CN104516981A - LDAP anonymous inquiry method not limited by quantity - Google Patents
LDAP anonymous inquiry method not limited by quantity Download PDFInfo
- Publication number
- CN104516981A CN104516981A CN201410855755.XA CN201410855755A CN104516981A CN 104516981 A CN104516981 A CN 104516981A CN 201410855755 A CN201410855755 A CN 201410855755A CN 104516981 A CN104516981 A CN 104516981A
- Authority
- CN
- China
- Prior art keywords
- ldap
- data
- time
- inquiry
- inquire
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/20—Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
- G06F16/24—Querying
- G06F16/245—Query processing
- G06F16/2458—Special types of queries, e.g. statistical queries, fuzzy queries or distributed queries
- G06F16/2462—Approximate or statistical queries
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/20—Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
- G06F16/22—Indexing; Data structures therefor; Storage structures
- G06F16/2219—Large Object storage; Management thereof
Landscapes
- Engineering & Computer Science (AREA)
- Physics & Mathematics (AREA)
- Theoretical Computer Science (AREA)
- General Engineering & Computer Science (AREA)
- Probability & Statistics with Applications (AREA)
- Software Systems (AREA)
- General Physics & Mathematics (AREA)
- Data Mining & Analysis (AREA)
- Databases & Information Systems (AREA)
- Fuzzy Systems (AREA)
- Computational Linguistics (AREA)
- Mathematical Physics (AREA)
- Information Retrieval, Db Structures And Fs Structures Therefor (AREA)
- Storage Device Security (AREA)
Abstract
The invention discloses an LDAP anonymous inquiry method not limited by quantity. The inquiry method automatically cut and separate data to be inquired through a time slice division mode, and performs iterative cumulative splitting inquiry and judgment till all data contents are inquired. The method provided by the invention can ensure that the API anonymous inquiry of an LDAP client is not limited by a server LDAP, and compensates the problem of anonymous inquiry limitation.
Description
Technical field
The present invention relates to a kind of network security technology, be specifically related to the anonymous inquiring technology of a kind of LDAP.
Background technology
Along with LDAP uses more and more frequent, various system relies on LDAP and issues the information of sharing, particularly digital certificate in PKI industry, Attribute certificate, blacklist, other all can be published in LDAP as user profile, mechanism etc., and application is a lot, and the fast advantage of LDAP data query clearly, uses more extensive.
But LDAP itself inquires about anonymity, and using Netscape JAVA API there is the inquiry under condition of keeper, the limitsize also by LDAP limits, when data volume is large, also cannot obtain all data in LDAP, significantly limit the research and development of client developer to LDAP.
Summary of the invention
When using client end AP I anonymity to inquire about for prior art, by the problem that LDAP limits client query fruiting quantities, the object of the present invention is to provide a kind of not by the anonymous querying method of LDAP of restricted number, efficiently solve the restricted problem of LDAP anonymity inquiry, greatly facilitate client developer and LDAP application is used.
In order to achieve the above object, the present invention adopts following technical scheme:
Not by the anonymous querying method of LDAP of restricted number, this querying method is by timeslice partitioning scheme, and surface trimming is separated data to be checked, and row iteration of going forward side by side is cumulative to be split inquiry and judges, until inquire about all data contents.
In the preferred version of this inquiry, described querying method comprises the steps:
(1) LDAP initial configuration, and pre-generatmg is greater than the data volume of restriction;
(2) the query time section of data query configuration LDAP;
(3) by timeslice partitioning scheme, constantly reconfigure querying condition in an iterative manner and carry out data query;
(4) constantly judge that whether data query is qualified according to step (3) by the mode of iteration, defective then continuation splits the time period, until time slice of getting meets inquiry restriction requirement, final inquiry obtains all data.
Further, described step (1) realizes especially by following steps:
A) use OpenLdap as LIST SERVER;
B) the limitsize limit number (OpenLdap acquiescence is 500) of LDAP is configured;
C) create directory server root node, under root node, generate test data, and data volume is greater than the limit number of LDAP configuration.
Further, described step (2) is when the configuration querying time period, when if cannot confirm there are data data in LDAP are from, then directly get the start time of 1970, the end time then obtains current time or known end time.
Further, add time inquiring condition according to data query in described step (3) to inquire about, by data query commencement date and deadline of current setting during each inquiry, if inquire about the data returned to have exceeded the limit number of LDAP, then get the interlude of two times, use interlude to be combined to form new querying condition together with initial time to inquire about, if exceed restriction in this discovery, then get the interlude of two times again, and be combined to form new querying condition inquire about together with initial time, until get the time interval met, after having obtained data, then timeslice carries out process inquiry backward in the same way.
Method provided by the invention can use LDAP client end AP I anonymity inquiry not limit by the inquiry of server LDAP, makes up anonymous inquiry restricted problem.Make when data volume is large, all data in LDAP can be obtained, greatly facilitate the research and development of client developer to LDAP.
Accompanying drawing explanation
The present invention is further illustrated below in conjunction with the drawings and specific embodiments.
Fig. 1 is the schematic diagram of the present invention according to timeslice data query;
Fig. 2 is automatic time sheet splicing mechanism schematic diagram of the present invention.
Embodiment
The technological means realized to make the present invention, creation characteristic, reaching object and effect is easy to understand, below in conjunction with concrete diagram, setting forth the present invention further.
In order to effectively make up the restricted problem of anonymous inquiry, make when using LDAP client to carry out API anonymity inquiry, the inquiry not by server LDAP limits.See Fig. 1, the present invention is by timeslice partitioning scheme thus, and surface trimming is separated data to be checked, and row iteration of going forward side by side is cumulative to be split inquiry and judges, until inquire about all data contents.
This timeslice data query method, by splitting inquiry, obtains data, has following features:
(1) time period splits, and query time sheet can inquire about the limit number obtaining LDAP data volume and be less than LDAP setting each time.
(2) automatically split data, easily according to initial condition inquiry, any inquiry limitations affect can be subject to.
Based on above-mentioned principle, the present invention carries out fractionation inquiry, and the process obtaining data is as follows:
(1) LDAP configuration data pre-generatmg:
A) use OpenLdap as LIST SERVER;
B) the limitsize limit number (OpenLdap acquiescence is 500) of LDAP is configured;
C) create directory server root node, under root node, generate test data, and data volume is greater than the limit number of LDAP configuration.
(2) data query process, obtain all data by timeslice inquiry, detailed process is as follows:
A) the query time section of data query configuration LDAP;
When determine all time ranges of data in LDAP, have data needing to confirm in LDAP from, if cannot confirm, directly get the start time of 1970, the end time then obtains current time or known end time.
B) LDAP gives tacit consent to and creates creation-time (createTimestamp) and modification time (modifyTimestamp) to each node, if retrieve data then can use creation-time for the first time, if follow-up increment query segmentation then can use modification time as segmentation condition.
C) time inquiring condition is added according to data query:
(& (modifyTimestamp>=***Z) (modifyTimestamp<=***Z)) inquires about, by data query commencement date and deadline of current setting during each inquiry, if inquire about the data returned to have exceeded the restriction of LDAP, then get the interlude of two times, re-use this interlude to be combined to form new querying condition to inquire about together with initial time, if also exceed restriction in this discovery, then get intermediate data to be again combined to form new querying condition to inquire about together with initial time, until get the time interval met, after having obtained data, then timeslice carries out process inquiry backward, processing procedure is the same.
(3) constantly judge that whether data query is qualified based on above-mentioned query scheme by the mode of iteration, defective then continuation splits the time period, until time slice of getting meets inquiry restriction requirement, final inquiry obtains all data; Here the fractionation time period is namely according to after inquiry returns and exceedes limit number each time, again get interlude according to initial time and the last time fractionation inquired about to carry out rearranging inquiry, inquired about by this kind of mode, until the inquiry of all timeslices is complete.
The present invention is further illustrated below by way of an instantiation:
See Fig. 2, it is depicted as the automatic time sheet splicing mechanism schematic diagram that this example carries out based on such scheme.This example is undertaken not inquiring about by the burst of restricted number by time cutting mode, and concrete process is as follows:
(1) a total time inquiring scope is set, 1970 can be arranged when unknown to current time.
(2) obtain data volume more than LDAP inquiry restriction by query and search, then by automatically splitting into two time slices commencement date and deadline, then inquired about by the time after splitting.Namely get the interlude of total query time, re-use this interlude and be combined to form new querying condition inquire about together with initial time.
(3) if the time slice inquiry after splitting is also more than LDAP restriction, then continue to split (namely getting last query time half), until not by LDAP restriction.
(4) obtain data by first time, from date to removing, successfully being obtained the Close Date of data by first time to forming new time conditions, fractionation mode can be continued through and split, until all data acquisitions are complete.
Operated by said process, can pass over the restriction of LDAP to data query, the convenient data obtained in LDAP, in practice, said process is packaged into a ripe API, when any use, can adds that this mode can complete LDAP inquiry.
More than show and describe ultimate principle of the present invention, principal character and advantage of the present invention.The technician of the industry should understand; the present invention is not restricted to the described embodiments; what describe in above-described embodiment and instructions just illustrates principle of the present invention; without departing from the spirit and scope of the present invention; the present invention also has various changes and modifications, and these changes and improvements all fall in the claimed scope of the invention.Application claims protection domain is defined by appending claims and equivalent thereof.
Claims (4)
1. not by the anonymous querying method of LDAP of restricted number, it is characterized in that, this querying method is by timeslice partitioning scheme, and surface trimming is separated data to be checked, and row iteration of going forward side by side is cumulative to be split inquiry and judges, until inquire about all data contents.
In the preferred version of this inquiry, described querying method comprises the steps:
(1) LDAP initial configuration, and pre-generatmg is greater than the data volume of restriction;
(2) the query time section of data query configuration LDAP;
(3) by timeslice partitioning scheme, constantly reconfigure querying condition in an iterative manner and carry out data query;
(4) constantly judge that whether data query is qualified according to step (3) by the mode of iteration, defective then continuation splits the time period, until time slice of getting meets inquiry restriction requirement, final inquiry obtains all data.
2. according to claim 1 a kind of not by the anonymous querying method of LDAP of restricted number, it is characterized in that, described step (1) realizes especially by following steps:
A) use OpenLdap as LIST SERVER;
B) the limitsize limit number (OpenLdap acquiescence is 500) of LDAP is configured;
C) create directory server root node, under root node, generate test data, and data volume is greater than the limit number of LDAP configuration.
3. according to claim 1 a kind of not by the anonymous querying method of LDAP of restricted number, it is characterized in that, described step (2) is when the configuration querying time period, when if cannot confirm there are data data in LDAP are from, then directly get the start time of 1970, the end time then obtains current time or known end time.
4. according to claim 1 a kind of not by the anonymous querying method of LDAP of restricted number, it is characterized in that, add time inquiring condition according to data query in described step (3) to inquire about, by data query commencement date and deadline of current setting during each inquiry, if inquire about the data returned to have exceeded the limit number of LDAP, then get the interlude of two times, use interlude to be combined to form new querying condition together with initial time to inquire about, if exceed restriction in this discovery, then get the interlude of two times again, and be combined to form new querying condition inquire about together with initial time, until get the time interval met, after having obtained data, then timeslice carries out process inquiry backward in the same way.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410855755.XA CN104516981B (en) | 2014-12-31 | 2014-12-31 | A kind of LDAP anonymity querying methods from quantity limitation |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410855755.XA CN104516981B (en) | 2014-12-31 | 2014-12-31 | A kind of LDAP anonymity querying methods from quantity limitation |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN104516981A true CN104516981A (en) | 2015-04-15 |
| CN104516981B CN104516981B (en) | 2018-04-13 |
Family
ID=52792280
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201410855755.XA Active CN104516981B (en) | 2014-12-31 | 2014-12-31 | A kind of LDAP anonymity querying methods from quantity limitation |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN104516981B (en) |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2016183964A1 (en) * | 2015-05-18 | 2016-11-24 | 中兴通讯股份有限公司 | Database query method and apparatus |
| CN109800252A (en) * | 2019-03-05 | 2019-05-24 | 深圳市国晨工程造价咨询有限公司 | A kind of engineering project Records Information Management System |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1946099A (en) * | 2006-10-20 | 2007-04-11 | 华为技术有限公司 | System for realizing telephone book and method for obtaining telephone book resource |
| US20080306922A1 (en) * | 2004-08-09 | 2008-12-11 | Research In Motion Limited | System and method for enabling bulk retrieval of certificates |
| CN102279853A (en) * | 2010-06-12 | 2011-12-14 | 陈健华 | Rapid data access method based on LDAP (Lightweight Directory Access Protocol) |
-
2014
- 2014-12-31 CN CN201410855755.XA patent/CN104516981B/en active Active
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20080306922A1 (en) * | 2004-08-09 | 2008-12-11 | Research In Motion Limited | System and method for enabling bulk retrieval of certificates |
| CN1946099A (en) * | 2006-10-20 | 2007-04-11 | 华为技术有限公司 | System for realizing telephone book and method for obtaining telephone book resource |
| CN102279853A (en) * | 2010-06-12 | 2011-12-14 | 陈健华 | Rapid data access method based on LDAP (Lightweight Directory Access Protocol) |
Non-Patent Citations (3)
| Title |
|---|
| GIL KIRPATRICK: "《活动目录编程指南》", 1 May 2001, 清华大学出版社 * |
| 杜国明等: "一种基于时间序列窗口查询的新索引方法", 《计算机工程与应用》 * |
| 陈宇翔: "《LDAP详解 IBM Tivoli Directory Server 从入门到精通》", 31 October 2012, 机械工业出版社 * |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2016183964A1 (en) * | 2015-05-18 | 2016-11-24 | 中兴通讯股份有限公司 | Database query method and apparatus |
| CN106294380A (en) * | 2015-05-18 | 2017-01-04 | 中兴通讯股份有限公司 | The querying method of data base and device |
| CN109800252A (en) * | 2019-03-05 | 2019-05-24 | 深圳市国晨工程造价咨询有限公司 | A kind of engineering project Records Information Management System |
Also Published As
| Publication number | Publication date |
|---|---|
| CN104516981B (en) | 2018-04-13 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US11513846B1 (en) | Distributed data acquisition, indexing and search system | |
| WO2002015481A3 (en) | Methods, systems, and computer program products for managing a service provided by a network | |
| WO2019072286A3 (en) | Platform for atomic transfer of smart assets within blockchain networks | |
| WO2008127608A3 (en) | A system and method for creating a list of shared information on a peer-to-peer network | |
| CN108182258B (en) | Distributed data analysis system and method | |
| CN104182519B (en) | A kind of file scanning method and device | |
| ATE410019T1 (en) | METHOD FOR COMMUNICATION BETWEEN AN APPLICATION AND A CLIENT | |
| EP3832585A4 (en) | Performance information server, client terminal, work machine, method for acquiring performance information, and method for providing performance information | |
| WO2014151507A1 (en) | System and method for omni-channel identity matching | |
| CN104144223B (en) | A kind of data capture method and device | |
| US20150188879A1 (en) | Apparatus for grouping servers, a method for grouping servers and a recording medium | |
| CN104767839A (en) | IP positioning method and device | |
| WO2017071118A1 (en) | Monitoring resource management method and apparatus, cse and storage medium | |
| CN103001994A (en) | Friend recommendation method and friend recommendation device | |
| CN104516981A (en) | LDAP anonymous inquiry method not limited by quantity | |
| WO2016070571A1 (en) | M2m node management method and apparatus, and computer storage medium | |
| CN105446824B (en) | Table increment acquisition methods and long-distance data backup method | |
| GB2507037A (en) | Software application discovery using variable frequency file system scanning | |
| CN110611591B (en) | Network topology establishing method and device | |
| CN104657354B (en) | A kind of digital certificate validity period search method and equipment | |
| CN111565120B (en) | 5G network slicing product configuration method and system and electronic equipment | |
| CN109117202A (en) | A kind of method and system that audit type configuration item is set | |
| CN109886041B (en) | Real-time data acquisition method and device | |
| CN105654362A (en) | Order management system and method | |
| CN106941413B (en) | Service management method and device |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant | ||
| CP03 | Change of name, title or address |
Address after: 200436 Room 601, Lane 299, Lane 299, JIANGCHANG West Road, Jingan District, Shanghai Patentee after: Geer software Limited by Share Ltd Address before: 200070 B, 501E, 199 JIANGCHANG West Road, Zhabei District, Shanghai. Patentee before: Geer Software Co., Ltd., Shanghai |
|
| CP03 | Change of name, title or address |