CN101674319B

CN101674319B - Method, system and equipment for accounting and accessing data

Info

Publication number: CN101674319B
Application number: CN200810148904A
Authority: CN
Inventors: 贾军军; 苏锋; 曹俊亮; 王澜
Original assignee: Huawei Technologies Co Ltd
Current assignee: Huawei Technologies Co Ltd
Priority date: 2008-09-09
Filing date: 2008-09-09
Publication date: 2012-09-05
Anticipated expiration: 2028-09-09
Also published as: CN101674319A

Abstract

The invention discloses a method, a system and equipment for accounting and accessing data, which belong to the field of communications. The accounting method comprises the following steps: receiving an entry adding request; if the adding request is determined as an adding request based on an identification type entry, judging whether an attribute value of the identification type entry appears in an established directory information tree or not; and if not, adding the identification type entry into the directory information tree according to a full entry name of the identification type entry. The accessing method comprises the following steps: receiving an entry accessing request; if the accessing request is confirmed as an accessing request based on the identification type entry, searching index information of the identification type entry according to access route information to confirm full route information of the identification type entry to be accessed; and executing accessing operation based on the identification type entry according to the full route information. The system comprises an access server and an access client. The method, the system and the equipment ensure the uniqueness of the identification attribute value of the identification type entry, solve the accessing problem in an LDAP according to the identification type entry, and simplify the access interaction based on the identification type entry.

Description

Method, system and equipment for opening account and accessing data

Technical Field

The present invention relates to the field of communications, and in particular, to a method, system, and device for opening an account and accessing data.

Background

LDAP (Lightweight Directory Access Protocol) is a Directory services Access Protocol based on a client/server model. When the LDAP technology is used for solving the application of HLR (Home Location Register)/HSS (Home Subscriber Server), the application process is as follows: firstly, the data in HLR or HSS is put into the fusion database, and HLR/HSS FE (Front End) accesses the fusion database through LDAP interface to obtain the user data needed by HLR/HSS FE. Taking LDAP as an example for applying to HLR as an illustration, referring to fig. 1, a schematic diagram of a partial directory information Tree applied to HLR is provided, where the Directory Information Tree (DIT) is a directory Tree composed of entries, and a so-called Entry (Entry) refers to a node of the directory information Tree, is a basic unit in the directory information Tree, and is composed of one or more object classes; uniquely identifying an entry in a directory information tree using an entry name (DN); for example, for the entry "MSISDN 1351111111, IMSI (client Identification Number) 460031111111, DN of dc root" is "MSISDN 1351111111, IMSI 460031111111, dc root"; identifying child entries under the same parent entry using the Relative Name (RDN) of the entry; for example, for the entry "MSISDN-1351111111, IMSI-460031111111, dc-root", "MSISDN-1351111111" is a child entry of its parent entry "IMSI-460031111111", whose RDN is "MSISDN-1351111111".

In implementing the present invention, the inventor finds that the existing application of solving HLR/HSS by using LDAP has at least the following disadvantages and shortcomings:

the existing LDAP technology cannot guarantee that the MSISDN value of the MSISDN entry (or the IMPI value of the IMPI entry) is not repeated in its directory information tree, taking the MSISDN entry as an example: after receiving an account opening request, the existing LDAP technology analyzes the account opening request to obtain the full DN of an entry to be added, and then judges whether the same MSISDN value exists under the parent entry IMSI, if not, the corresponding adding operation is completed by the fusion database, and before adding an MSISDN entry or adding an IMPI in the account opening process, the MSISDN entry is not compared with MSISDN entries or IMPIs already existing under other parent entries IMSI, so that the MSISDN entry cannot be guaranteed not to be repeated in the HLR DIT.

When the existing LDAP technology is used for operations such as adding, modifying and deleting, firstly, an HLR/HSS sends an LDAP query request to a fusion database, the fusion database queries the full DN of the MSISDN entry or the IMPI entry according to the MSISDN or the IMPI carried in the request and returns the full DN in a query response, after the query response is received, the HLR/HSS forms the full DN of a newly-added entry according to the full DN and service information carried in a new service adding request, the LDAP adding request is sent to the fusion database, the fusion database completes corresponding adding operation, and the operation mode needs to be interacted for many times, and the processing flow is complex.

Disclosure of Invention

In one aspect, embodiments of the present invention provide a method, system, and device for opening an account for data, so as to implement that attribute values of an MSISDN entry or an IMPI entry in an LDAP are not duplicated. The technical scheme is as follows:

a method of data account opening, the method comprising:

receiving an entry adding request, wherein the entry adding request carries an attribute name, an attribute value and a full entry name of an entry;

if the entry adding request is determined to be an entry adding request based on an identification type entry, judging whether the attribute value of the identification type entry appears in the established directory information tree, if not, adding the identification type entry in the directory information tree according to the full entry name of the identification type entry, wherein the identification type entry appears at a fixed position of the directory information tree, has the same identification type attribute name, and the attribute value is not repeated in the directory information tree;

and if the attribute value of the identification type entry appears in the established directory information tree, returning an addition failure response.

In one aspect, embodiments of the present invention provide a method, system, and apparatus for data access to simplify an operation of accessing an MSISDN entry or an IMPI entry in LDAP. The technical scheme is as follows:

a method of data access, the method comprising:

receiving an access request for an entry, wherein access path information carried in the access request at least comprises a relative name RDN of the entry to be accessed;

if the access request is determined to be based on the identification type entry, inquiring identification type entry index information according to the access path information to determine the full path information of the identification type entry to be accessed, wherein the identification type entry index information records the mapping relation between the attribute value of the identification type entry and the full path information thereof;

according to the full path information, executing access operation based on the identification type item;

wherein the determining that the access request is an access request based on an identification class entry comprises:

judging whether the access request is in a virtual path access mode or in a direct access mode with an identification type entry as an entry, and if so, determining that the access request is based on the identification type entry.

In yet another aspect, a system for opening an account for data is provided, the system comprising: an access server and an access client; wherein,

the access server is used for receiving an entry adding request sent by the access client, wherein the entry adding request carries an attribute name, an attribute value and a full entry name of the entry; if the entry adding request is determined to be an entry adding request based on an identification type entry, judging whether the attribute value of the identification type entry appears in the established directory information tree, if not, adding the identification type entry in the directory information tree according to the full entry name of the identification type entry, wherein the identification type entry appears at a fixed position of the directory information tree, has the same identification type attribute name, and the attribute value is not repeated in the directory information tree; if the attribute value of the identification type item appears in the established directory information tree, returning an addition failure response;

and the access client is used for sending an entry adding request to the access server.

In still another aspect, an access server is provided, where the access server includes:

a receiving module, configured to receive an entry adding request sent by the access client, where the entry adding request carries an attribute name, an attribute value, and a full entry name of the entry;

a determining module, configured to determine whether the add entry request is an add entry request based on an identified class entry;

the judging module is used for judging whether the attribute value of the identification type item appears in the established directory information tree or not after the determining module determines that the item adding request is an item adding request based on the identification type item;

the adding module is used for adding the identification type items in the directory information tree according to the full item names of the identification type items when the judgment result of the judging module is negative, wherein the identification type items appear at fixed positions of the directory information tree, have the same identification type attribute names and have no repeated attribute values in the directory information tree;

and the return module is used for returning an addition failure response to the access client if the judgment module judges that the attribute value of the identification type entry appears in the established directory information tree.

In yet another aspect, a system for data access is provided, the system comprising: an access server and an access client, wherein,

the access server is used for receiving an access request for an entry, wherein the access path information carried in the access request at least comprises a relative name RDN of the entry to be accessed; if the access request is determined to be based on the identification type entry, inquiring identification type entry index information according to the access path information to determine the full path information of the identification type entry to be accessed, wherein the identification type entry index information records the mapping relation between the attribute value of the identification type entry and the full path information thereof; according to the full path information, executing access operation based on the identification type item;

the access client is used for sending the access request for the entry to the access server;

the device comprises a receiving module, a judging module and a judging module, wherein the receiving module is used for receiving an access request for an entry, and the access path information carried in the access request at least comprises a relative name RDN of the entry to be accessed;

a determining module, configured to determine whether the access request is an access request based on an identification class entry;

the query module is used for determining that the access request is based on the identification type entry after the determining module determines that the access request is based on the identification type entry; inquiring identification type entry index information according to the access path information to determine full path information of the identification type entry to be accessed, wherein the identification type entry index information records the mapping relation between the attribute value of the identification type entry and the full path information thereof;

an execution module, configured to execute an access operation based on an identifier entry according to the full path information obtained by the query module, where the determination module specifically includes:

the first judging unit is used for judging whether the access request is a virtual path access mode or not, and if so, determining that the access request is an access request based on an identification type entry; and/or

And the second judging unit is used for judging whether the access request is in a direct access mode with an identification type entry as an entry, and if so, determining that the access request is based on the identification type entry.

The technical scheme provided by the embodiment of the invention has the beneficial effects that:

the embodiment of the invention ensures the uniqueness of the identification attribute value of the identification type item under the directory information tree by introducing the concept of the identification type item, and simplifies the access interaction process of the identification type item in the LDAP.

Drawings

Fig. 1 is a diagram illustrating a partial directory information tree of an HLR application provided in the prior art;

FIG. 2 is a flowchart of a method for guaranteeing uniqueness of an attribute value of an identification class attribute MSISDN of an MSISDN entry by a converged database according to embodiment 1 of the present invention;

fig. 3 is a schematic diagram of part of the DIT of the HLR application for establishing virtual Alias for MSISDN according to embodiment 1 of the present invention;

fig. 4 is a flowchart of a sub-entry operation for increasing MSISDN in a virtual Alias access manner according to embodiment 1 of the present invention;

fig. 5 is a flowchart of an operation of deleting an attribute value of an identifier attribute MSISDN of an MSISDN entry in a virtual Alias access manner according to embodiment 1 of the present invention;

fig. 6 is a schematic diagram of a direct access manner using MSISDN as an entry according to embodiment 1 of the present invention;

fig. 7 is a flowchart of a sub-entry operation for increasing an MSISDN in a direct access mode with an MSISDN as an entry according to embodiment 1 of the present invention;

fig. 8 is a flowchart of an operation of deleting an attribute value of an identifier class attribute of an MSISDN entry in an access interface according to embodiment 1 of the present invention;

FIG. 9 is a flowchart of a method for analyzing an access path by an LDAP server to identify an access mode according to embodiment 1 of the present invention;

FIG. 10 is a schematic diagram of a data account opening system provided in embodiment 2 of the present invention;

fig. 11 is a schematic diagram of an access server provided in embodiment 3 of the present invention;

FIG. 12 is a schematic diagram of a data access system provided in embodiment 4 of the present invention;

fig. 13 is a schematic diagram of an access server provided in embodiment 5 of the present invention;

fig. 14 is another schematic diagram of the access server provided in embodiment 5 of the present invention.

Detailed Description

In order to make the objects, technical solutions and advantages of the present invention more apparent, embodiments of the present invention will be described in detail with reference to the accompanying drawings.

When implementing the embodiment of the present invention, the inventor finds that the MSISDN entry under HLR or IMPI entry under HSS has the same characteristics:

1. occurs at a fixed location in the directory information tree;

2. have the same attribute name, (i.e., the RDN attribute names are the same);

3. its attribute value (MSISDN value or IMPI value) is unique in the directory information tree and must not be repeated.

Based on the characteristics, the inventor defines the items with the characteristics as identification type items uniformly, expands the LDAP protocol, and indicates the identification type items by adding an indication form, so that the server can determine which types of items are the identification type items after loading the model.

Based on the basis of defining the identification class entries, when newly adding the identification class entries (new account opening) to the LDAP, the uniqueness check of the identification class entries is required, and corresponding adding operation is performed when the identification class entries are determined to be unique, so that the uniqueness of the identification attribute values of the identification class entries under a directory information tree is ensured; in addition, according to the characteristics of the identification type entry, the embodiment of the invention also provides a method for accessing the identification type entry, so as to solve the problem that the access interaction times based on the identification type entry are large in the prior art, and the specific implementation mode of the method is used for follow-up delivery.

The data account opening is the operation of adding an identification item, and the data access method refers to the operation of adding, deleting, modifying, inquiring and the like on the identification data which is already opened.

First, the method for opening an account of an identification class entry provided in an embodiment of the present invention is introduced to implement that attribute values of identification class entries such as MSISDN or IMPI in LDAP are not duplicated.

As described above, the MSISDN entries applied by the HLR have the same RDN attribute "MSISDN" and the MSISDN values thereof cannot be repeated, and the MSISDN entries are described as identification class entries by extending the LDAP technique, and there may be a plurality of extension description manners, where one description manner is to indicate which types of entries are identification class entries by adding indicators.

The definition of the entry type in RFC4512 is described by the ditcotentlaundescription, and a specific ABNF (extended back-Naur Form) syntax is defined as follows:

wherein < numeric > is used to represent the ID of the structure object class to which the entry type belongs; NAME < qdescrs > is used to describe the short NAME of the entry type; DESC < qdstring > is used to simply describe the entry type; obsollete is used to indicate whether the entry type definition is active or not; AUX < oids > is used to enumerate the IDs of all auxiliary object classes contained in the entry type; MUST < oids > is used to list the mandatory properties that this entry type contains; MAY < oids > is used to list the optional properties that this entry type contains; NOT < oids > is used to list the attributes that cannot appear in the entry type; < extensions > is used to describe the extension.

In the embodiment of the present invention, description of identifying a class entry is implemented by adding the above-described indicator using an extension field < extensions > of the ditcotntertruledescription.

According to the syntax structure of extensions, the following fields are used in the extensions part of the ditcottertreuledescription to represent the identification class entry information:

the X-KeyIdentifier is the indicator, and when the X-KeyIdentifier exists, it indicates that the entry of the type is an identification class entry, and its value is an identification class attribute name (i.e. RDN attribute name) of the identification class entry; in contrast, when X-KeyIdentifier does not exist, it indicates that the entry of this type is not an identify class entry. Wherein the identification class attribute names (i.e. RDN attribute names) of different identification class entries are different (e.g. MSISDN under HLR and IMPI under HSS are not the same to distinguish different identification class entries). For the case of taking MSISDN as an example provided by the embodiment of the present invention, MSISDN entries described by using the extension method are as follows:

wherein, it is indicated by X-key identifier 'MSISDN' that the type of entry belongs to an identification class entry, and its identification class attribute name (i.e. RDN attribute name) is MSISDN, and the identification class attribute names (i.e. RDN attribute names) of other types of identification class entries cannot be MSISDN.

Referring to fig. 2, the embodiment of the present invention provides a method for opening an identifier entry, where a client of an LDAP is specifically service delivery equipment Provision; the LDAP Server is specifically a fusion database, and specifically comprises the following steps:

step 101: the Provision sends an LDAP addition Request to the fusion database, and requests to Add a new MSISDN entry; wherein, the request carries the full DN of MSISDN entry to be added and the attribute value of the MSISDN entry.

The LDAP Add Request is used to Request to Add a new MSISDN entry, that is, to Add a new MSISDN entry attribute value, for example, to Add a new mobile phone user number 1350000002.

Step 102: after receiving the LDAP Add Request, the converged database determines that the added entry is an identifier entry, queries MSISDN entry information in the existing directory information tree DIT, and determines whether an attribute value of an identifier attribute MSISDN of the MSISDN entry carried in the LDAP Add Request appears in the current DIT, if so, step 103 is executed; otherwise, step 104 is performed.

The step of querying MSISDN entry information in the directory information tree DIT and determining whether the attribute value of the identifier attribute MSISDN of the MSISDN entry carried in the LDAP Add Request appears in the current DIT may specifically be: inquiring index information of the identification type entries, so as to judge whether the attribute values of the identification type entries needing to be added appear in the index information, wherein the index information is the identification type entries and the attribute values thereof which are stored by a fusion database and exist in a directory information tree, the identification type entries and the attribute values thereof can be stored in the fusion database in the form of an index information table, the fusion database updates the index information table each time the identification type entries are newly added, and the identification type entry index information in the embodiment comprises records of MSISDN entry attribute values;

step 103: the fusion database returns an LDAP Add failure Response to the Provision.

Step 104: and the fusion database adds corresponding entries according to the full DN of the MSISDN entries added in the LDAP Add Request, and returns an LDAP Add Response success Response to the Provision.

After the operation of increasing the MSISDN value in step 104 is completed, the converged database may further update the index information of the identifier entry, add the newly added MSISDN entry and its attribute value into the index information, and subsequently query the index information to see whether the attribute value of the identifier entry has been increased before, so as to ensure the uniqueness of the identifier entry opening; if the index information of the identifier entry also records the mapping relationship between the attribute value of the identifier entry and the full entry name of the identifier entry, the full DN of the identifier entry required to be added in the LDAP Add Request can be further recorded in the index information, and the full DN of the entry can be obtained when the access of adding, deleting, searching and modifying is carried out according to the MSISDN entry subsequently, so that the subsequent operation is convenient. The index information identifying the class entries may be recorded in the converged database in the form of an index information table.

Referring to Table 1, a schematic table of index information for identifying class entries

In summary, through the above steps 101 to 104, when an account is opened, a query is performed, and when it is determined that the attribute value of the identification type entry to be added does not appear in the existing directory information tree, a corresponding addition (account opening) operation is performed, so that the uniqueness of the attribute value of the identification type entry such as the MSISDN entry in the directory information tree can be ensured, and the defect that the attribute value of the identification type entry such as the MSISDN entry cannot be ensured to be not unique in the prior art is effectively avoided. In addition, after the identification type entries are added, the fusion database also establishes an identification type entry index information table, records the attribute values of the identification type entries and the mapping relation between the attribute values and the corresponding full DNs, and the index information table can be used for inquiring the full DNs of the entries in the subsequent operations of adding, deleting, modifying, searching and the like of the identification type entries.

As can be known to those skilled in the art, in the directory information tree, an entry may include several attributes, for example, in the MSISDN entry, there are other attributes in addition to the above-mentioned identification class attribute MSISDN.

The data access method provided by the embodiment of the present invention is described below, the data access described in the embodiment of the present invention mainly refers to operations such as adding, deleting, modifying, querying, etc. to an identifier entry, because an LDAP is used to access an identifier entry in the prior art, an LDAP Server needs to acquire a full access path of an identifier entry to be accessed to perform a corresponding operation, that is, needs to acquire a full DN of the identifier entry, the prior art acquires a full DN by means of multiple interactions between an accessor and a database, and the embodiment of the present invention provides two specific implementation manners of data access on the basis of ensuring that an attribute value of the identifier entry is not repeated when the adding operation (account opening) of the identifier entry is implemented: a virtual Alias access manner and a direct access manner using the identification class entry as an entry, where the direct access manner using the identification class entry as an entry may further include: specifying the access mode in the access interface and analyzing the access path by the LDAP server to identify the access mode:

one, virtual Alias access mode

The virtual Alias access method refers to accessing through a virtual path when accessing an identifier class entry, wherein the virtual path is composed of a virtual Alias prefix and an RDN corresponding to the identifier class entry. The establishment of virtual Alias is realized by extending the protocol RFC4512, and aims to establish a virtual path for the identification class entry so as to perform access related to the identification class entry.

When the virtual Alias path is used for access, an LDAP Server (database) firstly analyzes access path information (namely virtual path information) carried in an access request, if a virtual Alias prefix is found, the access request is determined to be an access request based on an identification type entry, then the LDAP Server queries the established identification type entry index information to acquire a full path corresponding to the virtual path of the identification type entry to be accessed, and then subsequent access operation is performed.

Direct access mode using identification class entry as entry

The direct access mode using the identification class entry as an entry means that access operations related to the identification class entry are completed according to an RDN (partial path) of the identification class entry, and is different from a virtual Alias access mode in that a virtual path is not required to be provided, and only the RDN needs to be given to access the identification class entry.

Two specific implementation methods of this access method are listed below:

1. indicating access patterns in an access interface

If the access mode of the current access is identified in a direct access mode taking an identification type entry as an entry, namely, the access request is determined to be an access request based on the identification type entry, an identification type entry index information table is inquired according to RDN (partial path) of the identification type entry to obtain a full path (namely full DN) of the entry, and finally, related access operation is carried out; if not, the access is carried out according to the existing LDAP access mode.

There are various methods for extending the identifier in the LDAP access interface to indicate the access mode, and the method for extending in the control of LDAPMessage refers to the following specific embodiments.

2. Analyzing access paths by LDAP server to identify access patterns

The LDAP Server analyzes access path information carried in the access command and acquires the last RDN in the access path; if the last RDN in the access path is not the root of the DIT, the RDN value is used for inquiring in the index information of the pre-stored identification class entries, if the information exists, the access mode is a direct access mode taking the identification class as an entry, then the full DN corresponding to the access path (RDN) is obtained, and then relevant access operation is carried out.

According to the unique characteristic of the attribute value of the identification type entry in the directory information tree and on the basis of ensuring that the identification type entry is not repeatedly increased when the identification type entry is opened based on the database, the virtual Alias access mode and the direct access mode taking the identification type entry as an entry can obtain a full path (DN) corresponding to the identification type entry to be accessed according to the virtual path or a partial path provided by the visitor without multiple interactions between the visitor and the LDAP Server.

For a detailed description of the data access method provided in the foregoing embodiment of the present invention, the following description takes an example that an identifier entry is specifically an MSISDN applied by an HLR as an example, please refer to the following specific embodiment:

referring to fig. 3, a part of the schematic diagram of the DIT of the HLR application for establishing virtual Alias for MSISDN is provided, as shown, dc is Alias msdnprefix, and dc is root, that is, a virtual Alias prefix of an MSISDN class entry, and the MSISDN class entry and a sub-entry of the MSISDN class entry may be accessed through a dotted path in the diagram, wherein the description of the virtual Alias may be completed by extending RFC4512, and according to the syntax structure of extensions, the following fields are used in the extensions part of the ditcotridruletrule description to indicate the virtual Alias prefix of the MSISDN class entry:

AliasDNPrefixExtension＝

“X-AliasDNPrefix”SP qdstring；aliasDN pref

MSISDN entries are described using the above extensions as follows:

as described above, "X-Alias dnprefix 'dc ═ Alias msisdnfix, dc ═ root'", i.e., the virtual Alias prefix describing the MSISDN identification class entry.

The following describes the detailed operations (including addition, deletion, modification and query) based on the virtual Alias access mode of MSISDN:

a) subentry operation to increase MSISDN

Taking the sub-entry, specifically, the intelligent service data CamelData as an example for explanation, referring to fig. 3, a sub-entry with RDN of "CamelData ═ CamelData 2" is to be added under the entry "MSISDN ═ 13511111112, IMSI ═ 4600311111112, dc ═ root"; since the "CamelData" 2 "to be added is the identifier entry, and its parent entry" MSISDN "13511111112" is a virtual Alias access manner, referring to fig. 4, the specific steps of performing the adding operation are as follows:

step 201: the Provision sends an Add sub-entry Request LDAP Add Request to the fusion database, where the Request carries a virtual path "CamelData ═ CamelData2, MSISDN ═ 13511111112, dc ═ aliases msisdnfix, dc ═ root".

Step 202: and after receiving the LDAP Add Request, the fusion database acquires a virtual Alias prefix and an MSISDN value, and obtains the full DN of the MSISDN value according to the acquired MSISDN value. The method specifically comprises the following steps:

the fusion database analyzes the LDAP Add Request, accesses the prefix of the virtual path DN carried by the LDAP Add Request, identifies the virtual Alias prefix "dc ═ Alias prefix, dc ═ root" of the MSISDN to know that the access is the virtual Alias access mode, that is, determines that the access Request is the access Request based on the identifier type entry, and queries the identifier type entry index information indication table shown in table 1 according to the attribute value "13511111112" of the identifier type attribute of the MSISDN entry, so as to obtain the full DN information "MSISDN ═ 13511111112, IMSI ═ 4600311111112, dc ═ root" corresponding to the identifier type entry.

Step 203: and the fusion database replaces the virtual path Alias with the full DN information of the acquired MSISDN. The method specifically comprises the following steps:

the virtual path Alias "CamelData ═ CamelData2, MSISDN ═ 13511111112, dc ═ Alias msdnprefix, dc ═ root" is replaced with "CamelData ═ CamelData2, MSISDN ═ 13511111112, IMSI ═ 4600311111112, dc ═ root".

Step 204: and the fusion database executes the increasing operation of the sub-entry of the MSISDN entry according to the access path obtained after replacement, and returns a successful increasing response to the Provision. The method specifically comprises the following steps:

since the virtual path Alias in the LDAP Add Request is replaced with "CamelData ═ CamelData2, MSISDN ═ 13511111112, IMSI ═ 4600311111112, and dc ═ root" in step 203, in this step 204, the Add operation of the sub-entry "CamelData ═ CamelData 2" of "13511111112" may be performed according to the access path after replacement, wherein the Add operation supported by the prior art may be used for implementation, and will not be described again. When the corresponding add sub-entry operation is performed according to the full DN, an add success Response LDAPAdd Response is returned to the Provision.

b) Delete MSISDN entry operation

Still taking fig. 3 as an example, to delete the identifier class entry "MSISDN is 13511111112, IMSI is 4600311111112, dc is root", after the identifier class entry is deleted, the information of the MSISDN entry recorded when the entry is added (for example, related information in the index information table) needs to be deleted by Provision, and referring to fig. 5, the specific deletion steps are as follows:

step 301: and the Provision sends an LDAP Delete Request to a fusion database, wherein the Request carries a virtual path MSISDN of an MSISDN entry to be deleted which is 13511111112, dc is AliasMsdisPrefix, and dc is root.

Step 302: after receiving the LDAP Delete Request, the fusion database acquires a virtual Alias prefix and an MSISDN value, and queries an identification type entry index information table according to the acquired MSISDN value to obtain a full DN corresponding to the MSISDN attribute value. The method specifically comprises the following steps:

the converged database analyzes the LDAP Delete Request, accesses the prefix in the virtual path carried by the Request, identifies the virtual Alias prefix "dc ═ Alias prefix, dc ═ root" of the MSISDN, and then queries the index information meaning table shown in table 1 according to the attribute value "13511111112" of the identification class attribute MSISDN of the MSISDN entry, so as to obtain the full DN information "MSISDN ═ 13511111112, IMSI ═ 4600311111112, dc ═ root" corresponding to the identification class entry.

Step 303: and the fusion database replaces the virtual path Alias with the access path given by the full DN information of the acquired MSISDN. The method specifically comprises the following steps:

Step 304: and after deleting the MSISDN entry according to the access path obtained after replacement, the fusion database deletes the information (such as index information) of the identification type entry of 'MSISDN 13511111112, IMSI 4600311111112 and dc root', and returns an LDAP Delete Response to the Provision, wherein the LDAP Delete Response is successful.

c) Delete sub-entry operation of MSISDN

The operation of deleting the MSISDN sub-entry is substantially the same as the above-described operation of deleting the MSISDN entry:

firstly, a fusion database receives a virtual path Alias of a sub-entry to be deleted of the MSISDN, and acquires the full DN of the sub-entry according to the virtual path and index information pre-recorded by the fusion database;

then, a deletion operation is performed on the sub-entry according to the acquired full DN of the sub-entry. In this case, it is particularly noted that the index information of the MSISDN entry is not deleted when the deletion operation of the sub-entry is performed.

d) Sub-entry operation to modify MSISDN

The modification operation is in particular a modification operation of a sub-entry of the MSISDN. For example, referring to fig. 3, a sub-entry "CamelData ═ CamelData 2" of "MSISDN ═ 13511111112" is modified to "CamelData ═ CamelData 3", wherein a specific modification operation procedure is similar to the above-described deletion operation:

then, the fusion database executes modification operation on the subitem according to the acquired full DN of the subitem, specifically:

after the fusion database acquires the full DN "CamelData ═ CamelData2, MSISDN ═ 13511111112, IMSI ═ 4600311111112, and dc ═ root" of the sub-entry, modify "CamelData ═ CamelData 2" to "CamelData ═ CamelData 3", thereby successfully implementing the modification operation on the sub-entry of the MSISDN.

e) Sub-entry operation to query MSISDN

Similar to the modification and deletion operations, when the query operation is executed, the fusion database replaces the virtual Alias path with the full DN of the MSISDN according to the virtual Alias path and the index information pre-recorded by the fusion database, and then performs the corresponding query operation. For example: referring to fig. 3, in order to query the detailed information of the sub-entry of MSISDN 13511111112, at this time, the information content of the sub-entry may be queried according to MSISDN 13511111112 after replacing the virtual Alias path MSISDN 13511111112, dc msissnpiffix, dc root with MSISDN 13511111112, IMSI 4600311111112, and dc root.

In summary, aiming at the characteristic that the attribute value of the identifier entry is not repeated in the directory information tree, the LDAP protocol is extended to identify the identifier entry, when the operations such as addition, deletion, check, modification and the like are performed on the identifier entry, the LDAP Server can directly provide the virtual path for the LDAP Server, acquire a virtual Alias access mode according to the acquired virtual path, query the index information of the identifier entry according to the virtual path to acquire a full path (full DN) corresponding to the virtual path, and perform corresponding operations according to the acquired full DN.

The following description will be directed to a direct access mode using an MSISDN entry as an entry, and the difference between the virtual Alias access mode and the direct access mode is that the direct access only needs to give an RDN (i.e. a partial path of an entry to be accessed) to perform an access operation on an identification class entry.

Referring to fig. 6, a schematic diagram of a direct access mode using MSISDN as an entry is provided, where the direct access mode includes: the access mode is indicated in the access interface and the access path is analyzed to identify the access mode. The contents are as follows:

mode one, indicating access mode in access interface

The access mode needs to add an indication for indicating the access mode in the access information, so that the fusion database identifies the specific access mode of the current access according to the received access information carrying the access mode indication, and after determining that the access is a direct access mode, the fusion database can obtain a corresponding full path according to partial path information carried in the access information and perform corresponding access operation. For example, taking an MSISDN entry as an example, the fusion database analyzes the access information to determine whether the access mode of the access is a direct access mode using the MSISDN entry as an entry, and if so, obtains the full DN of the entry according to the attribute value of the identifier attribute MSISDN of the MSISDN entry, and then performs a related access operation; otherwise, accessing according to the existing LDAP access mode.

In order to describe the access mode indication in the access interface in detail, a method for extending access mode information in a control field of an LDAPMessage is provided below, and the access mode indication is implemented by a control type in the control field, and the following details are used:

as known to those skilled in the art, the standard format of LDAPMessage defined in RFC4511 is as follows:

wherein the messageID is used to uniquely identify the LDAP message in an LDAP session; operations defined in the LDAP protocol, such as addition, deletion, modification, query and the like, are listed in the protocol Op; controls are used to provide a mechanism to extend existing LDAP operations. Wherein, the definition of control part in RFC4511 is as follows:

wherein, the controlType is used to indicate the control type; criticality is used to indicate the degree of risk of operation; when the Provision does not identify the control type, if the value of the Provision is True, the operation is stopped, and error information is returned; otherwise, ignoring the Control and continuing to operate; the controlValue is used to specify the specific mode of operation under this control type.

When the inventor implements the embodiment of the present invention, the inventor uses the Control field to specify the access mode by extending a Control, which is specifically defined as follows:

AccessTypeFlagControl::＝SEQUENCE{

controlType 1.3.6.1.4.1.1466.1.2.100，

criticality BOOLEAN DEFAULT FALSE}

here, the access type is indicated by a controlType, and as described above, a value of 1.3.6.1.4.1.1466.1.2.100 for the controlType indicates a direct access mode in which an identification class is used as an entry. Taking the control type value as 1.3.6.1.4.1.1466.1.2.100 as an example, the embodiment of the present invention does not limit the specific value of the control type.

The following describes specific operations (including addition, deletion, modification, and query) based on the direct access method using the identification class entry as an entry, with reference to the schematic diagram of the direct access method using the MSISDN as an entry shown in fig. 6, where the specific contents are as follows:

a) sub-entry to increase MSISDN

In this embodiment, an example of adding an intelligent service sub-entry under an MSISDN entry is described. Referring to fig. 6, to add a child entry with RDN being "CamelData ═ camelldata 2" under the entry "MSISDN being 13511111112, IMSI being 4600311111112, dc being root", since the parent entry of the child entry is an identification class entry "MSISDN", the method directly takes the identification class entry as an entry, and is implemented in the form of giving an RDN identifying the class entry and an access manner indication in the add request, referring to fig. 7, the specific steps are as follows:

step 401: and sending an LDAP addition Request LDAP Add Request to the fusion database by Provision, wherein the LDAP Add Request carries a path and an access mode indication. The method specifically comprises the following steps:

the path is "CamelData" 2 and MSISDN "13511111112", and the access mode information carries an access mode indication to indicate that the access is a direct access mode in which the identifier entry is an entry.

Step 402: and the fusion database receives the LDAP Add Request, acquires that the access is an adding operation taking the identification type item as an inlet, inquires the index information of the identification type item recorded in advance according to the MSISDN value carried in the path, and acquires the corresponding full DN information of the MSISDN value.

Step 403: and the fusion database replaces the path carried in the LDAP added Request by the acquired full DN information of the MSISDN attribute value. The method specifically comprises the following steps:

the path "CamelData ═ CamelData2 and MSISDN ═ 13511111112" carried in the LDAP Add Request are replaced with full DN information of the MSISDN value, and "CamelData ═ CamelData2, MSISDN ═ 13511111112, IMSI ═ 4600311111112, and dc ═ root" are obtained.

Step 404: and the fusion database performs corresponding sub-entry adding operation according to the path information acquired after replacement, and returns LDAP (lightweight directory Access protocol) successful Response LDAP added Response to Provision. The method specifically comprises the following steps:

since the replaced path information acquired in step 403 is "CamelData ═ CamelData2, MSISDN ═ 13511111112, IMSI ═ 4600311111112, and dc ═ root", the convergence database adds its sub-entry "CamelData ═ CamelData 2" to the MSISDN entry according to the replaced path information, and then returns an LDAP Add Response success Response to the Provision.

b) Deleting an MSISDN entry

Still taking the schematic diagram of fig. 6 that uses MSISDN as the entry for direct access, taking the identification class entry "MSISDN 13511111112, IMSI 4600311111112, dc root" as an example, see fig. 8, the specific deletion steps are as follows:

step 501: and the Provision sends a Request LDAP Delete Request for deleting the MSISDN entry to the fusion database, wherein the Request LDAP Delete Request carries path information and an access instruction. The method specifically comprises the following steps:

the LDAP Delete Request carries path information "MSISDN 13511111112", and the access mode information carries an access instruction to indicate that the current operation is a direct access mode using the identifier type entry as an entry.

Step 502: and the fusion database receives the LDAP Delete Request, acquires the current access as a deletion operation taking the identification type item as an inlet, inquires the index information of the identification type item recorded in advance according to the MSISDN value carried in the path, and acquires the full DN information of the MSISDN value. The method specifically comprises the following steps:

the fusion database firstly judges that the operation is a deletion operation taking an identification type item as an entrance according to an access mode indication carried in a received LDAP Add Request; according to the MSISDN value in the path information, index information (as shown in table 1) recorded in advance is queried, and full DN information "MSISDN is 13511111112, IMSI is 4600311111112, and dc is root" of the MSISDN value is obtained.

Step 503: and the fusion database replaces the path carried in the LDAP DeleteRequest request by using the acquired full DN information of the MSISDN attribute value. The method specifically comprises the following steps:

the path "MSISDN ═ 13511111112" carried in the LDAP Add Request is replaced with full DN information of the MSISDN value, resulting in "MSISDN ═ 13511111112, IMSI ═ 4600311111112, dc ═ root".

Step 504: and the fusion database carries out deletion operation of the attribute value of the identification type attribute MSISDN of the MSISDN entry according to the path information acquired after replacement, deletes the index information of the attribute value of the identification type attribute MSISDN of the MSISDN entry, and returns LDAP Delete Response to the Provision successfully. The method specifically comprises the following steps:

since the replaced path information acquired in step 503 is "MSISDN 13511111112, IMSI 4600311111112, dc root", the convergence database deletes the attribute value "MSISDN 13511111112" of the identification class attribute MSISDN of the MSISDN entry according to the replaced path information, and returns an LDAP Delete Response success Response to provisioning after deleting the index information of the attribute value of the identification class attribute MSISDN of the MSISDN entry.

c) Deleting sub-entries of MSISDN

The operation of deleting the MSISDN sub-entry is substantially the same as the operation of deleting the attribute value of the identification class attribute MSISDN of the MSISDN entry:

the integrated database receives the path and the access information of the sub-entry to be deleted of the MSISDN, acquires the operation as a direct access mode taking the MSISDN entry as an entrance according to the access information, and acquires the full DN of the sub-entry according to the path information and the index information pre-recorded by the integrated database; then, a deletion operation is performed on the sub-entry according to the acquired full DN of the sub-entry. In this case, it is particularly noted that the index information of the MSISDN entry is not deleted when the deletion operation of the sub-entry is performed.

d) Modifying sub-entries of an MSISDN

For example, referring to fig. 6, a sub-entry "CamelData ═ CamelData 2" of "MSISDN ═ 13511111112" is modified to "CamelData ═ CamelData 3", wherein a specific modification operation procedure is similar to the above-described deletion operation:

receiving path information and access information of a sub-entry to be deleted of the MSISDN by the fusion database, wherein the access information acquires that the operation is a direct access mode taking the MSISDN entry as an entrance, and acquiring a full DN of the sub-entry according to the path information and index information pre-recorded by the fusion database; then, the fusion database executes modification operation on the subitem according to the acquired full DN of the subitem, specifically: after the fusion database acquires the full DN "CamelData ═ CamelData2, MSISDN ═ 13511111112, IMSI ═ 4600311111112, and dc ═ root" of the sub-entry, modify "CamelData ═ CamelData 2" to "CamelData ═ CamelData 3", thereby successfully implementing the modification operation on the sub-entry of the MSISDN.

e) Querying sub-entries of the MSISDN

Similar to the modification and deletion operations, when the query operation is executed, the fusion database learns that the operation is a direct access mode taking the MSISDN entry as an entry according to the access information carried in the query request, and replaces the path carried in the query request with the full DN of the MSISDN according to the path information carried in the query request and the information pre-recorded by the fusion database, and then performs the corresponding query operation. For example: referring to fig. 6, to query the details of the sub-entry of the MSISDN ═ 13511111112, at this time, it is known that the operation is a direct access mode using the MSISDN entry as an entry through the access information (specifically, in the form of an access indicator) carried in the query request; after the full DN of the attribute value of the identification class attribute MSISDN of the MSISDN entry, MSISDN of the full DN of 13511111112, IMSI of 4600311111112, and dc of root, is queried according to the path information "MSISDN of 13511111112" carried in the query request, the information content of the sub-entry of "MSISDN of 13511111112" may be queried according to the "MSISDN of 13511111112, IMSI of 4600311111112, and dc of root".

In summary, in the direct access mode using the identifier entry as the entry, based on the access mode specified in the access information transmitted to the LDAP Server, when the LDAP Server determines that the access is the direct access mode using the identifier entry as the entry, the LDAP Server may obtain the full path according to the received partial access path, and perform the related access operation. The scheme can also avoid the problem that the prior art needs to carry out interaction for many times in order to enable the LDAP Server to obtain the full path of the entry to be accessed, thereby simplifying the flow of the access operation on the entry.

Second, the LDAP server analyzes the access path to identify the access mode

Referring to fig. 6, the items to be accessed are "CamelData ═ CamelData1, MSISDN ═ 1351111111, IMSI ═ 460031111111, and dc ═ root", for example, and refer to fig. 9, the contents are as follows:

step 601: and the Provision sends an LDAP access Request LDAP Request to the converged database, wherein the Request carries access path information, specifically, "CameData ═ camelldata 1, and MSISDN ═ 1351111111".

Step 602: the fusion database receives the LDAP Request, acquires the last RDN according to the access path information, judges whether the acquired RDN is the root of a Directory Information Tree (DIT), and executes the step 603 if the acquired RDN is the root of the DIT; otherwise, step 604 is performed.

Step 603: and the fusion database executes the access operation according to the access path information, and the operation is finished.

Step 604: the integration database utilizes the obtained RDN to inquire in MSISDN entry information, judges whether the RDN information exists, if yes, executes step 605; otherwise, step 606 is performed.

Step 605: and the fusion database inquires the information pre-recorded by the fusion database according to the acquired RDN, acquires the full DN of the access path, executes the related access operation and returns an LDAP access success response to the Provision.

Step 606: the converged database returns an LDAP access failure response to the Provision.

For example, for the access path "CamelData" 1 and MSISDN "1351111111", the converged database as LDAPServer first analyzes the access path, and obtains the last RDN, that is, MSISDN "1351111111; then, judging that the RDN is not a root 'dc ═ root' of the DIT, and then, inquiring self pre-recorded information (MSISDN index information shown in table 1) by using an attribute value of an identification class attribute MSISDN of the MSISDN entry to obtain a full DN of the access path; finally, the obtained full DN information is used for carrying out relevant access operation (specifically comprising addition, deletion, modification and inquiry)

In summary, the LDAP Server analyzes the access path to identify the access manner, and when the LDAP Server determines that the access is the access manner of the identifier entry, the LDAP Server may obtain the full path according to the received part of the access path and perform the related access operation. The scheme can also avoid the problem that the prior art needs to carry out interaction for many times in order to enable the LDAP Server to obtain the full path of the entry to be accessed, thereby simplifying the flow of the access operation on the entry.

As can be known by those skilled in the art, the IMPI entry of the HSS application and the MSISDN entry of the HLR application have the same characteristics, and both belong to an identification class entry, and the description of the IMPI entry and the method for ensuring the uniqueness of the IMPI value, and the method for accessing according to the characteristics of the IMPI entry on this basis are similar to the processing of the MSISDN entry in the HLR application, and are not described again.

When the access operation is a deletion or modification operation on the identification type entry, further, the mapping relationship between the attribute value of the identification type entry recorded in the identification type entry index information and the full path information thereof may be correspondingly updated.

In summary, the embodiments of the present invention introduce the concept of identifying a class entry, give a unified definition to such an entry in practical application, and solve the problem how to describe the identifying class entry in the LDAP; the problem of how to ensure the uniqueness of the identification attribute value of the identification type item under the directory information tree is solved; the method solves the problem of accessing according to the identification type entry in the LDAP, reduces the interaction times, simplifies the processing flow and better meets the application requirement of the identification type entry.

Example 2

Referring to fig. 10, an embodiment of the present invention provides a system for opening an account for data, where the system includes: access server 1001 and access client 1002; wherein,

an access server 1001, configured to receive an entry adding request sent by an access client 1002, where the entry adding request carries an attribute name, an attribute value, and a full entry name of an entry; if the adding request is determined to be based on the identification type item, judging whether the attribute value of the identification type item appears in the established directory information tree or not, if not, adding the identification type item in the directory information tree according to the full item name of the identification type item, wherein the identification type item appears at a fixed position of the directory information tree, has the same identification type attribute name, and the attribute value is not repeated in the directory information tree;

an access client 1002 for sending an add entry request to the access server 1001.

The access server 1001 is further configured to return an addition failure response if the attribute value of the identification class entry appears in the established directory information tree.

The embodiment of the invention provides a system for opening an account for data, when LDAP carries out newly added identification type entries (new account opening), through the uniqueness check of the identification type entries, corresponding addition operation is carried out when the identification type entries are determined to be unique, and the uniqueness of identification attribute values of the identification type entries under a directory information tree is ensured.

Example 3

Referring to fig. 11, an embodiment of the present invention provides an access server, where the access server includes:

a receiving module 1101, configured to receive an entry adding request sent by an access client, where the entry adding request carries an attribute name, an attribute value, and a full entry name;

a determining module 1102, configured to determine whether the addition request is an addition request based on the identified class entry;

a determining module 1103, configured to determine, after the determining module 1102 determines that the addition request is an addition request based on an identifier entry, whether an attribute value of the identifier entry appears in the established directory information tree;

an adding module 1104, configured to, when the result of the determination by the determining module 1103 is negative, add an identification class entry in the directory information tree according to the full entry name of the identification class entry, where the identification class entry appears at a fixed position of the directory information tree, has the same identification class attribute name, and its attribute value is not duplicated in the directory information tree.

When the determining module 1102 is specifically implemented, it determines whether an entry identifies a class entry according to the attribute name of the entry to be added by extending the LDAP protocol to identify which types of entries are identification class entries.

The determining module 1103 specifically includes:

the query unit is used for querying the index information of the identification type entry;

and the judging unit is used for judging whether the attribute value of the identification class entry appears in the index information inquired by the inquiring unit, if not, the attribute value of the identification class entry does not appear in the established directory information tree, wherein the index information of the identification class entry records the identification class entry and the attribute value thereof existing in the directory information tree.

Further, the access server further includes:

and the updating module is used for updating the added identification type entries and the attribute values thereof into the index information of the identification type entries.

Further, the access server further includes:

a returning module, configured to return an addition failure response to the access client if the determining module 1103 determines that the attribute value of the identifier entry appears in the established directory information tree.

The embodiment of the invention provides an access server, when LDAP carries out newly added identification type entries (new account opening), through the uniqueness check of the identification type entries, when the identification type entries are determined to be unique, corresponding addition operation is carried out, and the uniqueness of the identification attribute values of the identification type entries under a directory information tree is ensured.

Example 4

Referring to fig. 12, an embodiment of the present invention provides a system for data access, where the system includes: an access server 1201 and an access client 1202, wherein,

the access server 1201 is configured to receive an access request for an entry, where access path information carried in the access request at least includes a relative name RDN of the entry to be accessed; if the access request is determined to be based on the identification type entry, inquiring identification type entry index information according to the access path information to determine the full path information of the identification type entry to be accessed, wherein the identification type entry index information records the mapping relation between the attribute value of the identification type entry and the full path information thereof; according to the full path information, executing access operation based on the identification type entry;

an access client 1202 for sending an access request for an entry to the access server 1201.

Wherein, when the access server 1201 executes the access operation based on the identification class entry, specifically the deletion or modification operation of the identification class entry,

the access server 1201 is further configured to correspondingly update the mapping relationship between the attribute value of the identification class entry recorded in the identification class entry index information and the full path information thereof.

The embodiment of the invention provides a data access system, which solves the problem of accessing according to identification type items in LDAP by introducing the concept of the identification type items, reduces the interaction times, simplifies the processing flow and better meets the application requirements of the identification type items.

Example 5

Referring to fig. 13, an embodiment of the present invention provides an access server, where the access server includes:

a receiving module 1301, configured to receive an access request for an entry, where access path information carried in the access request at least includes a relative name RDN of the entry to be accessed;

a determining module 1302, configured to determine whether the access request is an access request based on the identification class entry;

the query module 1303, after the determining module 1302 determines that the access request is based on the identification class entry; inquiring identification type entry index information according to the access path information to determine full path information of the identification type entry to be accessed, wherein the identification type entry index information records the mapping relation between the attribute value of the identification type entry and the full path information thereof;

and the executing module 1304 is configured to execute an access operation based on the identifier entry according to the full-path information obtained by the querying module 1303.

The determining module 1302 specifically includes:

the first judgment unit is used for judging whether the access request is in a virtual path access mode or not, and if so, determining that the access request is based on the identification type entry;

the second judgment unit is used for judging whether the access request is a direct access mode with the identification type entry as an entrance, and if so, determining that the access request is based on the identification type entry;

wherein, the second judging unit specifically includes:

and the judging subunit is used for judging whether the relative name RDN of the last entry carrying the access path information in the access request is the root of the directory information tree and whether the RDN exists in the pre-stored corresponding relation, and if so, determining that the access request is a direct access mode taking the identification type entry as an entry.

The execution module 1304 specifically includes one or a combination of the following units:

the adding unit is used for executing adding operation on the sub-entries of the identification class entries;

a deleting unit, configured to perform a deleting operation on the identification class entry or a sub-entry thereof;

the query unit is used for executing query operation on the identification class entries or the sub-entries thereof;

and the modification unit is used for executing modification operation on the identification class entry or the sub-entry thereof.

When the executing module 1304 executes a deleting operation on the identification type entry, or the modifying unit executes a modifying operation on the identification type entry, the providing the access server according to the embodiment of the present invention further includes:

the updating module 1305 is configured to update the mapping relationship between the attribute value of the identification class entry recorded in the identification class entry index information and the full path information thereof.

The embodiment of the invention provides an access server, which gives a unified definition to the items in practical application by introducing the concept of the identification items and solves the problem of describing the identification items in LDAP; the problem of how to ensure the uniqueness of the identification attribute value of the identification type item under the directory information tree is solved; the method solves the problem of accessing according to the identification type entry in the LDAP, reduces the interaction times, simplifies the processing flow and better meets the application requirement of the identification type entry.

To sum up, the technical solution provided by the embodiment of the present invention provides a description and access method for an identifier entry in an LDAP, which is mainly applied to the field in which an identifier entry is present in a data model, and the communication field is a typical application, such as the HLR and HSS application mentioned herein.

The term "receiving" in the embodiment of the present invention may be understood as actively acquiring information from other modules, or receiving information sent by other modules.

Those skilled in the art will appreciate that the drawings are merely schematic representations of one preferred embodiment and that the blocks or flow diagrams in the drawings are not necessarily required to practice the present invention.

Those skilled in the art will appreciate that the modules in the devices in the embodiments may be distributed in the devices in the embodiments according to the description of the embodiments, and may be correspondingly changed in one or more devices different from the embodiments. The modules of the above embodiments may be combined into one module, or further split into multiple sub-modules.

The above-mentioned serial numbers of the embodiments of the present invention are merely for description and do not represent the merits of the embodiments.

Some steps in the embodiments of the present invention may be implemented by software, and the corresponding software program may be stored in a readable storage medium, such as an optical disc or a hard disk.

The present invention is not limited to the above preferred embodiments, and any modifications, equivalent replacements, improvements, etc. within the spirit and principle of the present invention should be included in the protection scope of the present invention.

Claims

1. A method for opening an account for data, the method comprising:

2. The method of claim 1, wherein said determining whether an attribute value of said identified class entry appears in an established directory information tree comprises:

and inquiring index information of the identification class entry, and judging whether the attribute value of the identification class entry appears in the index information, wherein the index information of the identification class entry records the identification class entry existing in the directory information tree and the attribute value thereof.

3. The method of claim 2, wherein after adding the identified class entry in the directory information tree, further comprising:

and updating the added identification class entry and the attribute value thereof into the index information of the identification class entry.

4. The method of claim 3, wherein the index information of the identified class entry further records a mapping relationship between the attribute value of the identified class entry and its full entry name, and then further records the full entry name of the added identified class entry when updating the index information of the identified class entry.

5. The method of claim 1, wherein the determining that the request to add an entry is a request to add an entry based on an identified class entry specifically comprises:

the lightweight directory access protocol LDAP protocol is extended to identify which types of entries are identified class entries, and whether an entry identifies a class entry is determined from the attribute name of the entry to be added.

6. The method according to any of claims 1 to 5, wherein said identification class entry is in particular a mobile station national integrated services digital network, MSISDN, entry or a private identity, IMPI, entry.

7. A method of data access, the method comprising:

8. The method according to claim 7, wherein the full path information is a full entry name of the identified class entry to be accessed, and the identified class entry index information is a mapping relationship between an attribute value of the identified class entry recorded when the identified class entry is added and the full entry name thereof.

9. The method according to claim 7, wherein when the access adopts a virtual path access mode, the access path information carried in the access request is virtual path information, and the virtual path information is composed of a virtual prefix and a relative name RDN of an entry to be accessed;

correspondingly, the access request is judged to be a virtual path access mode according to the virtual prefix.

10. The method of claim 7, wherein the access path information carried in the access request further includes an access mode indication;

correspondingly, the access request is determined to be a direct access mode taking the identification class entry as an entry according to the access mode indication.

11. The method of claim 7, wherein said determining whether the access request is in a direct access mode with an identified class entry as an entry comprises:

and judging whether the relative name RDN of the last entry carrying access path information in the access request is the root of a directory information tree and whether the RDN exists in the mapping relation, and if so, determining that the access request is a direct access mode taking an identification type entry as an entry.

12. The method of claim 7, wherein the access operation comprises any one or a combination of:

an add operation to a sub-entry identifying a class entry, a delete, query, or modify operation to an identifying class entry or its sub-entries.

13. The method of claim 12, wherein when the access operation is a delete or modify operation on an identified class entry, the method further comprises:

and correspondingly updating the mapping relation between the attribute value of the identification type entry recorded in the identification type entry index information and the full path information thereof.

14. A system for opening an account for data, the system comprising: an access server and an access client; wherein,

15. An access server, the access server comprising:

the system comprises a receiving module, a sending module and a receiving module, wherein the receiving module is used for receiving an entry adding request sent by an access client, and the entry adding request carries an attribute name, an attribute value and a full entry name of an entry;

16. The access server according to claim 15, wherein the determining module specifically includes:

and the judging unit is used for judging whether the attribute value of the identification type entry appears in the index information inquired by the inquiring unit, if not, the attribute value of the identification type entry does not appear in the established directory information tree, wherein the index information of the identification type entry records the identification type entry existing in the directory information tree and the attribute value thereof.

17. The access server of claim 16, wherein the access server further comprises:

18. A system for data access, the system comprising: an access server and an access client, wherein,

19. The system of claim 18, wherein the access server, when performing an access operation based on an identified class entry, in particular a delete or modify operation on an identified class entry,

the access server is further configured to correspondingly update the mapping relationship between the attribute value of the identifier entry recorded in the identifier entry index information and the full path information thereof.

20. An access server, the access server comprising:

the execution module is used for executing access operation based on the identification type item according to the full path information obtained by the query module;

wherein the determining module specifically comprises:

21. The access server of claim 20, wherein when the execution module performs a delete operation on an identified class entry or a modify operation on an identified class entry, the access server further comprises:

and the updating module is used for correspondingly updating the mapping relation between the attribute value of the identification entry recorded in the identification entry index information and the full path information of the identification entry.