloud activity directory configuration rules, and the correct cloud activity directory configuration rules comprise configuration such as type setting, version setting, user source setting, operation list setting, user authentication mode setting, user suffix setting, scope setting and the like, wherein the correct cloud activity directory configuration should enable configuration options to be in one-to-one correspondence, for example, when the version setting selects a domestic version, the scope setting should select a corresponding scope; and the computer detects cloud activity directory configuration configured by related personnel according to a preset configuration rule.
And S405, when the cloud active directory configuration has errors, the computer sends second prompt information to the current information interaction equipment.
If the cloud active directory configuration does not accord with the preset configuration rule of the cloud active directory, the subsequent login process is caused to be in error, the computer sends second prompt information to the current information interaction device, the second prompt information is used for prompting related personnel that the cloud active directory configuration is in error, and the related personnel can correspondingly check the error of the cloud active directory configuration according to the preset configuration rule in the computer.
In the above embodiment, the difference name of the user account information is obtained and the user state is queried under the condition of authentication failure, so that the state information of the user in the local active directory can be timely obtained, if the user state is deleted, the computer sends the first prompt information to the current information interaction device to prompt the relevant personnel that the user is in the deleted state, thereby providing real-time feedback of the user state, allowing the relevant personnel to know the latest state of the user, clearly informing the relevant personnel that the user is deleted, avoiding misunderstanding and confusion, ensuring the accuracy and safety of the user information, providing better user management and protection, detecting that the cloud active directory configuration has errors by detecting the cloud active directory configuration, sending the second prompt information to the current information interaction device to prompt the relevant personnel that the cloud active directory configuration has errors, allowing the relevant personnel to timely obtain notification of the configuration errors, further taking necessary measures to modify the error configuration, providing real-time configuration error notification to help the relevant personnel to respond and solve the problems more rapidly, and improving the stability and reliability of the system.
The foregoing is that the computer detects the reason of failure when receiving the authentication failure instruction sent by the local active directory, and the scheme of the present application is described with reference to fig. 5 below:
As shown in fig. 5, fig. 5 is another flow chart of the user data unifying method in the embodiment of the present application.
S501, when a request for logging in a cloud active directory sent by a current information interaction device is received, the computer judges whether cloud active directory configuration of the current information interaction device is stored or not;
This step is similar to step S301 and will not be described here.
S502, if cloud activity catalog configuration of the current information interaction equipment is not stored, the computer sends a configuration instruction to the current information interaction equipment;
The computer constructs configuration instructions, which comprise commands for requiring the current information interaction equipment to set cloud activity directory configuration by filling in, wherein the cloud activity directory configuration specifically comprises configuration such as type setting, version setting, user source setting, operation list setting, user authentication mode setting, user suffix setting, scope setting and the like.
S503, when the computer detects that the current information interaction device performs the cloud activity catalog configuration, the computer configures the default setting of the user authentication mode as an open authorization setting;
When the related personnel perform cloud activity catalog configuration, the computer sets default configuration of the user authentication mode as open authorization setting, so that the computer can directly acquire user account information and user password information of the related personnel when the related personnel log in the cloud activity catalog next time, so that the related personnel can log in the cloud activity catalog rapidly, but the related personnel can change the default configuration without adopting the open authorization setting.
S504, the computer sends third prompt information to the current information interaction equipment;
The third prompting information is used for prompting relevant personnel to fill in a user suffix, wherein the user suffix is a unique authentication identifier which is customized for the relevant personnel and used for user identification and authority management, and the user suffix needs to be filled in when the relevant personnel perform cloud activity catalog configuration, such as @ xxx.
In the above embodiment, when the current information interaction device does not perform cloud activity directory configuration, the computer sends a configuration instruction to the current information interaction device, so that the current information interaction device completes cloud activity directory configuration including type setting, version setting, user source setting and the like, related personnel can complete cloud activity directory configuration, the computer can conveniently perform subsequent user authentication request, log in cloud activity directory and user data transmission steps, and the adoption of open authorization setting can simplify related personnel authentication flow, reduce complicated identity verification steps, improve the use convenience of related personnel, customize a unique authentication identifier for each user by filling in user suffix, facilitate subsequent user identification and management, and can also conveniently perform authority management according to user suffix, and perform different access control and authority allocation for different users or user groups.
S505, if the cloud active directory configuration of the current information interaction device is stored, the computer sends a current user authentication request to the local active directory, so that the local active directory authenticates the user account information and the password information;
S506, under the condition that the computer receives an authentication success instruction sent by the local active directory, the computer writes the user data into the cloud active directory;
It is understood that steps S505-S506 are similar to steps S302-S303, and will not be repeated here.
