The present invention relates in general to data processing systems, and in particular, to data processing systems for directory management and directories having a backing store implemented as a relational database.
Information describing the various users, applications, files, printers and other resources accessible in a multi-user environment is often collected into a special database which may be referred to as a directory. The Lightweight Directory Access Protocol (LDAP) is an open architecture set of protocols for accessing and updating information in a directory. (LDAP version 2 is defined in Request for Comments (RFC) 1777, and LDAP version 3 is specified in RFC 2251, December 1997 (copyright, The Internet Society, 1997)). RFC 1777 and RFC 2251 are hereby incorporated herein by reference.
In the LDAP, the basic unit of information stored in the directory is referred to as an entry. Entries represent objects of interest, for example, in a multi-user dataprocessing system environment, people, servers, organizations, etc. Entries are composed of a collection of attributes that contain information about the object. Every attribute has a type and one or more values. Attribute types are associated with a syntax. The syntax specifies what kind of value can be stored. Directory entries are arranged in a tree structure or hierarchy. (Entries may also be referred to as nodes, and the terms may be used interchangeably herein.) The organization of the tree structure and the type of objects that can be stored in the directory as well as their attributes are defined in the schema for the objects. The set of schema defining a particular directory provides a road map to the organization of the directory. (Note, that the schema do not refer to the instances of entries in a particular directory.) Additionally, the data store that contains the information constituting the directory may be implemented using a multiplicity of mechanisms. The LDAP itself does not specify a particular storage mechanism. For example, the directory storage mechanism may be implemented using flat files, a binary tree (b-tree) or a relational database.
Directory entry information is retrieved by formulating an LDAP search. An application may perform a search by invoking an application program interface (API) call, as discussed in the commonly owned U.S. Pat. No. 6,085,188, entitled xe2x80x9cMethod of Hierarchical LDAP Searching With Relational Databases,xe2x80x9d to Bachmann, et al., which is hereby incorporated in its entirety herein by reference. A search within the directory hierarchy is specified in LDAP by a xe2x80x9cdistinguished namexe2x80x9d (DN). A DN (discussed further hereinbelow) is a unique name that unambiguously identifies a single entry within the directory hierarchy. The search request also may include a search scope which specifies the depth of the search in the directory hierarchy. However, the search scope which may be specified in a directory having a relational database as a backing store is limited. Consequently, there is a need in the art for mechanisms for providing an arbitrary search level in a directory having a backing store implemented as a relational database.
The aforementioned needs are addressed by the present invention. Accordingly, there is provided, in a first form, a search method. The method includes retrieving one or more second node identifiers, and an associated distance value in response to a first node identifier. For each node corresponding to one of the one or more second identifiers having a corresponding one of the associated distance values not greater that a preselected distance value, the node is matched against a first search parameter.
There is also provided, in a second form, a computer program product in a tangible storage medium. The program product includes a program of instructions for retrieving one or more second node identifiers, and an associated distance value in response to a first node identifier. Also included are instructions for matching the node against a second search parameter for each node corresponding to one of the one or more second identifiers and having a corresponding one of the associated distance value not greater that a preselected distance value.
Additionally, there is provided, in a third form, a data processing system. The system contains circuitry operable for retrieving one or more second node identifiers, and an associated distance value in response to a first node identifier. The system also has circuitry operable, for each node corresponding to one of the one or more second identifiers having a corresponding one of the associated distance value not greater that a preselected distance value, matching the node against a first search parameter.
The foregoing has outlined rather broadly the features and technical advantages of the present invention in order that the detailed description of the invention that follows may be better understood. Additional features and advantages of the invention will be described hereinafter which form the subject of the claims of the invention.