CN101626365B - Directory server and system and method for realizing LDAP extended operation - Google Patents
Directory server and system and method for realizing LDAP extended operation Download PDFInfo
- Publication number
- CN101626365B CN101626365B CN 200810068467 CN200810068467A CN101626365B CN 101626365 B CN101626365 B CN 101626365B CN 200810068467 CN200810068467 CN 200810068467 CN 200810068467 A CN200810068467 A CN 200810068467A CN 101626365 B CN101626365 B CN 101626365B
- Authority
- CN
- China
- Prior art keywords
- directory
- ldap
- list server
- extended
- logic module
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Landscapes
- Computer And Data Communications (AREA)
- Information Retrieval, Db Structures And Fs Structures Therefor (AREA)
Abstract
The invention relates to a directory server and a system and a method for realizing LDAP extended operation. The directory server at least comprises a directory operation logic module used for completing LDAP operation carried in the request message of a directory service client. The realization system comprises the directory service client and the directory server. The method comprises the following steps that: firstly, the directory operation logic module of LDAP extended operation is established in the directory server; when service contact occurs, the directory service client sends a directory storage process extended request message to the directory server; and the directory server finds out and runs a corresponding directory operation logic module according to parameters in the received message, and then returns to a directory storage process extended request message after running the logic module. The directory server and the system and the method for realizing LDAP extended operation can execute LDAP basic operation repeatedly on the directory server through carrying out LDAP extended signaling interaction for just one time between the directory service client and the directory server.
Description
Technical field
The present invention relates to the directory service field, relate in particular to the realization system and method for a kind of LIST SERVER and LDAP extended operation.
Background technology
Directory service (Directory Service) provides information storage a kind of centralization, distributed and access stencil.Any application can be by general interface accessing directory service canned data.Directory access protocol (Directory Access Protocol, DAP) and LDAP (Lightweight Directory Access Protocol, LDAP) be exactly the general-purpose interface that is used for directory service client (Directory User Agent, DUA) access directory service.
X.500 standard bunch refers to the series of standards of the relevant directory service of ITU-T (The ITU Telecommunication Standardization Sector) definition.X.500 use DAP as the interface of DUA access directory service in; LDAP is the simplification of DAP, and the universal model that LDAP adopts is that client is carried out protocol operation for server, and this server is referred to as LIST SERVER (Directory Server, DS), and LIST SERVER provides directory service.In this model, DUA sends agreement request to DS, required operation is described, then DS is responsible for implementing necessary operation in directory service, after finishing necessary operation, most of interface of LDAP is similar on function with the response of result or the error message DUA to request service to return one, but and DAP comparatively speaking it is easier to realize.
Provide the DS of ldap interface access generally need to support nine basic LDAP operations, these basic operations can be divided three classes:
The first kind is query manipulation, comprises inquiry (Search) and relatively (Compare) operation, is used for the information of query directory service.
Equations of The Second Kind is for upgrading operation, comprises newly-increased (Add), deletion (Delete), revises (Modify) and revise and distinguish name (Modify DN (Distinguished Name)) operation, is used for upgrading the information of directory service.
The 3rd class is authentication and control operation, comprises binding (Bind), unbind (Unbind) and abandons (Abandon) operation.
The operation of clearly defined three types, ldap protocol has also defined a framework for increasing new extended operation to this agreement in above-mentioned LDAP standard, and it is to cater to new application to expand ldap protocol with certain rule that extended operation allows agreement.
In some special applications, once business often needs to carry out repeatedly DS operation and just can finish whole flow processing, and certain step during probably repeatedly DS operates need to rely on the result of front DS operation, that is to say, the local logic function module that has an access DS of DUA.
As shown in Figure 1, there is a logic function module in DUA, and one of them operating process is:
Step S101:DUA sends LDAP query requests 1, data to inquire A to DS;
Step S102:DS returns the response of LDAP query requests 1 to DUA, has carried the A value that inquires in the response; The situation of the DUA data A that inquiry obtains according to logical program is carried out different operations: if the value of A is A1, then carry out S103 to S104; If the value of A is A2, then carry out S105 to S106;
Step S103: then send LDAP query requests 2, data to inquire B to DS;
Step S104:DS returns the response of LDAP query requests 2 to DUA, has carried the B value that inquires in the response;
Step S105: then send LDAP query requests 3, data to inquire C to DS;
Step S106:DS returns the response of LDAP query requests 3 to DUA, has carried the C value that inquires in the response.