S507, under the condition that the cloud active directory is a cloud active directory domestic version, the computer calls an interface corresponding to the cloud active directory domestic version and writes the user data into the cloud active directory domestic version;
It can be understood that when a related person initiates a request for logging in the cloud active directory through the current information interaction device, the related person can select to log in the cloud active directory domestic version or the cloud active directory international version by himself, when the related person selects to log in the cloud active directory domestic version, the computer invokes an interface corresponding to the cloud active directory domestic version and transmits user data as parameters to the interface of the cloud active directory domestic version, so that the related person can log in the cloud active directory domestic version.
S508, under the condition that the cloud active directory is the cloud active directory international edition, the computer calls an interface corresponding to the cloud active directory international edition and writes the user data into the cloud active directory international edition;
it can be understood that, S508 is similar to S507, S507 is an interface for calling the domestic version of the cloud active directory, and S508 is an interface for calling the international version of the cloud active directory, which is not described herein.
In the above embodiment, the computer invokes the interfaces corresponding to the cloud active directory domestic version and the cloud active directory international version, so that the user can select to use the cloud active directory domestic version or the cloud active directory international version, the regional environment where the user is located can be better adapted to the requirements of the user, the cloud active directory international version is suitable for the international user, the user data is written into the cloud active directory international version, the overseas user can conveniently perform identity authentication and access control platform data synchronization, and globalization service can be provided.
S509, the computer detects the user data according to a preset time period to obtain a time stamp corresponding to the user data;
In some embodiments, the computer detects the user data by setting a timing task or a timing trigger mechanism, and when the user data is updated, the timestamp corresponding to the user data is updated, so the computer determines whether the user data is updated by detecting whether the timestamp corresponding to the user data is updated.
S510, when the time stamp of the user data changes, the computer resynchronizes the new user data into the cloud active directory;
When the time stamp of the user data changes, the user data is updated, the computer sends the user data with the changed time stamp to the cloud active directory, and the synchronization of the user data in the local active directory to the cloud active directory is completed.
In the above embodiment, the computer detects the user data according to the preset time period to find the change of the user data in time and resynchronize the new user data to the cloud active directory, so that the data in the cloud active directory and the user data in the local active directory can be ensured to be consistent, the automatic synchronization and updating of the user data can be realized, the related personnel can see the latest data in the cloud active directory, the data do not need to be synchronized manually, and the working efficiency of the related personnel is improved.
The above embodiments are only for illustrating the technical solution of the present application, and are not limiting; although the application has been described in detail with reference to the foregoing embodiments, it will be understood by those of ordinary skill in the art that: the technical scheme described in the foregoing embodiments can be modified or some technical features thereof can be replaced by equivalents; such modifications and substitutions do not depart from the spirit of the application.
The system in the embodiment of the application is described from the module point of view:
fig. 6 is a schematic diagram of a functional module structure of a user data unified system according to an embodiment of the present application, where the user data unified system includes a computer.
The computer includes:
The judging module 601 is configured to judge whether a cloud active directory configuration of the current information interaction device is stored when a request for logging in the cloud active directory sent by the current information interaction device is received; the cloud active directory configuration comprises the steps of inputting user data of the current information interaction equipment in the local active directory, wherein the user data comprises user account information and user password information;
a sending module 602, configured to send a current user authentication request to the local active directory if the cloud active directory configuration of the current information interaction device is stored, so that the local active directory authenticates the user account information and the password information;
A writing module 603, configured to write the user data into the cloud active directory when receiving an authentication success instruction sent by the local active directory;
the system in the embodiment of the present application is described above from the point of view of the modularized functional entity, and the system in the embodiment of the present application is described below from the point of view of hardware processing, please refer to fig. 7, which is a schematic diagram of the physical device structure of a computer provided in the embodiment of the present application.
It should be noted that the structure of the computer shown in fig. 7 is only an example, and should not impose any limitation on the functions and the application scope of the embodiments of the present invention.
As shown in fig. 7, the computer includes a central processing unit (Central Processing Unit, CPU) 701 that can perform various appropriate actions and processes, such as performing the methods described in the above embodiments, according to a program stored in a Read-Only Memory (ROM) 702 or a program loaded from a storage section 708 into a random access Memory (Random Access Memory, RAM) 703. In the RAM 703, various programs and data required for computer operations are also stored. The CPU 701, ROM702, and RAM 703 are connected to each other through a bus 704. An Input/Output (I/O) interface 705 is also connected to bus 704.
The following components are connected to the I/O interface 705: an input section 706 including a camera, an infrared sensor, and the like; an output section 707 including a Liquid crystal display (Liquid CRYSTAL DISPLAY, LCD), a speaker, and the like; a storage section 708 including a hard disk or the like; and a communication section 709 including a network interface card such as a LAN (Local Area Network ) card, a modem, or the like. The communication section 709 performs communication processing via a network such as the internet. The drive 710 is also connected to the I/O interface 705 as needed. A removable medium 711 such as a magnetic disk, an optical disk, a magneto-optical disk, a semiconductor memory, or the like is mounted on the drive 710 as necessary, so that a computer program read therefrom is mounted into the storage section 708 as necessary.
In particular, according to embodiments of the present invention, the processes described above with reference to flowcharts may be implemented as computer software programs. For example, embodiments of the present invention include a computer program product comprising a computer program embodied on a computer readable medium, the computer program comprising a computer program for performing the method shown in the flowchart. In such an embodiment, the computer program may be downloaded and installed from a network via the communication portion 709, and/or installed from the removable medium 711. When the computer program is executed by a Central Processing Unit (CPU) 701, various functions defined in the present invention are performed.
It should be noted that, the computer readable medium shown in the embodiments of the present invention may be a computer readable signal medium or a computer readable storage medium, or any combination of the two. The computer readable storage medium can be, for example, but not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or a combination of any of the foregoing. More specific examples of the computer-readable storage medium may include, but are not limited to: an electrical connection having one or more wires, a portable computer diskette, a hard disk, a Random Access Memory (RAM), a read-Only Memory (ROM), an erasable programmable read-Only Memory (Erasable Programmable Read Only Memory, EPROM), a flash Memory, an optical fiber, a portable compact disc read-Only Memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing. In the context of this document, a computer readable storage medium may be any tangible medium that can contain, or store a program for use by or in connection with an instruction execution system, apparatus, or device. In the present invention, however, a computer-readable signal medium may include a data signal propagated in baseband or as part of a carrier wave, with a computer-readable computer program embodied therein. Such a propagated data signal may take any of a variety of forms, including, but not limited to, electro-magnetic, optical, or any suitable combination of the foregoing.
The flowcharts and block diagrams in the figures illustrate the architecture, functionality, and operation of possible implementations of systems, methods and computer program products according to various embodiments of the present invention. Where each block in the flowchart or block diagrams may represent a module, segment, or portion of code, which comprises one or more executable instructions for implementing the specified logical function(s). It should also be noted that, in some alternative implementations, the functions noted in the block may occur out of the order noted in the figures. For example, two blocks shown in succession may, in fact, be executed substantially concurrently, or the blocks may sometimes be executed in the reverse order, depending upon the functionality involved. It will also be noted that each block of the block diagrams or flowchart illustration, and combinations of blocks in the block diagrams or flowchart illustration, can be implemented by special purpose hardware-based systems which perform the specified functions or acts, or combinations of special purpose hardware and computer instructions.
Specifically, the system of the present embodiment includes a processor and a memory, where the memory stores a computer program, and when the computer program is executed by the processor, the user data unifying method provided in the foregoing embodiment is implemented.
As another aspect, the present invention also provides a computer-readable storage medium, which may be included in the system described in the above embodiment; or may exist alone without being assembled into the system. The storage medium carries one or more computer programs which, when executed by a processor of the system, cause the system to implement the methods provided in the embodiments described above.
The above embodiments are only for illustrating the technical solution of the present application, and are not limiting; although the application has been described in detail with reference to the foregoing embodiments, it will be understood by those of ordinary skill in the art that: the technical scheme described in the foregoing embodiments can be modified or some technical features thereof can be replaced by equivalents; such modifications and substitutions do not depart from the spirit of the application.
As used in the above embodiments, the term "when …" may be interpreted to mean "if …" or "after …" or "in response to determination …" or "in response to detection …" depending on the context. Similarly, the phrase "at the time of determination …" or "if detected (a stated condition or event)" may be interpreted to mean "if determined …" or "in response to determination …" or "at the time of detection (a stated condition or event)" or "in response to detection (a stated condition or event)" depending on the context.
In the above embodiments, it may be implemented in whole or in part by software, hardware, firmware, or any combination thereof. When implemented in software, may be implemented in whole or in part in the form of a computer program product. The computer program product includes one or more computer instructions. When loaded and executed on a computer, produces a flow or function in accordance with embodiments of the application, in whole or in part. The computer may be a general purpose computer, a special purpose computer, a computer network, or other programmable apparatus. The computer instructions may be stored in a computer-readable storage medium or transmitted from one computer-readable storage medium to another computer-readable storage medium, for example, the computer instructions may be transmitted from one website, computer, server, or data center to another website, computer, server, or data center by a wired (e.g., coaxial cable, fiber optic, digital subscriber line), or wireless (e.g., infrared, wireless, microwave, etc.). The computer readable storage medium may be any available medium that can be accessed by a computer or a data storage device such as a server, data center, etc. that contains an integration of one or more available media. The usable medium may be a magnetic medium (e.g., floppy disk, hard disk, magnetic tape), an optical medium (e.g., DVD), or a semiconductor medium (e.g., solid state disk), etc.
Those of ordinary skill in the art will appreciate that implementing all or part of the above-described method embodiments may be accomplished by a computer program to instruct related hardware, the program may be stored in a computer readable storage medium, and the program may include the above-described method embodiments when executed. And the aforementioned storage medium includes: ROM or random access memory RAM, magnetic or optical disk, etc.

Claims (7)

1. A user data unifying method applied to a user data unifying system, the user data unifying system comprising a local active directory and a cloud active directory, the data unifying system further comprising a computer, the method comprising:
When receiving a cloud activity directory login request sent by current information interaction equipment, a computer judges whether cloud activity directory configuration of the current information interaction equipment is stored or not; the cloud active directory configuration comprises user data of current information interaction equipment input into the local active directory, wherein the user data comprises user account information and user password information;
If the cloud active directory configuration of the current information interaction equipment is stored, the computer sends a current user authentication request to the local active directory, so that the local active directory authenticates the user account information and the password information;
Under the condition that the computer receives an authentication failure instruction sent by the local active directory, the computer acquires a distinguished name of the user account information, wherein the distinguished name is a unique identifier for identifying the user account;
The computer queries the current user state according to the distinguished name;
under the condition that the current user authentication fails, the computer detects the cloud activity directory configuration according to a preset configuration rule;
When the cloud active directory configuration has errors, the computer sends second prompt information to the current information interaction equipment, wherein the second prompt information is used for prompting related personnel that the cloud active directory configuration has errors;
Under the condition that the current user state is deleted, the computer sends first prompt information to the current information interaction equipment, wherein the first prompt information is used for prompting related personnel that the user is in the deleted state;
and under the condition that the computer receives an authentication success instruction sent by the local active directory, the computer writes the user data into the cloud active directory.
2. The method according to claim 1, wherein the cloud active directory is any one of a domestic version of the cloud active directory and an international version of the cloud active directory, and the step of writing the user account information and the user password information into the cloud active directory by the computer specifically includes:
under the condition that the cloud active directory is a cloud active directory domestic version, the computer calls an interface corresponding to the cloud active directory domestic version and writes the user data into the cloud active directory domestic version;
And under the condition that the cloud active directory is the cloud active directory international edition, the computer calls an interface corresponding to the cloud active directory international edition and writes the user data into the cloud active directory international edition.
3. The method of claim 1, wherein upon receiving an authentication success instruction sent by the local active directory, the computer writes the user data into the cloud active directory, the method further comprising:
The computer detects the user data according to a preset time period to obtain a time stamp corresponding to the user data;
when the timestamp of the user data changes, the computer resynchronizes new user data into the cloud active directory.
4. The method according to claim 1, wherein when the computer receives the request for logging in the cloud activity directory sent by the current information interaction device, the computer determines whether the cloud activity directory configuration of the current information interaction device is stored, and the method further comprises:
If the cloud activity directory configuration of the current information interaction device is not stored, the computer sends a configuration instruction to the current information interaction device, so that the current information interaction device completes the cloud activity directory configuration, and the cloud activity directory configuration specifically comprises type setting, version setting, user source setting, operation list setting, user authentication mode setting, user suffix setting and scope setting.
5. The method of claim 4, wherein after the step of sending the configuration instruction to the current information interaction device by the computer if the cloud activity directory configuration of the current information interaction device is not saved, the method further comprises:
when the computer detects that the current information interaction equipment performs the cloud activity directory configuration, the computer configures the user authentication mode setting default as an open authorization setting;
and the computer sends third prompt information to the current information interaction equipment, wherein the third prompt information is used for prompting related personnel to fill in user suffixes.
6. A computer, comprising: one or more processors and memory;
The memory is coupled to the one or more processors, the memory for storing computer program code comprising computer instructions that the one or more processors call to cause the computer to perform the method of any of claims 1-5.
7. A computer readable storage medium comprising instructions which, when run on a computer, cause the computer to perform the method of any of claims 1-5.
CN202311380662.1A 2023-10-24 2023-10-24 User data unifying method, system, computer and storage medium Active CN117453816B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202311380662.1A CN117453816B (en) 2023-10-24 2023-10-24 User data unifying method, system, computer and storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202311380662.1A CN117453816B (en) 2023-10-24 2023-10-24 User data unifying method, system, computer and storage medium

Publications (2)

Publication Number Publication Date
CN117453816A CN117453816A (en) 2024-01-26
CN117453816B true CN117453816B (en) 2024-05-07

Family

ID=89590254

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202311380662.1A Active CN117453816B (en) 2023-10-24 2023-10-24 User data unifying method, system, computer and storage medium

Country Status (1)

Country Link
CN (1) CN117453816B (en)

Citations (15)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CA2457312A1 (en) * 2004-02-09 2005-08-09 Reeves Communication Inc. Interactive management of digital rights and method therefor
CN101605030A (en) * 2008-06-13 2009-12-16 新奥特(北京)视频技术有限公司 A kind of uniform authentication realizing method of using towards TV station based on Active Directory
WO2013093209A1 (en) * 2011-12-21 2013-06-27 Ssh Communications Security Oyj Automated access, key, certificate, and credential management
CN103618767A (en) * 2013-11-15 2014-03-05 华为技术有限公司 Virtual machine configuration method and related equipment
CN103795690A (en) * 2012-10-31 2014-05-14 华为技术有限公司 Cloud access control method, proxy server, and cloud access control system
CN106534219A (en) * 2016-12-31 2017-03-22 中国移动通信集团江苏有限公司 Security authentication method and device for desktop cloud portal
CN107222487A (en) * 2017-06-13 2017-09-29 杭州亿方云网络科技有限公司 A kind of account docking system for mixing cloud environment
CN109862565A (en) * 2019-02-11 2019-06-07 广东省城乡规划设计研究院 A kind of WLAN unaware control method, system and readable storage medium storing program for executing
CN110892676A (en) * 2017-07-14 2020-03-17 维萨国际服务协会 Token provisioning using a secure authentication system
CN112104623A (en) * 2020-08-31 2020-12-18 北京爱奇艺科技有限公司 Cloud application login method and device, cloud equipment, client and system
CN112118269A (en) * 2020-10-16 2020-12-22 统信软件技术有限公司 Identity authentication method, system, computing equipment and readable storage medium
CN114363165A (en) * 2022-01-06 2022-04-15 中国工商银行股份有限公司 Configuration method of electronic equipment, electronic equipment and server
CN114745203A (en) * 2022-05-13 2022-07-12 长扬科技(北京)有限公司 Method and device for monitoring full life cycle of user account
CN115022047A (en) * 2022-06-02 2022-09-06 鸬鹚科技(深圳)有限公司 Account login method and device based on multi-cloud gateway, computer equipment and medium
CN116170201A (en) * 2023-02-07 2023-05-26 北京易捷思达科技发展有限公司 Authentication method and device suitable for cloud product and storage medium

Family Cites Families (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20080040455A1 (en) * 2006-08-08 2008-02-14 Microsoft Corporation Model-based deployment and configuration of software in a distributed environment
US20160014077A1 (en) * 2014-07-10 2016-01-14 Aorato Ltd. System, Method and Process for Mitigating Advanced and Targeted Attacks with Authentication Error Injection
US11757849B2 (en) * 2015-10-28 2023-09-12 Qomplx, Inc. Detecting and mitigating forged authentication object attacks in multi-cloud environments

Patent Citations (15)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CA2457312A1 (en) * 2004-02-09 2005-08-09 Reeves Communication Inc. Interactive management of digital rights and method therefor
CN101605030A (en) * 2008-06-13 2009-12-16 新奥特(北京)视频技术有限公司 A kind of uniform authentication realizing method of using towards TV station based on Active Directory
WO2013093209A1 (en) * 2011-12-21 2013-06-27 Ssh Communications Security Oyj Automated access, key, certificate, and credential management
CN103795690A (en) * 2012-10-31 2014-05-14 华为技术有限公司 Cloud access control method, proxy server, and cloud access control system
CN103618767A (en) * 2013-11-15 2014-03-05 华为技术有限公司 Virtual machine configuration method and related equipment
CN106534219A (en) * 2016-12-31 2017-03-22 中国移动通信集团江苏有限公司 Security authentication method and device for desktop cloud portal
CN107222487A (en) * 2017-06-13 2017-09-29 杭州亿方云网络科技有限公司 A kind of account docking system for mixing cloud environment
CN110892676A (en) * 2017-07-14 2020-03-17 维萨国际服务协会 Token provisioning using a secure authentication system
CN109862565A (en) * 2019-02-11 2019-06-07 广东省城乡规划设计研究院 A kind of WLAN unaware control method, system and readable storage medium storing program for executing
CN112104623A (en) * 2020-08-31 2020-12-18 北京爱奇艺科技有限公司 Cloud application login method and device, cloud equipment, client and system
CN112118269A (en) * 2020-10-16 2020-12-22 统信软件技术有限公司 Identity authentication method, system, computing equipment and readable storage medium
CN114363165A (en) * 2022-01-06 2022-04-15 中国工商银行股份有限公司 Configuration method of electronic equipment, electronic equipment and server
CN114745203A (en) * 2022-05-13 2022-07-12 长扬科技(北京)有限公司 Method and device for monitoring full life cycle of user account
CN115022047A (en) * 2022-06-02 2022-09-06 鸬鹚科技(深圳)有限公司 Account login method and device based on multi-cloud gateway, computer equipment and medium
CN116170201A (en) * 2023-02-07 2023-05-26 北京易捷思达科技发展有限公司 Authentication method and device suitable for cloud product and storage medium

Non-Patent Citations (4)

* Cited by examiner, † Cited by third party
Title
A Real-Time Detection Method of Software Configuration Errors Based on Fine-Grained Configuration Item Types;Li Zhang;《scientific programming》;20220228;第2022卷;1-13页 *
基于域活动目录的网络准入控制方案的研究;张俊贤;《微型电脑应用》;20101020;第26卷(第10期);16-18+1 *
统一身份验证在微软云环境中的应用;丛林;;微型电脑应用;20130220(第02期);47-50 *
配置Azrue与本地AD目录集成;huangbowen2005;《https://blog.51cto.com/fjcloud/1880335》;20161207;1-9页 *

Also Published As

Publication number Publication date
CN117453816A (en) 2024-01-26

Similar Documents

Publication Publication Date Title
CN106936817B (en) Operation execution method, board jump machine, cluster authentication server and bastion machine system
US10778669B2 (en) Autonomous configuration of email clients during email server migration
US8200863B2 (en) Device management apparatus, device management system, information management method, information management program and recording medium storing the program therein
US8392569B2 (en) Data delivery system and data delivery method
US9703969B2 (en) Image forming system, service providing server, information processing terminal, image forming device and non-transitory computer readable recording medium
EP4247022A1 (en) Sharing system and method for virtual key
US20150012655A1 (en) Automatic network domain diagnostic repair and mapping
JP2018082248A (en) Sensor opening test system, sensor opening test management terminal, sensor, sensor opening test method, and program
CN112417401A (en) Account verification method, device and system and computer readable storage medium
JP2011175402A (en) Access control linkage system and access control linkage method
US20150358505A1 (en) Imaging Device-Based User Authentication System and Methods
CN117453816B (en) User data unifying method, system, computer and storage medium
CN116627595A (en) Virtual machine creation method and related components
CN110329865B (en) Elevator inspection support system and elevator operation information management method
CN105009557A (en) Display and manipulate call forwarding on no reply timer in called terminal
CN112397190A (en) Medical equipment system in hospital and equipment management method thereof
JP6848275B2 (en) Program, authentication system and authentication cooperation system
US11561917B2 (en) USB connection management
JP2014026597A (en) Software providing system, portal server, providing server, providing method, and program
CN113010365A (en) System running state monitoring method, system running state detection device, electronic equipment and storage medium
US20220279340A1 (en) Configuration providing device, communication system, configuration providing method and non-transitory computer readable medium storing program
JP6415155B2 (en) Server system, method, and program thereof
US20220174068A1 (en) System and method for securely connecting a test and measurement instrument to a web service
CN104092652A (en) Data processing system and method
US20160212112A1 (en) Message communication system and operation method thereof

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant