CN116170310A - Data updating method of directory server, electronic equipment and transaction engine system - Google Patents

Abstract

The invention provides a data updating method of a directory server, electronic equipment and a transaction engine system, and belongs to the technical field of communication. The method comprises the following steps: receiving an item update request sent by a client, wherein the item update request comprises an identifier for designating a directory server, a designated operation record and a character string, the character string is obtained by serializing item data, and the item data is returned by a source directory server; inversely sequencing the character strings into entry objects conforming to a directory data protocol; determining an update instruction based on the specified operation record and the item object; and sending the updating instruction to the appointed directory server. The method and the device are used for updating the data of the directory server.

Description

Data updating method of directory server, electronic equipment and transaction engine system

Technical Field

The present invention relates to the field of communications technologies, and in particular, to a method for updating data of a directory server, an electronic device, and a transaction engine system.

Background

The lightweight directory access protocol (Lightweight Directory Access Protocol, LDAP) is an open, neutral, industry-standard application protocol for data interactions between clients and directory servers, providing access control and maintaining directory information on the basis of transmission control protocols and internet protocol (TCP/IP protocol). When the directory server is configured to use or be compatible with LDAP for data interaction (such directory server may be referred to as LDAP server for short), it may help a user accessing the directory server to perform identity authentication, and the user may query a database or a directory file in the directory server and may obtain (directory) entries from the database or the directory file, thereby obtaining information such as organization, department, person, product item, product, image, video, audio, etc.

Data interaction with an LDAP server requires a strict data specification format, and a client for user delivery typically has a front-end program that is mainly used to query (read) the data in the LDAP server, and it is difficult for a user to adjust the data in the LDAP server through the client. The organization or collective of using LDAP servers to manage and store information is usually large-scale, the volume of data involved is huge, the entries stored are numerous, and in order to avoid data loss, there is a requirement for data redundancy, multiple directory servers or directory server clusters are often employed to ensure reliability and availability. In practice, the information such as organizations, departments, individuals, product items, products, images, videos, audios and the like is not invariable, and is changed and increased frequently, and according to the actual application situations such as data increase and information change, users face the need of adjusting stored items among the LDAP servers, however, the adjustment of the items among the LDAP servers is difficult to achieve by the users through the clients.

Disclosure of Invention

The invention aims to provide a data updating method of a directory server, electronic equipment and a transaction engine system, which avoid the problem that a user is difficult to change information between LDAP servers through a client due to difficult data adjustment of the LDAP servers, realize adaptation capability and client request change information, not destroy the neutrality of LDAP and improve the use difficulty and cost.

In order to achieve the above object, an embodiment of the present invention provides a data updating method of a directory server, applied to an adapter, the data updating method including:

receiving an item update request sent by a client, wherein the item update request comprises an identifier for designating a directory server, a designated operation record and a character string, the character string is obtained by serializing item data, and the item data is returned by a source directory server;

inversely sequencing the character strings into entry objects conforming to a directory data protocol;

determining an update instruction based on the specified operation record and the item object;

and sending the updating instruction to the appointed directory server.

Specifically, before the receiving the entry update request sent by the client, the data update method further includes:

sending a query instruction to a source directory server;

and sending a character string to the client, wherein the character string is obtained by serializing the received item data, and the item data is returned by the source directory server in response to the query instruction.

Specifically, before the query command is sent to the source directory server, the data updating method further includes:

Receiving an item inquiry request sent by a client, wherein the item inquiry request comprises an identifier of a source directory server, an inquiry operation record and an item identification character string;

and determining a query instruction based on the query operation record and an item unique identifier, wherein the item unique identifier is obtained by deserializing the item identification character string.

Specifically, the specified operation record includes any one of a custom operation record, an add operation record, a change operation record, and a delete operation record.

Specifically, the determining, based on the specified operation record and the item object, an update instruction includes any one of the following:

determining a plurality of resolved entry instructions based on the custom action record and the entry object;

determining an add entry instruction based on the add operation record and the entry object;

determining a change entry instruction based on the change operation record and the entry object;

and determining an item deleting instruction based on the deletion operation record and the item object.

Specifically, before the step of sending the update instruction to the specified directory server, the data update method further includes:

Determining that the number of the received entry update requests is greater than or equal to a specified value;

sending a backup instruction to the appointed directory server, wherein the backup instruction comprises a snapshot file creation instruction and/or an image file creation instruction;

and storing the backup file to a specified storage address, wherein the backup file is a file which is output as a specified data object after specified item data is serialized, and the specified item data is returned by the specified directory server in response to the backup instruction.

Specifically, after the sending the update instruction to the specified directory server, the data update method further includes at least one of:

returning a status message to the client, the status message being obtained by serializing a status code returned by the specified directory server in response to the update instruction;

receiving an entry rollback request sent by a client, the entry update request including an identifier specifying a directory server, a rollback operation record, and an identification of the backup file;

determining a rollback instruction based on the rollback operation record and the identification of the backup file;

and sending the rollback instruction to the appointed directory server.

The embodiment of the invention provides a data updating method of a directory server, which is applied to a client, and comprises the following steps:

sending an entry update request to an adapter, wherein the adapter is an adapter in the data update method of the directory server;

and receiving a status message returned by the adapter.

The embodiment of the invention provides a data updating method of a directory server, which is applied to the directory server and comprises the following steps:

receiving an update instruction sent by an adapter, wherein the adapter is an adapter in the data update method of the directory server;

and sending a status code responsive to the update instruction to the adapter.

In still another aspect, an embodiment of the present invention provides an electronic device, including:

at least one processor;

a memory coupled to the at least one processor;

wherein the memory stores instructions executable by the at least one processor, the at least one processor implementing the aforementioned methods by executing the instructions stored by the memory.

In yet another aspect, an embodiment of the present invention provides a transaction engine system, where the transaction engine system includes an adapter and a client, where the client is communicatively connected to a directory server through the adapter, and the adapter is an adapter in the foregoing method for updating data of the directory server.

The invention implements an adapter application between a client and a directory server.

In the item update request sent by the client and received by the adapter, the identifier of the appointed directory server, the appointed operation record and the character string are appointed, the character string is obtained after the item data in the source directory server is serialized, the identifier can determine the communication address of the appointed server, the appointed operation record can determine the specific type of the update operation, the information to be changed is transmitted to the adapter in the form of the character string, the function of receiving the request of changing the information of the client is realized, and the client is not required to process the item object and form a strict data specification format.

The invention uses the information to be changed in the form of character string to be reverse-sequenced into the item object, and determines the update instruction based on the item object and the appointed operation record in the adapter. However, in the prior art, the directory server requires a file to be mounted in the instruction, the entry object is recorded in the file, and the directory server can only process the entry object conforming to the directory data protocol, so that the entry object in the file must be recorded in the file according to a strict data specification format.

The adapter of the invention sends the updating instruction to the appointed directory server, at this time, the data adaptation is completed, the exchange of the information which needs to be changed by the client between the source directory server and the appointed directory server is realized, the file is not required to be imported and exported between the directory servers, the data interaction between the directory server and the client under the directory data protocol is not influenced, the neutrality of the directory data protocol is not damaged, and the use difficulty and the cost are improved.

The invention discloses an adapter, which is used for receiving an item inquiry request sent by a client, wherein the item inquiry request is used for determining an inquiry instruction, the item inquiry request comprises an identifier of a source directory server, an inquiry operation record and an item identification character string, the identifier of the source directory server can be used for determining a communication address of the source directory server, the inquiry operation record is used for determining that the current operation type is inquiry, and an item unique identifier obtained through deserialization of the item identification character string is used for determining item data in the source directory server.

The addition operation record, the change operation record and the deletion operation record in the appointed operation record can be in one-to-one correspondence with the instruction (and atomic operation) types of the directory server, the custom operation record can be in correspondence with a plurality of instruction types of the directory server, a plurality of decomposed operations are realized, and the use difficulty and the cost are improved.

When the number of the item update requests is greater than or equal to a specified value, backup operations such as a snapshot file or an image file are created, so that a recoverable state after operation failure can be ensured before an update instruction is executed, the state can be rolled back based on a rollback request of a client, item abnormality is avoided, a user can recover based on the rollback request of the client, a developer is not required to log in a server to process abnormal items, and the use difficulty and cost are improved.

The invention carries out message interaction between the client and the adapter, improves the difficulty of changing information of the client, and is beneficial to integration in a transaction engine system for realizing the transaction processing function of organization or collective. And the interaction of the directory data protocol is still carried out between the directory server and the adapter, so that the neutrality of the directory data protocol is not destroyed.

Additional features and advantages of embodiments of the invention will be set forth in the detailed description which follows.

Drawings

The accompanying drawings are included to provide a further understanding of embodiments of the invention and are incorporated in and constitute a part of this specification, illustrate embodiments of the invention and together with the description serve to explain, without limitation, the embodiments of the invention. In the drawings:

FIG. 1 is a schematic diagram of the steps of the main method according to the embodiment of the present invention;

FIG. 2 is a schematic diagram of a data interaction scenario for an exemplary application adapter according to an embodiment of the present invention;

FIG. 3 is a schematic diagram of a scenario of a first exemplary application adapter query according to an embodiment of the present invention;

FIG. 4 is a schematic diagram of a scenario in which a first exemplary application adapter updates information according to an embodiment of the present invention;

FIG. 5 is a schematic diagram of a first exemplary application adapter delete information scenario according to an embodiment of the present invention;

FIG. 6 is a schematic diagram of a scenario in which a second exemplary application adapter updates information according to an embodiment of the present invention;

FIG. 7 is a schematic diagram of a third exemplary application adapter update information scenario according to an embodiment of the present invention;

FIG. 8 is a diagram illustrating a fourth exemplary application adapter update information scenario according to an embodiment of the present invention;

FIG. 9 is a schematic diagram of an exemplary interaction scenario between a client and a server for an application adapter according to an embodiment of the present invention;

FIG. 10 is a schematic diagram of a scenario in which an exemplary application adapter performs a transaction process according to an embodiment of the present invention;

FIG. 11 is a schematic diagram of an exemplary communication scenario between a client and a server according to an embodiment of the present invention;

fig. 12 is a schematic diagram of another exemplary communication scenario between a client and a server according to an embodiment of the present invention.

Detailed Description

The following describes the detailed implementation of the embodiments of the present invention with reference to the drawings. It should be understood that the detailed description and specific examples, while indicating and illustrating the invention, are not intended to limit the invention.

The directory server of embodiments of the present invention may be configured to interact with clients using or compatible with a directory data protocol. The directory data protocol may be LDAP, which is an LDAP server that provides directory access and entry management services. In some exemplary application scenarios, an LDAP server may be used to record a directory of human resources for an enterprise, and each Entry (Entry) in the LDAP server may correspond to a personal information record (attribute record). Any one of the entries may include personnel information such as personnel name, department, email, product item, salary, personnel image, address, and phone number. Any one of the entries has a distinguished name (Distinguished Name, DN) which is an entry unique identification, which may be formed of any form of characters and/or symbols, and the identification naming convention may be the same, e.g., a person's email address may be the entry unique identification (DN), which is unique within an enterprise-specific intranet or the internet. The LDAP server may also be used to record a directory of users of intelligent products (electronic devices), each entry in the LDAP server may correspond to a user information record, any one of the entries may include a user name, password, image, video, audio, text, etc., provide an authentication service (e.g., single sign-on), and provide information for the entry record.

LDAP is a distributed protocol in which multiple directory servers or clusters of directory servers are configured to collectively assume the obligation to provide clients with access to a directory information tree (Directory Information Tree, DIT record data hierarchy, node of DIT, i.e., entry). Meanwhile, in various application scenes, the requirements of maintaining backup redundancy, supporting data growth, supporting information change and the like are basic, and are unavoidable in practical application, and the availability and reliability in various application scenes, such as enterprise-level data server application scenes, user identity authentication application scenes and the like, can be realized by using a plurality of LDAP servers or LDAP server clusters.

Changing information between LDAP servers may attempt to employ a file conforming to the LDAP specification, which may be a LDIF (LDAP Data Interchange Format) file, which may be "ldif" with the suffix that must conform to the strict data specification format, i.e., that must conform to the syntax and specified terminology, for the file to be handled by the LDAP servers. For example, first, an entry of a specified person is exported from a first directory server to a local file to obtain a first LDIF file, then, if the information of the specified person is changed, the first LDIF file is edited, the first LDIF file is written in accordance with a specified term and syntax corresponding to the changed information to obtain a second LDIF file, the obtaining and writing operations are difficult to be performed on a client, and the developer or maintainer can log in the first directory server alone before the operation. Then, the developer or maintainer copies or transmits the first LDIF file or the second LDIF file to the second directory server (or copies to the shared environment), and the second directory server imports the entry by the instruction with the storage address of the LDIF file, so that it is difficult for the user to implement information change between the LDAP servers by the client. In the practical situations such as large-scale DIT migration or department information cross adjustment, the editing and exchange of a large number of files are involved, and the change is very time-consuming and difficult for professional development or maintenance personnel to operate. In view of this, embodiments of the present invention will provide a data update solution for an LDAP server.

Example 1

The embodiment of the invention provides a data updating method of a directory server, which can be applied to an adapter, as shown in fig. 1, and can comprise the following steps:

m1) receiving an item update request sent by a client, wherein the item update request comprises an identifier of a designated directory server, a designated operation record and a character string, the character string is obtained by serializing item data, and the item data is returned by a source directory server;

m2) inverse-serializing the character strings into entry objects conforming to a directory data protocol;

m3) determining an update instruction based on the specified operation record and the item object;

m4) sending the update instruction to the specified directory server.

In the embodiment of the invention, the adapter may be an electronic device, and the electronic device may include a processor and a memory, where the memory stores instructions, and when the instructions are executed by the processor, the functions corresponding to the foregoing data updating method may be implemented, for example, the electronic device that installs/deploys the specified program/script. The client may also be an electronic device, such as an electronic device that installs/deploys a specified program/script. The hardware of the client and the adapter may be the same electronic device, or may be separate (same or different) electronic devices. In some examples, the electronic device of the embodiments of the present invention may include devices with instruction processing, computing, and communication capabilities, such as a computer, an industrial personal computer, a server, a gateway device, an embedded device, and a mobile device (e.g., a mobile phone).

The foregoing adapter may perform serialization (serialization) and deserialization (deserialization) operations to implement the functionality of data format specification translation between the transport protocol of a message and LDAP.

In terms of software function implementation, the serialization operation of the embodiments of the present invention implements the translation function of LDAP to message transport protocol. For the serialization operation, the foregoing adapter-on-specification program may be configured with a data object data structure conforming to the transmission protocol of the message, and the serialization operation may include:

SER 1) inputting an item object, and carrying out object instantiation by using the item object according to a data object data structure;

SER 2) outputs the instantiated objects as character strings by a serialization function.

The deserialization operation of the embodiment of the invention realizes the conversion function from the transmission protocol of the message to the LDAP. For the deserialization operation, the above-mentioned on-adapter designated program may be configured with an entry object data structure conforming to LDAP, and the deserialization operation may include:

DES 1) inputting a character string;

DES 2) restoring the received character string to the transport protocol object of the message;

DES 3) object instantiation using the transport protocol object of the message;

DES 4) outputs the instantiated object as an item object in accordance with the item object data structure via an inverse sequence function.

Wherein the serialization function and the deserialization function may be of a programming language/framework or separately structured, adapted to different programming languages/frameworks, and may be implemented differently, for example, by directly converting the string into an item object through the deserialization function and/or structured class (class) after inputting the string.

In one exemplary architectural example of the present disclosure, the programming language/framework may include a NET framework, QT framework, or Java language, C language, or the like. In the NET framework, a data object data structure conforming to a transmission protocol of a message and an entry object data structure conforming to LDAP can be realized by constructing classes, and in the constructed classes, a serialization function seriize (), an inverse serialization function Deserialize () in the framework can be used; in the Java language, a serialization (Serializable) interface class may be used, a class is formed that implements a data object data structure and an entry object data structure, and in the formed class, a serialization function or function may be formed based on an object output stream (ObjectOutputStream) and an object writing method (writeObject ()), and an inverse serialization function or function may be formed based on an object input stream (ObjectInputStream) and an object reading method (readObject ()). The implementation manner of the serialization operation and the deserialization operation is not the only implementation manner limited by the embodiment of the present invention, and may be selected and configured based on product characteristics, language frames, and the like.

In terms of use, as shown in fig. 2, when the adapter receives a string, the anti-serialization operation 100 may be performed to obtain an item object, and when the adapter receives item data, the serialization operation 101 may be performed to obtain a string, so that the adapter implements a bidirectional protocol data conversion function based on the serialization operation and the anti-serialization operation. Wherein the entry data may comprise an entry object or (adapted to the return of the LDAP server) a status code.

The aforementioned clients and adapters are communicatively coupled (send/receive) and may interact with data based on the transmission protocol of the aforementioned messages. The foregoing message transmission protocols may include hypertext transfer protocol HTTP, message queue telemetry transfer protocol MQTT, remote procedure call RPC, and the like.

In a first example, when the request sent by the client is an employed HTTP lower entry update request, the identifier may be a domain name address or an IP address of the server, the specified operation record may include a request operation method record such as GET, POST, PUT, DELETE, and the character string may be recorded in a Uniform Resource Locator (URL). In a second example, in the MQTT, names of the entry update request and the response may be specified, the names of the request and the response are respectively taken as two topics (topic), and the client may subscribe to the two topics. The client may issue the specified operation record and string as associated data to the adapter, which may push the associated data to the client in response. In a third example, when the request sent by the client is an entry update request under the RPC, the foregoing data object data structure may be selected to be a JSON object, the entire entry update request may be a long string, and may be restored to be a JSON object, the long string may include a plurality of key and value pairs, (key) server ID and (value) identifier of the specified directory server, (key) method and (value) specified operation record, (key) parameter and (value) short string, and the short string may be used to change information, and is obtained after serializing the entry data, where the specified operation record may include any one of a custom operation record, an add operation record, a modify operation record, and a delete operation record, and the name of the specified operation record may have a correspondence with the name of the instruction in the LDAP. The RPC is selected, and meanwhile, the data object in the data object data structure is selected to be a JSON object, so that the method has the characteristics of high compatibility, strong expansibility, simplicity in use, easiness in deployment and the like. The embodiment of the invention is continuously described by adopting RPC and JSON objects, and HTTP and MQTT can be implemented by referring to the RPC based on the actual characteristics of product requirements, application scenes and the like.

In step M2), the adapter may restore (remove the sign of the string) the (aforementioned short) string as a JSON object, perform a deserialization operation, and output an entry object, which may be LDAP-compliant or may be referred to as an LDAP object. In step M3), by specifying the name of the operation record, the name of the update instruction for the LDAP server may be determined by looking up a table, and each update instruction may have a configured parameter, and the entry object may be passed to the update instruction by the parameter, for example, replacing the template parameter in the update instruction with the entry object. In step M4), since the identifier of the specified directory server has been received, a communication address instructing the directory server may be determined, a communication connection between the adapter and the specified directory server may be established before the transmitting operation, and the updated instruction after the replacement may be transmitted to the specified directory server.

It should be noted that, in the embodiment of the present invention, the client requests the change information to the specified directory server through the adapter, in this process, the request is completed through message and instruction interaction, files do not need to be exchanged in different servers or system environments, even if the character string in the entry update request sent by the client is provided through the adapter performing the serialization operation on the entry data (from the source directory server), and the user can request the change information between the source directory server and the specified directory server (both are LDAP servers) from the client.

In an embodiment of the present invention, the adapter receives an entry update request sent by the client, where a string in the entry update request may be a serialization operation for entry data obtained in the source directory server. Prior to the aforementioned step M1), a query operation may be performed. The data updating method may further include:

f1 Receiving an entry query request sent by a client, the entry query request including an identifier of a source directory server, a query operation record, and an entry identification string;

f2 Determining a query instruction based on the query operation record and an item unique identification obtained by deserializing the item identification string.

In step F1), similar to the item update request, in some application scenarios, the item query request may also be a long string, the item identification string may also be a short string, and the short string may be restored to a JSON object, a deserialization operation is performed, and an item unique identifier is output, which is also part of the item object or the distinguished name. The name of the operation record can be queried to determine a query instruction with a corresponding name by looking up a table, and then the template parameters in the query instruction can be replaced with the unique identification of the entry. In other application scenarios, the query instruction may have an identifier of an entry because the query instruction does not have a large amount of information, so that the query instruction may be directly determined at the client, and the adapter may receive the query instruction sent by the client. The foregoing query operation may further include:

F3 Transmitting a query instruction to the source directory server;

f4 A character string is sent to the client, the character string is obtained by serializing the received item data, and the item data is returned by the source directory server in response to the query instruction.

The item data in step F4) may include a status code or item object, for example, when there is no item object corresponding to the item unique identification, the source directory server returns a specified status code in response to the query instruction, where the status code is serialized into a character string by the adapter and returned to the client, and when the item object corresponding to the item unique identification is queried, the source directory server returns the item object in response to the query instruction, where the item object is serialized into a character string by the adapter and returned to the client.

In the embodiment of the invention, it can be noted that when the adapter receives any one request, the adapter can perform deserialization operation on a character string in the request, output an item object, determine an LDAP instruction corresponding to the LDAP server based on a specified operation record and the item object in the request, replace a template parameter in the LDAP instruction with the item object, send the replaced LDAP instruction to a specified directory server in the LDAP server cluster, and meanwhile, the adapter sequences the item data returned by the LDAP server in response to the LDAP instruction into a character string, and returns the character string to the client. The foregoing LDAP instruction in the embodiment of the present invention may include an update instruction, a query instruction, and the like, and the update instruction may include an add entry instruction, a change entry instruction, a delete entry instruction, and the like. Any one of the LDAP instructions may have a template parameter therein for being replaced with an entry object. The specified operation record in the embodiment of the invention can correspond to at least any LDAP instruction and can be realized through a configured and inquired relation table.

In the foregoing step M3) in the embodiment of the present invention, the design based on the specified operation record and the requirement may include any one of the following:

m301) determining a resolved plurality of entry instructions based on the custom action record and the entry object;

m302) determining an add entry instruction based on the add operation record and the entry object;

m303) determining a change entry instruction based on the change operation record and the entry object;

m304) determining a delete entry instruction based on the delete operation record and the entry object.

In step M301), the custom action record may be an integrated, multifunctional action record, for example, the function of the method (program) of custom action record is to change the phone information in the entries of all people in one of the departments simultaneously, the decomposed multiple entry instructions may include multiple change entry instructions, and for example, the function of the method (program) of custom action record is to add the entries of all people in the first department to the second department, the decomposed multiple entry instructions may include multiple add entry instructions for adding people in the second department in the DIT and multiple delete entry instructions for deleting the entries of all people in the first department in the DIT. Thus, the custom action record may correspond to one or more LDAP instructions, enabling integrated, personalized functionality.

In an exemplary application example disclosed in the present invention, as shown in fig. 3, the software of the client may be a designated program for accessing the directory information, the designated program may be an application program having a front-end display presenting function (front-end program), an application program such as a browser, a terminal program dedicated to the directory information, or the like, and the client may be referred to as a directory client, and the directory clients may be one or more. As shown in the figure, the user 200 may display and receive input of the user 200 at the front end through an input interface of the front end program of the directory client 201, and query user information with a user identification (uid) of "xiaoming" (in the embodiment of the present invention, "chinese quotation mark means a highlighted content, and does not mean a data format). The directory client 201 may send an entry query request 203 to the adapter 204, at which point the transmission protocol of the message between the directory client 201 and the adapter 204 may be JSON-RPC (version neither shown). The entry query request 203 may include a method key "method" and a parameter key "params", the value record at the method key "method" may be a query operation record "getuserinfo", the value record at the parameter key "params" may include a value record "server-ID-1" at a server identifier key "serverID", the server-ID-1 "may be an identifier of a source directory server, a unique identifier which may be represented by an IP address or a domain name address or composed of a combination of arbitrary characters/symbols, and a value record" user=starting at a distinguishing name key "DN", ou=peer, dc=example, dc=com ", may be the aforementioned entry identification character string, wherein ou=peer, dc=example, dc=com domain information or classification information may be a default value of the client 201, or may be specified separately. The entry query request 203 may also include a sequence number identification key "id" where the value record at the sequence number identification key "id" may be "1".

In the foregoing application example, the adapter 204 may perform the deserialization operation 205 on the entire long string of the entry query request 203, output the identifier of the source directory server, the query operation record, the unique entry identifier, and the like, where the output result conforms to the LDAP entry object data structure, the attribute term set of the entry object data structure may correspond to each keyword in the value record at the parameter key "params" in the entry query request, and the data or object corresponding to each attribute term in the attribute term set may be each value record in the value record at the parameter key "params" in the entry query request. The adapter 204 may determine the query instruction 206 based on the query operation record and the unique entry identifier obtained by the deserializing operation 205, where the corresponding query instruction when the query instruction 206 is not replaced may be "ldapfind-C" $param1"", where the command "ldapfind", "$param1" may be a template parameter based on the name "getuserinfo" of the query operation record may be determined by looking up a table, the unique entry identifier may replace the template parameter, and the command parameter "-C" may cause the command "ldapfind" to use the unique entry identifier, thereby obtaining the query instruction 206:

“ldapfind-C"uid＝xiaoming,ou＝people,dc＝example,dc＝com"”。

In the foregoing application example, the adapter 204 communicates with the source directory server (having the identifier server-ID-1, written as source directory server-ID-1) in the directory server cluster 207 (positive integer n directory servers, n being equal to or greater than 2) based on the obtained identifier of the source directory server, and sends a query 206 to the source directory server-ID-1. If the entry exists in source directory server-ID-1, entry object 208 may be returned, and if the entry does not exist, a status code may be returned. In the item object 208, the first row records the distinguishing name dn attribute and distinguishing name uid=xiaoming, the ou=scope, dc=sample, dc=com, i.e. the item unique identifier, the second row records the object class attribute and the object class inottorperson, the third row records the user identification uid attribute and the user identification xiaoming, the fourth row records the sharing name cn attribute and the sharing name xiaoming, the fifth row records the gender attribute and the gender map, the sixth row records the user name userName attribute and the user name xiaoming, and the seventh row records the mail attribute and the (e) mail address xiaoming@example.com. It may be noted that even if simple user information is described in an item object, complex terms and strict data formats are required, the data format of any item object may be that one attribute term, colon, space and data/object term is recorded per line, a large number of LDIF files are formed according to the specifications of the directory data protocol and file processing between servers in the directory server cluster will be very time consuming and difficult.

In the foregoing application example, the adapter 204 may perform the serialization operation 209 based on the obtained entry object 208, outputting the JSON object 210 or the string of the JSON object 210 (as a value of a specified variable parameter, as signaled by the JSON object 210). The JSON object 210 may be configured to have a result key value pair and a sequence number identification key value, where the value record at the result key "result" may include a user identification key "uid" and a value record "xiaoming", a gender key "gender" and a value record "hole", a user name key "userName" and a value record "xiaoming", a mail address key "mail" and a value record "xiaoming@example.com", and the sequence number identification key value may be consistent with the corresponding sequence number identification key "id" and a value record "1" in the entry query request 203, and the string of the JSON object 210 may be configured to respond to the entry query request 203. The result key value pair may be determined by serializing a data object (which may be a JSON-RPC object at this time) data structure of the data object (which may be a JSON-RPC) conforming to the message in operation 209, where a set of keywords corresponding to the client requirement information is defined in the JSON object data structure, and the set of keywords may be used to determine a result key corresponding to an attribute of each object in the item object, and may also be used in some applications to filter a partial term of LDAP (e.g., a full distinguished name DN attribute term, an object class objectClass attribute term) irrelevant to the client requirement information, where a value record of the result key is an object in the corresponding item object.

In the foregoing application example, the adapter 204 may send the JSON object 210 to the client 201 as a response, the front-end program of the client 201 may present the received JSON object 210 in a window 211 (with a close "x" button and a minimize "button) of a query result of the front-end program of the client 201, for example, the user 200 may be presented with user information corresponding to the JSON object 210 in a tabular manner, the first row of the table 212 corresponding to the xiaoming user information may be user identification and xiaoming, the second row may be user name and xiaoming, the third row may be gender and male, and the fourth row may be email and xiaoming@example.com. In the window 211, there may be buttons for performing the next process on the user information, such as a new (user information) button 213, a change (user information) button 214, and a delete (user information or attribute) button 215.

In the foregoing application example, in the first application scenario of changing information, if the user 200 needs to copy the user information from the source directory server to the designated directory server, so as to implement personnel information adjustment between organizations and departments, for example, any one of the departments under organization may correspond to one directory server in the directory server cluster 207, at this time, the user information is adjusted from the first department to the second department (the first department information may be deleted after or before the change or may not be adjusted based on the actual situation), the user 200 may click the change button 214, and in a window 215 of one change information of the front end program of the client 201, more detailed information than that in the window 211 may be presented, for example, information of a department of the xiaoming user, which is the first department, may correspond to an identifier "server-ID-1" of the source directory server, at this time, the second department may correspond to an identifier "server-ID-2" of the designated directory server (at this time, the second department may not store xiaoming user information) and store the user information in the same directory server as the designated directory server. Within the table 216 in the window 215, information of the original department and the first department and information of the new department and the second department may be additionally presented compared to the table 212. The table 216 may be configured to edit any information in the second column at this time, and if the user 200 adjusts only the department information of the xiaoming user information, the user 200 inputs "second department" through the input box (the box position where the cursor 217 is located). A ok button 218 and a cancel button 219 may also be presented in window 215, and after user 200 clicks on ok button 218, the backend program of client 201 may process the information of table 216 into key-value pairs and form a JSON object with a value record of the string of user information, which may be used as an entry update request 220. In JSON object 220, since the aforementioned DIT is different, which corresponds to adding an entry in the specified directory server, then the value record at the method key "method" may be adding user information "adduserinfo" (specified operation record at this time); the value records in the parameter key "params" may include a server identifier key "serverID" and a value record "serverID-2", which may be identifiers of a specified directory server, a distinguishing name key "DN" and a value record "uid=xiaoming, ou=peer, dc=sample, dc=com, a change type key" change type "(item operation parameter for matching command) and a value record" add "(add entry operation record, which may also be regarded as one of specified operation records), a user identification key" uid "and a value record" xiaoming ", a gender key" gene "and a value record" main ", a user name key" userName "and a value record" xiaoming ", a mail address key" mail "and a value record" xiaoming@example.com ", and a serial number identification key" ID "and a value record" 2".

In the aforementioned application scenario of changing information, the adapter 204 may perform the deserialization operation 205 on the entry update request 220, output the identifier of the specified directory server, the specified operation record, the entry object, and the like, and then the adapter 204 may determine an update instruction based on the specified operation record and the entry object, where the update instruction may be an add entry instruction, an add entry instruction (which may be referred to as a template instruction) of an un-replaced template parameter may be written as "ldaadd-a" $param2"", and since the entry object at this time is multi-line, a linefeed "\n" may be used in the replaced template parameter, and thus the entry object in the add entry instruction is an already loaded entry object, and the file does not need to be mounted from the storage address. After replacing the template parameters, this add entry instruction 221 may be written as an LDAP instruction as:

“ldapadd–A"dn:uid＝xiaoming,ou＝people,dc＝example,dc＝com\nchangetype:add\nobjectClass:inetOrgPerson\nuid:xiaoming\ngender:Male\nuserName:xiaoming\nmail:xiaoming@example.com"”。

in the add entry instruction 221, the specified directory server already has ou=scope, dc=example, dc=com domain information, and the command parameter "-a" and the aforementioned command parameter "-C" may represent a plurality of parameters, respectively, for example, the command parameter "-a" or "-C" may include a server address parameter (identifier of the directory server), a specified entry configuration parameter, an authentication (password) parameter, and the like.

In the foregoing application scenario of changing information, the adapter 204 may send the add entry instruction 221 to a specified directory server (written as the specified directory server-ID-2) having the identifier server-ID-2 in the directory server cluster 207 based on the obtained identifier server-ID-2, if the specified directory server-ID-2 processes the add entry operation successfully, a state code corresponding to the successful state, for example, 0x00 (10 in 0) in a 16-ary representation may be returned to the adapter 204, and if the specified directory server-ID-2 processes the failed or wrong, a state code corresponding to the failed state (response timeout or verification failure or operation authority error or request error, etc.), for example, a 16-ary number of non-0 x00, for example, 0x03, 0x08, 0x0B, 0x0D, etc., may be returned to the adapter 204. If the specified directory server ID-2 returns a response 222 of the status code "0x00" to the adapter 204, the adapter 204 performs a serialization operation on the status code to obtain a JSON object 223, where the JSON object 223 may include a result key "result" and a value record "0x00", a sequence number identification key "ID" and a value record "2".

In the foregoing application scenario of modification information, the adapter 204 may send the object 223 to the client 201, the backend program of the client 201 may determine the operation result of the modification information corresponding to the entry update request 220 based on the string of the status code and the serial number identification key, and may send the text and the form to the backend program, which presents the form identified by the user and the text describing that the operation was successful, for example, "designating the directory server operation was successful-. In some cases, the window 224 of the client 201 may simultaneously ask the user 200 whether to delete the entry of the user information in the source directory server, and the user 200 may select based on the yes button 225 and the no button 226.

In the aforementioned application scenario of changing information, if the user 200 clicks the no button 226, the operation of changing information is completed and ended. If the user 200 clicks the button 225, the front end program of the client 201 may present a form of the user identifier and a text description in the deletion process in the window 227, as in fig. 5, the back end program of the client 201 may form a JSON object 228 (an entry update request at this time) corresponding to the deletion xiaoming user information, where the JSON object 228 may include a method key "method" and a value record "delete info" (a designated operation record at this time), may further include a parameter key "params" and a value record, may include a server identifier key "server ID" and a value record "server-ID-1" (an identifier of the source directory server), a distinguishing name key "DN" and a value record "user=xiaoming, ou=pe, dc=example, dc=com", a type key "change type" (an entry operation parameter for matching a command) and a value record "add" (delete entry operation record, may further include one of an operation record designation) and may further include a key "serial number" 3".

In the aforementioned application scenario of changing information, the adapter 204 may receive the JSON object 228, perform the deserialization operation 205, output the identifier of the source directory server, the specified operation record, the unique entry identifier, and the like, determine, based on the specified operation record and the unique entry identifier, an un-replaced delete entry instruction, which may be written as "ldapModify-M" $param3"", and after replacing the template parameter "$param3", the delete entry instruction 229 may be written as:

ldapmodify-M"dn:uid＝xiaoming,ou＝people,dc＝example,dc＝com\nchangetype:delete"。

Wherein the command parameters "-M" may include a server address parameter (identifier of the directory server), a specified entry configuration parameter, an authentication (password) parameter, etc.

In the foregoing application scenario of changing information, the adapter 204 may send the delete entry command 229 to the source directory server-ID-1 based on the obtained identifier server-ID-1, if the delete entry operation is successfully processed by the specified directory server-ID-1, a status code 230 (0 x 00) corresponding to the successful status may be returned to the adapter 204, and the adapter 204 performs the serialization operation 209 on the status code to obtain the JSON object 231, where the JSON object 231 may include a result key "result" and a value record "0x00", a sequence number identification key "ID" and a value record "3".

In the foregoing application scenario of changing information, the adapter 204 may send the JSON object 231 to the client 201, the backend program of the client 201 may determine the operation result of deleting the user information corresponding to the entry update request 228 based on the string of the status code and the serial number identification key, may send the text and the form to the frontend program, and the frontend program presents the form identified by the user and the text describing that the operation was successful, for example, "the source directory server operation is successful-. In other application scenarios, the user may be queried to delete the entry of the user information in the source directory server, if so, the entry of the user information is added to the designated directory server after the deletion is performed on the entry in the source directory server, the operation execution process may not query the user any more, and if the source directory server and the designated directory server are in different private networks, the user information in the source directory server may not be adjusted.

In the foregoing application example, in the application scenario of the second modification (or update) information, if the user 200 only needs to modify the user information in the source directory server, the modification button 214 in the window 211 may be clicked, as in fig. 6, the user 200 inputs the modified email "xiaoming1234@example.com" (such as the position where the cursor 235 falls) in the table 234 editable in the window 233 through the front end program of the client 201, the determination button 236 and the cancel button 237 may also be configured in the window 233, after the user 200 clicks the determination button 236, the back end program of the client 201 may generate the JSON object 238 (i.e. the entry update request) based on the form information submitted by the front end program (the information of the department is not adjusted at this time, and a line record of the new department may be left empty), the JSON object 238 may include a method key "method" and a value record "modification use info" (a specified operation record at this time), a parameter key "params" and a value record, which may include a server identifier key "serverID" and a value record "server-ID-1" (an identifier of a source directory server), a distinguishing name key "DN" and a value record "uid=starting, ou=scope, dc=sample, dc=complete", a modification type key "change type" (an entry operation parameter for a matching command) and a value record "modification" (a modification entry operation record) and a replacement operation key "replace" and a value record "mail" (a specified operation record) and a mail address key "mail" and a value record "xiaoming1234@example.com" (a character string), a sequence number identification key "id" and a value record "4" may also be included.

In the aforementioned second application scenario of modification information, the adapter 204 may receive the JSON object 238, perform the deserialization operation 205, obtain the identifier of the source directory server, the specified operation record, and the entry object, determine the modification entry instruction 239 (after replacing the template parameter) based on the specified operation record and the entry object, and write the entry instruction 239 as:

“ ldapmodify -M" dn:uid＝xiaoming,ou＝people,dc＝example,dc＝com\nchangetype:modify\nreplace:mail\nmail:xiaoming1234@example.com"”。

in the aforementioned application scenario of the second modification information, the adapter 204 may receive the state code 240 (0 x 00) after the execution of the modification entry operation by the source directory server, and the adapter 204 performs the serialization operation 209 on the state code to obtain the JSON object 241, where the JSON object 241 may include the result key "result" and the value record "0x00", and the sequence number identification key "id" and the value record "4". The adapter 204 may send JSON object 241 to the client 201, the backend program of the client 201 may determine the result of the operation of altering the user information corresponding to the entry update request 238 based on the string of the status code and the sequence number identification key, may send text and forms to the frontend program, which presents the user-identified forms and text describing the success of the operation, such as "source directory server operation success-.

In the foregoing application example, in the application scenario of the third modification (newly added attribute) information, if the user 200 needs to add a new attribute to the xiaoming user information, then the user 200 may click on the newly added button 213 in the window 211, as in fig. 7, click on the newly added attribute button 245 in the table 244 editable in the window 243 by the front end program of the client 201, select the attribute tag of the mobile phone in the newly added table row (the configured attribute tag set may be provided to the user 200 in a pull-down list manner), and input the mobile phone number "123456789" (such as the position where the cursor 246 falls, at this time, the information of the department is not adjusted, and a line record of the new department may be left blank), and the ok button 247 and the cancel button 248 may also be provided in the window 243. After the user 200 clicks the ok button 247, the backend program of the client 201 generates a JSON object 249 (which may be an entry update request 249) based on the form information submitted by the front-end program, and the JSON object 249 may include a method key "method" and a value record "modified user fo" (a specified operation record at this time), and may further include a parameter key "params" and a value record which may include a server identifier key "serverID" and a value record "server-ID-1" (an identifier of the source directory server), a discrimination name key "DN" and a value record "uid=xiaoming, ou=scope, dc=sample, dc=command, a modification type key" change type "(an entry operation parameter for a matching command), a modification operation record" may also be regarded as one of the specified operation records, an addition operation key "add" and a value record "mobile phone" and a value record "6789", and a value record "1235" mobile phone "and a value record" 1235 "may further include a value record" serial number "459".

In the aforementioned third application scenario of modification information, the adapter 204 may receive the JSON object 249, perform the deserialization operation 205, obtain the identifier of the source directory server, the specified operation record, and the entry object, determine the modification entry instruction 250 (after replacing the template parameter) based on the specified operation record and the entry object, and write the entry instruction 250 as:

“ ldapmodify -M" dn:uid＝xiaoming,ou＝people,dc＝example,dc＝com\nchangetype:modify\nadd:mobilephone\nmobilephone:123456789"”。

in the aforementioned third application scenario of modification information, the adapter 204 may receive the status code 251 (0 x 00) after the execution of the modification entry operation by the source directory server, and the adapter 204 performs the serialization operation 209 on the status code to obtain the JSON object 252, where the JSON object 252 may include the result key "result" and the value record "0x00", and the sequence number identification key "id" and the value record "5". The adapter 204 may send JSON object 252 to the client 201, the backend program of the client 201 may determine the operation result of changing the user information corresponding to the entry update request 249 based on the string of the status code and the sequence number identification key, may send text and forms to the frontend program, and the frontend program presents the user-identified forms and text describing that the operation was successful, such as "source directory server operation was successful-.

In the aforementioned application example, in the fourth application scenario of changing (adding a user) information, if the user 200 needs to add an entry of user information to the source directory server, the window 211 may be closed to return to the homepage, or the user 200 may add the user to the homepage of the front-end program of the client 201 before any query is performed. A plurality of buttons may be included in the home page, such as an add user button, a delete user button, a query user button, etc., and if the user 200 clicks the add user button in the home page, user information, such as fig. 8, for example, user information such as a user identifier, a user name, a department, and an email (e.g., where the cursor 257 drops line by line), may be filled in the window 254, and the user 200 may also select a configurable attribute tag from a drop-down attribute list 258 via the add attribute button 256. The window 254 may be configured with a ok button 259 and a cancel button 260, after the user 200 clicks the ok button 259, the back-end program of the client 201 receives form information submitted by the front-end program, and generates a JSON object 261, where the JSON object 261 is similar to the aforementioned JSON object 220, and the JSON object 261 includes a method key "method" and a value record "adducerinfo" (a designated operation record at this time), and may further include a parameter key "params" and a value record, where the value record may include a server identifier key "serverID" and a value record "server-ID-1" (identifier of the source directory server), a distinguishing name key "DN" and a value record "user=starting, an outer=scope, dc=sample, dc=com", a modification type key "change type" (an entry operation parameter for matching a command) and a value record "add" (an entry operation record may also be considered as one of the designated operation records), a user identifier key "d" user identifier "and a value" service-ID "62", and a value "mail record" mail value "user" identifier "value" 38 "and a value" mail record "mail value" may further include a sequence number "mail record".

In the aforementioned fourth scenario of changing information (where the user id uid may not be bound to the mail prefix), the adaptor 204 may receive the JSON object 249, perform the deserialization operation 205, obtain the identifier of the source directory server, the specified operation record, and the entry object, determine the add entry instruction 262 (after replacing the template parameter) based on the specified operation record and the entry object, and write the entry instruction 262 as:

“ldapadd-A"dn:uid＝axing,ou＝people,dc＝example,dc＝com\nchangetype:add\nobjectClass:inetOrgPerson\nuid:xiaoming\nuserName:axing\nmail:axing@example.com"”。

in the aforementioned fourth application scenario of changing information, the adapter 204 may receive the state code 263 (0 x 00) after the execution of the add entry operation by the source directory server is completed, and the adapter 204 performs the serialization operation 209 on the state code to obtain the JSON object 264, where the JSON object 264 may include the result key "result" and the value record "0x00", and the sequence number identification key "id" and the value record "6". The adapter 204 may send JSON object 264 to the client 201, the backend program of the client 201 may determine the operation result of changing the user information corresponding to the entry update request 261 based on the string of the status code and the sequence number identification key, may send text and forms to the frontend program, and the frontend program presents the user-identified form and text describing that the operation was successful, such as "source directory server operation was successful-.

Notably, the adapter in embodiments of the present invention may enable the execution of the operations to change information in a specified directory server or between a source directory server and a specified directory server based on a client request.

In the embodiment of the invention, the backup operation can be performed on the directory server. The data updating method further comprises, before sending the updating instruction to the designated directory server:

u1) determining that the number of received entry update requests is equal to or greater than a specified value;

u2) sending a backup instruction to the appointed directory server, wherein the backup instruction comprises a snapshot file creation instruction and/or an image file creation instruction;

u3) storing a backup file to a specified storage address, wherein the backup file is a file that is output as a specified data object after serializing specified entry data (status code or entry object) returned by the specified directory server in response to the backup instruction.

The specified value of the entry update request in step U1) may be set based on the client product and the scenario, where the entry update requests may point to the same directory server cluster, multiple directory servers with the same DIT, or the same directory server, and a time interval between a time of receiving the first entry update request and a time of receiving the first entry update request may belong to a specified time interval, for example, the time interval is 2 seconds, the specified value is 5, and if the adapter receives 5 or 10 entry update requests within 2 seconds, it is determined that the specified value is greater than or equal to the specified value, and at this time, the adapter may actively send a backup instruction to the directory server or the cluster. In some application scenarios, the determining step of step U1) may not be required, and the adapter may send a backup instruction to the directory server or the cluster according to the configured interval period; the adapter can also periodically return a prompt message to the client before the appointed time and before the appointed operation to inquire whether the backup is firstly performed; the adapter may also receive a backup request actively sent by the client. Step U2) the snapshot file creation instruction in the backup instruction is also an LDAP instruction, and can be realized by a plurality of inquiry item instructions. The directory server returns a specified entry object in response to the backup instruction, and the adapter may perform a serialization operation on the specified entry object in step U3), output a JSON object, and save the JSON object in a snapshot file at a configured specified storage address, where the specified storage address may include a server address or an object storage mount point address, and so on. Step U2) creating an image file instruction in the backup instruction may be directed to a virtual machine of the directory server, a container in which the directory server is located, or a storage medium providing a storage space, for providing an image file of the virtual machine, the container, or the storage medium, where the image file may also be stored in a configured designated storage address. Snapshot files are more conducive to fast state rollback than image files.

In the embodiment of the invention, the directory server can be rolled back. After said sending said update instruction to said designated directory server, the data update method further comprises at least one of:

m5) returning a status message to the client, the status message being obtained by serializing a status code returned by the specified directory server in response to the update instruction;

m6) receiving an entry rollback request sent by the client, the entry update request including an identifier specifying a directory server, a rollback operation record, and an identification of the backup file;

m7) determining a rollback instruction based on the rollback operation record and the identification of the backup file;

m8) sending the rollback instruction to the specified directory server.

In step M5), the status code may be a status code (other than 0x 00) of a failure status or an operation error, indicating that the operation of the directory server corresponding to the update instruction was not successfully performed by the directory server. At this time, the status message may be returned to the client, and the user may be asked whether to rollback (restore) the status of the directory server to the status before executing the update instruction, the identifier of the backup file may be the storage address of the file of the backed-up JSON object, the rollback instruction is obtained after the deserialization operation of the JSON object and the replacement of the template parameter, and the rollback instruction may implement the rollback operation by executing one or more of the combination of the delete entry instruction, the change entry instruction, and the add entry instruction, or by executing the rollback instruction of the directory server, the directory server may compare the difference between the current entry and the entry object in the rollback instruction by itself, and delete the difference entry and add the missing entry newly.

In an embodiment of the present invention, as shown in fig. 9, any of the foregoing requests from the client may be deserialized by the adapter, the adapter determines an LDAP instruction, the adapter may send the LDAP instruction to the directory server, the directory server may perform an atomic operation, the directory server will respond to the entry object or the status code to the adapter after performing the atomic operation, the adapter performs a deserialization operation on the entry object or the status code, the adapter determines a data object conforming to the transmission protocol of the message, and returns the data object to the client as a response to the request. In the embodiment of the invention, the entry processing of the large-scale directory server cluster can be realized through a plurality of atomic operations. Any one of the atomic operations may be an entry operation that the client needs to perform by the LDAP server, the entry operation including an add entry operation corresponding to an add entry instruction, a delete entry operation corresponding to a delete entry instruction, a change entry operation corresponding to a change entry instruction, a query entry operation corresponding to a query entry instruction, a backup operation corresponding to a backup instruction, and the like. In some application scenarios that are advantageous for the user to use, the function of making the transaction request may be configured at the client, one transaction request may include at least two entry update requests or at least two entry query requests or at least one entry update request and at least one entry query request, and it should be noted that the foregoing custom operation record is recorded in one request (a sequence number identifier), the custom operation record may be mainly used for the operation of multiple items of change information for the information of the same user or department user as a whole, for example, in the foregoing first type of application scenario of change information, the operation of adding user information in the specified directory server and the operation of deleting user information in the source directory server may be combined into the entry update request having the same sequence number identifier key "id" and value record, the adapter may send an instruction to delete an entry of deleting user information to the source directory server and an instruction to send an add an entry instruction to the specified directory server, and receive a state code to the specified directory server in response to the added instruction, and may return an error code to the state of the corresponding client to the state code to the state of the client when the state code is not returned to the state of the client, and the state code may not be returned to the state of the corresponding to the client.

In the embodiment of the invention, the transaction request can be mainly used for realizing the operations of changing information at the directory server side among large-scale users and a plurality of users of organizations, departments and the like.

In an example of a change transaction request application disclosed in the present invention, as shown in fig. 10, a user 300 needs to adjust mail domain name information of k (positive integer greater than or equal to 2) user identities, where k is 1 st user identity 1"zhangsan", 2 nd user identity 2"lisi" … … kth user identity k "wangwu". The user 300 may select a button of the transaction request within a homepage in the client 301 and fill in each user identification and a new mail field (name), e.g., "example1234.Com", in a window 302 of the transaction request. In the window 302, there may be a ok button 304 and a cancel button 305, after the user 300 clicks the ok button 304, the client 301 may generate k JSON objects 306, that is, key values of any one of the 1 st JSON object 1, the 2 nd JSON object 2 … … kth JSON object k, and the k JSON objects 306 may generate a composition form referring to the foregoing object JSON238, and the adapter 307 may receive the batch of JSON objects 306, perform the deserialization operation 308 on the JSON objects one by one, and determine a change entry instruction, where a template instruction of each change entry instruction may be in the form of the foregoing change entry instruction 239, that is, "ldapmodify-M" $param3"", and finally obtain a change entry instruction set 308 composed of k change entry instructions (1 st change entry instruction 1 st to k change entry instruction k).

In the foregoing transaction request application example, the adapter 307 may first perform the foregoing steps U2) to U3) at this time, and then may sequentially send the change entry instructions in the change entry instruction set 308 to the directory servers corresponding to the user identities in the directory server cluster 310, record the status code corresponding to the current change entry instruction before sending the next change entry instruction, and then send the next change entry instruction. The adapter 307 performs serialization operation 312 on the record-formed state code set 311 to obtain k JSON objects for return, the (k+1) th to (2) th JSON objects 313, the adapter 307 returns the (k+1) th to (2) th JSON objects 313 to the back-end program of the client 301, and after determining that all the state messages (state code is 0x 00) are successful, the back-end program may send text to the front-end program, and the front-end program presents text describing that the operation is successful, for example, "all directory servers operate successfully-. In this application example, it may be understood that, in order to more simply enter k user identifiers, before executing the foregoing transaction request, a query may be performed based on a common department of the k user identifiers, where the query may also be a transaction request (may be implemented by completely referring to the foregoing change transaction request, and not be repeated herein), and the user identifier that needs to change the mail domain name and the identifier that determines the directory server may be selected from the list of user identifiers in the returned departments (may correspond to the department information at this time), so that the user 300 only needs to input a new mail domain name, and does not need to input the user identifiers one by one. At the same time, the aforementioned instructions may be configured to be sent by adapter 307 to directory server cluster 310 simultaneously, and executed in directory server cluster 310 in serial or parallel, as appropriate to the device performance characteristics of directory server cluster 310.

The embodiment of the invention also provides a data updating method of the directory server under the same conception as the data updating method, which is applied to the client, and comprises the following steps:

CS 1) sending an entry update request to an adapter, wherein the adapter is an adapter in the data update method of the directory server;

CS 2) receives the status message returned by the adapter.

In the embodiment of the invention, the application program of the client may include a front-end program and a back-end program, where the front-end program may be used for presenting text and form information sent by the back-end program, and may have a style that is convenient for a user to review. The front-end program may also be used to provide an input interface to the user and submit form information to the back-end program. The back-end program (which may implement the functionality with reference to the serialization and deserialization operations described above) may be used to interact with the adapter for data interactions under the transport protocol specification of messages, such as JSON objects, to send user input data to the adapter and receive data returned by the adapter, which is obtained based on the entry data (status code or entry object) responded to by the directory server.

In an example of a client application disclosed in the present invention, as shown in fig. 11, a client 400 may have a first operation mode and a second operation mode, if the client 400 enables the first operation mode, the client 400 may interact (request/response) with an adapter 401 under a transmission protocol specification of a message, the adapter 401 may perform a deserializing operation 403 and a serializing operation 404, and the adapter 401 interacts (LDAP instruction/entry data) with a directory server cluster 402 according to LDAP. If the client 400 enables the second mode of operation, the client 400 interacts with the directory server cluster 402 for LDAP compliant data (LDAP instructions/entry data).

In another example of a client application disclosed in the present invention, as shown in fig. 12, the foregoing client may be the first client 500, the client 500 may perform data interaction (request/response) under the transmission protocol specification of the message with the adapter 501, the adapter 501 may perform the deserialization operation 503 and the serialization operation 504, and the adapter 501 performs data interaction (LDAP instruction/entry data) conforming to LDAP with the directory server cluster 502. The client communicatively connected to the directory server cluster 502 is a second client 505, and the client 505 performs LDAP-compliant data interactions (LDAP instructions/entry data) with the directory server cluster 502.

The embodiment of the invention also provides a data updating method of the directory server under the same conception as the data updating method, which is applied to the directory server and comprises the following steps:

SS 1) receiving an update instruction transmitted from an adapter, the adapter being an adapter in the aforementioned data update method of the directory server;

SS 2) sends a status code to the adapter in response to the update instruction.

In the embodiment of the invention, a plurality of directory servers can be adopted, and a directory server cluster can be formed, wherein the directory server cluster can carry out data interaction conforming to LDAP (LDAP instruction/item data) with the adapter and can also carry out data interaction conforming to LDAP (LDAP instruction/item data) with a client.

Notably, in embodiments of the present invention, the adapter does not disrupt the neutrality of the directory data protocol (LDAP) between the client and the directory server, and does not affect the data interaction between the client (e.g., a client already present in the communication network) and the directory server. According to the embodiment of the invention, files are not required to be exchanged between servers, the processing steps of the files are skipped, LDAP objects are directly loaded, and the adapter and the client request to realize information change are not required to be developed or a technician is not required to intervene, so that even if the development or the technician intervenes to process the information change between the directory servers in the directory server cluster, the time is very consumed and difficult, and the use cost of the directory service is improved.

Example 2

The embodiment of the present invention belongs to the same inventive concept as embodiment 1, and provides a data update system of a directory server, where the data update system may include:

the adaptation module is used for receiving an item update request sent by the client, wherein the item update request comprises an identifier for specifying a directory server, a specified operation record and a character string, the character string is obtained by serializing item data, and the item data is returned by a source directory server;

the adaptation module is used for inversely sequencing the character strings into entry objects conforming to a directory data protocol;

the adaptation module is used for determining an update instruction based on the specified operation record and the item object;

the adaptation module is used for sending the update instruction to the appointed directory server.

Specifically, the adaptation module is further configured to:

sending a query instruction to a source directory server;

and sending a character string to the client, wherein the character string is obtained by serializing the received item data, and the item data is returned by the source directory server in response to the query instruction.

Specifically, the adaptation module is further configured to:

Receiving an item inquiry request sent by a client, wherein the item inquiry request comprises an identifier of a source directory server, an inquiry operation record and an item identification character string;

and determining a query instruction based on the query operation record and an item unique identifier, wherein the item unique identifier is obtained by deserializing the item identification character string.

Specifically, the specified operation record includes any one of a custom operation record, an add operation record, a change operation record, and a delete operation record.

Specifically, based on the specified operation record and the item object, an update instruction is determined, including any one of the following:

determining a plurality of resolved entry instructions based on the custom action record and the entry object;

determining an add entry instruction based on the add operation record and the entry object;

determining a change entry instruction based on the change operation record and the entry object;

and determining an item deleting instruction based on the deletion operation record and the item object.

Specifically, the adaptation module is further configured to:

determining that the number of the received entry update requests is greater than or equal to a specified value;

sending a backup instruction to the appointed directory server, wherein the backup instruction comprises a snapshot file creation instruction and/or an image file creation instruction;

And storing the backup file to a specified storage address, wherein the backup file is a file which is output as a specified data object after specified item data is serialized, and the specified item data is returned by the specified directory server in response to the backup instruction.

Specifically, the adaptation module is further configured to:

returning a status message to the client, the status message being obtained by serializing a status code returned by the specified directory server in response to the update instruction;

receiving an entry rollback request sent by a client, the entry update request including an identifier specifying a directory server, a rollback operation record, and an identification of the backup file;

determining a rollback instruction based on the rollback operation record and the identification of the backup file;

and sending the rollback instruction to the appointed directory server.

The embodiment of the invention also provides a data updating system of a directory server under the same conception as the data updating system, which can comprise:

a terminal module for sending an entry update request to an adapter, which is an adapter in the data update method of the directory server in embodiment 1;

The terminal module is used for receiving the status message returned by the adapter.

The embodiment of the invention also provides a data updating system of a directory server under the same conception as the data updating system, which can comprise:

a service module for receiving an update instruction transmitted by an adapter, the adapter being an adapter in the data update method of the directory server in embodiment 1;

the service module is used for sending a status code responding to the update instruction to the adapter.

In some application scenarios disclosed herein, the aforementioned modules may be implemented in digital electronic circuitry, integrated circuit systems, field Programmable Gate Arrays (FPGAs), application Specific Integrated Circuits (ASICs), application Specific Standard Products (ASSPs), systems on chip (socs), systems on controllers (MCUs), load programmable logic devices (CPLDs), computer hardware, firmware, software, and/or combinations thereof.

Example 3

The embodiment of the present invention belongs to the same inventive concept as embodiment 1, and provides a transaction engine system, which may include an adapter and a client, where the client may be communicatively connected to a directory server through the adapter, and the adapter may be an adapter in a data updating method of the directory server in embodiment 1. Clients in the transaction engine system may be used to provide various data querying, processing, etc. functions to the user, and the clients may interact with the adapter in accordance with the transmission protocol of the message. In the transaction engine system, a client may send one or more transaction requests of embodiment 1 to an adapter. The software code of the adapter may be integrated into the software code of the client, the client and the adapter being compiled into one executable application. Such as an integrated customer relationship data system, a human resources directory data system, a user single sign-on system, etc.

The embodiment of the present invention belongs to the same inventive concept as embodiment 1, and provides a directory service system, which may include an adapter and a directory server or may include an adapter and a directory server cluster (greater than or equal to 2 directory servers). The adapter may be in the same server as the directory server or a different server, which may be a virtual server or a physical server. In some cases, the server may provide a container for supporting adapter operation. The adapter can be configured with an accessed interface, can provide interface services for various transaction engine systems and various clients, and meanwhile, a directory server or a directory server cluster in the directory service system can independently interact with the clients according with LDAP data.

The embodiment of the invention also provides electronic equipment, which can comprise:

at least one processor;

a memory coupled to the at least one processor;

wherein the memory stores instructions executable by the at least one processor, the at least one processor implementing the aforementioned methods by executing the instructions stored by the memory.

The electronic device of the embodiment of the present invention may include a device having a controller/system on a chip and a communication module, such as a computer, a gateway device (router, switch, etc.), a server, an embedded device, a mobile device (handset), a power terminal device, a power control device, etc.

Embodiments of the present invention also provide a machine-readable storage medium storing machine instructions that, when executed on a machine, cause the machine to perform the aforementioned method.

The foregoing details of the optional implementation of the embodiment of the present invention have been described in detail with reference to the accompanying drawings, but the embodiment of the present invention is not limited to the specific details of the foregoing implementation, and various simple modifications may be made to the technical solution of the embodiment of the present invention within the scope of the technical concept of the embodiment of the present invention, and these simple modifications all fall within the protection scope of the embodiment of the present invention.

In addition, the specific features described in the above embodiments may be combined in any suitable manner without contradiction. In order to avoid unnecessary repetition, various possible combinations of embodiments of the present invention are not described in detail.

Those skilled in the art will appreciate that all or part of the steps in implementing the methods of the embodiments described above may be implemented by a program stored in a storage medium, including instructions for causing a single-chip microcomputer, chip or processor (processor) to perform all or part of the steps of the methods described in the embodiments of the present application. While the aforementioned storage medium may be non-transitory, the storage medium may include: a U-disk, a hard disk, a Read-Only Memory (ROM), a random access Memory (RAM, random Access Memory), a Flash Memory (Flash Memory), a magnetic disk, or an optical disk, or other various media capable of storing program codes.

In addition, any combination of various embodiments of the present invention may be performed, so long as the concept of the embodiments of the present invention is not violated, and the disclosure of the embodiments of the present invention should also be considered.

Claims (11)

1. A data updating method of a directory server, applied to an adapter, the data updating method comprising:

receiving an item update request sent by a client, wherein the item update request comprises an identifier for designating a directory server, a designated operation record and a character string, the character string is obtained by serializing item data, and the item data is returned by a source directory server;

Inversely sequencing the character strings into entry objects conforming to a directory data protocol;

determining an update instruction based on the specified operation record and the item object;

and sending the updating instruction to the appointed directory server.

2. The method of claim 1, further comprising, prior to said receiving the entry update request sent by the client:

sending a query instruction to a source directory server;

and sending a character string to the client, wherein the character string is obtained by serializing the received item data, and the item data is returned by the source directory server in response to the query instruction.

3. The method for updating data of a directory server according to claim 2, wherein before said sending the query to the source directory server, the method for updating data further comprises:

receiving an item inquiry request sent by a client, wherein the item inquiry request comprises an identifier of a source directory server, an inquiry operation record and an item identification character string;

and determining a query instruction based on the query operation record and an item unique identifier, wherein the item unique identifier is obtained by deserializing the item identification character string.

4. The method of claim 1, wherein the specified operation record includes any one of a custom operation record, an add operation record, a change operation record, and a delete operation record.

5. The method for updating data of a directory server according to claim 4, wherein said determining an update instruction based on said specified operation record and said entry object comprises any one of:

determining a plurality of resolved entry instructions based on the custom action record and the entry object;

determining an add entry instruction based on the add operation record and the entry object;

determining a change entry instruction based on the change operation record and the entry object;

and determining an item deleting instruction based on the deletion operation record and the item object.

6. The method for updating data of a directory server according to claim 1, wherein before said sending said update instruction to said designated directory server, the method for updating data further comprises:

determining that the number of the received entry update requests is greater than or equal to a specified value;

sending a backup instruction to the appointed directory server, wherein the backup instruction comprises a snapshot file creation instruction and/or an image file creation instruction;

And storing the backup file to a specified storage address, wherein the backup file is a file which is output as a specified data object after specified item data is serialized, and the specified item data is returned by the specified directory server in response to the backup instruction.

7. The method of claim 6, further comprising, after said sending said update instruction to said designated directory server, at least one of:

returning a status message to the client, the status message being obtained by serializing a status code returned by the specified directory server in response to the update instruction;

receiving an entry rollback request sent by a client, the entry update request including an identifier specifying a directory server, a rollback operation record, and an identification of the backup file;

determining a rollback instruction based on the rollback operation record and the identification of the backup file;

and sending the rollback instruction to the appointed directory server.

8. A data updating method of a directory server, applied to a client, the data updating method comprising:

Sending an entry update request to an adapter, the adapter being an adapter in the data update method of a directory server according to any one of claims 1 to 7;

and receiving a status message returned by the adapter.

9. A data updating method for a directory server, the data updating method being applied to the directory server, the data updating method comprising:

receiving an update instruction transmitted by an adapter, wherein the adapter is an adapter in the data update method of the directory server according to any one of claims 1 to 8;

and sending a status code responsive to the update instruction to the adapter.

10. An electronic device, comprising:

at least one processor;

a memory coupled to the at least one processor;

wherein the memory stores instructions executable by the at least one processor, the at least one processor implementing the method of any one of claims 1 to 9 by executing the instructions stored by the memory.

11. A transaction engine system comprising an adapter and a client, said client being communicatively connected to a directory server via said adapter, said adapter being an adapter in a method of updating data of a directory server according to any one of claims 1 to 9.

Images