Use for these, if rely on merely common ldap interface, it is mutual to mean that DUA needs and DS carry out repeatedly, and the response time is each mutual temporal summation, and signalling bandwidth also is all mutual summations.If these application have specific (special) requirements to response time and performance, then need to provide the mode of a kind of more efficiently access DS.
Summary of the invention
Technical problem to be solved by this invention is, the realization system and method for a kind of LIST SERVER and LDAP extended operation is provided, the invention enables between DUA and DS as long as in the mutual situation of LDAP expanded signalling, just can on DS, repeatedly carry out the LDAP basic operation, and can the subsistence logic relation between each operation.
Based on ldap protocol, the present invention has defined the LDAP extended operation of a called after directory stores process (Execute) between DUA and DS, this extended operation comprises a directory stores process extended request message and a directory stores process extended response message.
A kind of LIST SERVER, at least comprise a directory operation logic module in the described LIST SERVER, the LDAP operation that this module is carried for the request message of finishing the directory service client, this module has a specific object identity, and this sign is also registered in directory service client and LIST SERVER in advance; The directory service client sends directory stores process extended request message to LIST SERVER, LIST SERVER is according to LDAP extended operation object identity entrained in the request message, find corresponding directory operation logic module and operation, move complete rear Returning catalogue storing process extended response message; And according to the practical situations of DUA, determine the operating process of directory service data and the logical relation of these operation rooms.
A kind of realization system of LDAP extended operation, comprise directory service client and LIST SERVER, at least comprise a directory operation logic module in the described LIST SERVER, the LDAP operation that this module is carried for the request message of finishing the directory service client, this module has a specific object identity, and this sign is also registered in directory service client and LIST SERVER in advance; The directory service client sends directory stores process extended request message to LIST SERVER, LIST SERVER is according to LDAP extended operation object identity entrained in the request message, find corresponding directory operation logic module and operation, move complete rear Returning catalogue storing process extended response message; And according to the practical situations of DUA, determine the operating process of directory service data and the logical relation of these operation rooms.
A kind of implementation method of LDAP extended operation, at first in LIST SERVER, set up the directory operation logic module of LDAP extended operation, described directory operation logic module has a specific object identity, and this sign is in advance registered in directory service client and LIST SERVER; When between directory service client and the LIST SERVER business contact being arranged, the directory service client sends the directory stores process extended request message of the directory stores process operation of predefined to LIST SERVER, described directory stores process operation is a LDAP extended operation, and have a prior defined specific object identity in directory service client and LIST SERVER, carry the object identity that characterizes the directory stores process operation in the described directory stores process extended request message, required input message when characterizing the object identity of directory operation logic module and the operation of respective directories operation logic module; LIST SERVER finds corresponding directory operation logic module and operation according to the parameter in the message that receives, and moves and returns a directory stores process extended response message after complete.
In the method, after described LIST SERVER is received ldap directory storing process extended request message, by the log-on message in the access LIST SERVER, find corresponding directory operation logic module according to the object identity that characterizes the directory operation logic module in the request message.
The invention enables between DUA and DS as long as in the mutual situation of LDAP expanded signalling, just can on DS, repeatedly carry out the LDAP basic operation, and can concern by subsistence logic between each operation.
Description of drawings
Fig. 1 is the interacting message schematic diagram when DUA uses common LDAP operation under the application-specific;
Fig. 2 is the message schematic diagram in preferred embodiment when work of system of the present invention;
Fig. 3 is the method for the invention flow chart.
Embodiment
Below in conjunction with accompanying drawing the preferred embodiments of the present invention are described, should be appreciated that preferred embodiment described herein only is used for description and interpretation the present invention, is not intended to limit the present invention.
Based on ldap protocol, the present invention has defined the LDAP extended operation of a called after directory stores process (Execute) in advance between DUA and DS, this extended operation comprises a directory stores process extended request message and a directory stores process extended response message, this extended operation has a specific object identity (Object Identifier), this sign defines in DUA and DS in advance, as shown in Figure 2.
System of the present invention comprises DUA and DS, in the present embodiment, includes two directory operation logic modules among the DS, is respectively Process1 and Process2, and this module is used for carrying out corresponding operation according to the request message of DUA.This module is the practical situations according to DUA, determine the logical relation of the operating process of directory service data and these operation rooms, this module also has a specific object identity (Object Identifier), in the present embodiment, their object identity difference 1 and 2, this sign is also registered in DUA and DS, as shown in Figure 2 in advance.
Fig. 3 is the flow chart of the method for the invention, may further comprise the steps:
S20:DUA determines the specific operation process of access DS and the logical relation of each operation, and set up the directory operation logic module of LDAP extended operation in DS according to the applied logic of Execute operation;
S202:DUA sends directory stores process extended request message to DS, required input message when carrying the object identity that characterizes the directory stores process operation, the object identity that characterizes the directory operation logic module and the operation of respective directories operation logic module in the message;
After directory system agent among the S203:DS (DSA) node is received request message, according to LDAP extended operation object identity in the request message, learn the operation into Execute; Then according to the object identity of the directory operation logic module in the message, the log-on message of access DS finds corresponding directory operation logic module and operation;
S204:DS Returning catalogue storing process extended response message characterizes Execute operation mark and the concrete directory operation logic module identification information except carrying in the information of returning, and also comprises the execution result of the directory operation logic module of DS.
Claims (4)
1. LIST SERVER, it is characterized in that, at least comprise a directory operation logic module in the described LIST SERVER, the LDAP operation that this module is carried for the request message of finishing the directory service client, this module has a specific object identity, and this sign is also registered in directory service client and LIST SERVER in advance; The directory service client sends directory stores process extended request message to LIST SERVER, LIST SERVER is according to LDAP extended operation object identity entrained in the request message, find corresponding directory operation logic module and operation, move complete rear Returning catalogue storing process extended response message; And according to the practical situations of DUA, determine the operating process of directory service data and the logical relation of these operation rooms.
2. the realization system of a LDAP extended operation, comprise directory service client and LIST SERVER, it is characterized in that, at least comprise a directory operation logic module in the described LIST SERVER, the LDAP operation that this module is carried for the request message of finishing the directory service client, this module has a specific object identity, and this sign is also registered in directory service client and LIST SERVER in advance; The directory service client sends directory stores process extended request message to LIST SERVER, LIST SERVER is according to LDAP extended operation object identity entrained in the request message, find corresponding directory operation logic module and operation, move complete rear Returning catalogue storing process extended response message; And according to the practical situations of DUA, determine the operating process of directory service data and the logical relation of these operation rooms.
3. the implementation method of a LDAP extended operation, it is characterized in that, at first in LIST SERVER, set up the directory operation logic module of LDAP extended operation, described directory operation logic module has a specific object identity, and this sign is in advance registered in directory service client and LIST SERVER; When between directory service client and the LIST SERVER business contact being arranged, the directory service client sends the directory stores process extended request message of the directory stores process operation of predefined to LIST SERVER, described directory stores process operation is a LDAP extended operation, and have a prior defined specific object identity in directory service client and LIST SERVER, carry the object identity that characterizes the directory stores process operation in the described directory stores process extended request message, required input message when characterizing the object identity of directory operation logic module and the operation of respective directories operation logic module; LIST SERVER finds corresponding directory operation logic module and operation according to the parameter in the message that receives, and moves and returns a directory stores process extended response message after complete.
4. the implementation method of LDAP extended operation as claimed in claim 3, it is characterized in that, in the method, after described LIST SERVER is received ldap directory storing process extended request message, by the log-on message in the access LIST SERVER, find corresponding directory operation logic module according to the object identity that characterizes the directory operation logic module in the request message.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN 200810068467 CN101626365B (en) | 2008-07-11 | 2008-07-11 | Directory server and system and method for realizing LDAP extended operation |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN 200810068467 CN101626365B (en) | 2008-07-11 | 2008-07-11 | Directory server and system and method for realizing LDAP extended operation |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN101626365A CN101626365A (en) | 2010-01-13 |
| CN101626365B true CN101626365B (en) | 2013-03-27 |
Family
ID=41522055
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN 200810068467 Active CN101626365B (en) | 2008-07-11 | 2008-07-11 | Directory server and system and method for realizing LDAP extended operation |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN101626365B (en) |
Families Citing this family (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103907111A (en) * | 2011-11-03 | 2014-07-02 | 瑞典爱立信有限公司 | Method, device and central server for providing service for LDAP client |
| CN103218378A (en) * | 2012-01-19 | 2013-07-24 | 阿尔卡特朗讯 | Method for carrying out database operation based on complicated logic on basis of LDAP (lightweight directory access protocol) |
| CN104243552B (en) * | 2014-08-19 | 2017-09-15 | 天津南大通用数据技术股份有限公司 | The method of express statistic catalogue subtree entry number based on LDAPV3 agreements |
| CN104410495B (en) * | 2014-11-19 | 2018-03-27 | 天津南大通用数据技术股份有限公司 | Catalogue certification implementation method based on LDAPV3 control operations |
Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1298155A (en) * | 1999-12-02 | 2001-06-06 | 国际商业机器公司 | Permanent cache memory for light weight |
| CN1859402A (en) * | 2006-02-10 | 2006-11-08 | 华为技术有限公司 | XML file manging system and its method, and control method for XML file access |
-
2008
- 2008-07-11 CN CN 200810068467 patent/CN101626365B/en active Active
Patent Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1298155A (en) * | 1999-12-02 | 2001-06-06 | 国际商业机器公司 | Permanent cache memory for light weight |
| CN1859402A (en) * | 2006-02-10 | 2006-11-08 | 华为技术有限公司 | XML file manging system and its method, and control method for XML file access |
Also Published As
| Publication number | Publication date |
|---|---|
| CN101626365A (en) | 2010-01-13 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN111052711B (en) | Method for discovering services provided by a network repository function | |
| CN110138606B (en) | Container network configuration method and system | |
| US20030110266A1 (en) | Apparatus and method of using session state data across sessions | |
| CN101437071B (en) | Method and equipment for management object instantiation of terminal equipment management tree | |
| US20040255010A1 (en) | Method, a controller, an arrangement and a computer program for managing a configuration of clustered computers | |
| CN101771723A (en) | Data synchronization method | |
| CN101626365B (en) | Directory server and system and method for realizing LDAP extended operation | |
| CN111935738A (en) | Method and system for multi-operator core network docking MEC | |
| JP2012516584A (en) | Method and apparatus for tracking management data changes | |
| US9952888B2 (en) | Method and system to dynamically instantiate virtual repository for any services | |
| CN104811922A (en) | Adjacent node registration method and the device and cross-node registration method and system | |
| US20170085673A1 (en) | Attribute Operating Method and Apparatus | |
| CN108076081B (en) | Method, device and system for synchronizing service data | |
| CN112788518A (en) | Location service processing method and related equipment | |
| EP2224381A1 (en) | Method and apparatus for case-based service composition | |
| CN101605301A (en) | A kind of group system and request message distribution method that carries out the multinode transaction | |
| CN101789963A (en) | Data synchronization system | |
| KR101846778B1 (en) | Method for ID Resolution Service and M2M System applying the same | |
| US20180018380A1 (en) | Maintaining Consistent Subscriber Data on Geo-Redundant Subscriber Databases | |
| WO2018107838A1 (en) | Method for resource creation and registration of application entity, and communication node device and terminal device | |
| CN101552695B (en) | A unified network management method and system for multi-disciplinary networks | |
| CN107656946B (en) | Method and system for redirecting business process | |
| CN105872015A (en) | Automatic discovering method of distributed assembly services in desktop cloud | |
| CN113596795B (en) | Device binding method, device and computer readable storage medium | |
| US20150282121A1 (en) | Local resource sharing method of machine to machine component and apparatus thereof |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant |