The present invention relates to the management of computer directory service databases, and relates more particularly to tools and techniques which allow directory service users to readily take over directory tree management tasks that were traditionally handled by specially trained directory service database administrators instead of users.
A directory service database contains data representing users, network resources, access rights, contact information, and/or similar data to facilitate locating people and using resources. Novell""s NDS directory service supports one or more trees of objects; objects in a-tree may represent network users and/or network resources, for instance (NOVELL and NDS are marks of Novell, Inc.). In traditional corporate environments, specially trained administrative personnel organize and maintain NDS trees by adding or removing users, setting access controls, placing objects at appropriate positions within a tree, partitioning the tree, and associating the tree""s partitions (which are also known as xe2x80x9creplicasxe2x80x9d) with particular servers. For instance, if a corporation has two or more geographically separate offices, the administrator may improve NDS efficiency by placing together in a partition the user objects for the users who work at a given office, and then making the primary server for that partition be a server which is geographically close to that office.
However, traditional approaches to using NDS or another partitioned hierarchical directory service database have drawbacks if the users are going to be entered into the directory service over the Internet and/or access the directory service through the Internet. Such access is a relatively new but increasingly likely occurrence.
To some extent, users of an Internet-hosted directory service will need to take over tasks that were traditionally handled by specially trained administrators, such as NDS administrators. For most of these users, it is unrealistic to assume that their employer will provide a directory service administrator. Some administrative assistance may be available, but it would probably be provided by Internet Service Providers instead of being provided by personnel who have been trained specifically in directory service internals and administration.
In particular, users utilize the Internet to access the new Novell DigitalMe service (described, for instance, at http://www.digitalme.com/), or a similar service, and thus to access the underlying database. Such directory service users may seek access from many locations instead of a few, so partitioning according to a few geographic locations no longer makes as much sense as it did (and does) in managing a directory service whose users are mainly employees of a single entity. It is initially unclear how users should be placed in directory tree(s) and how a given directory tree should be partitioned, at least if one looks to user location for guidance as one did traditionally.
Thus, it would be an advancement in the art to provide better tools and techniques for helping users of a directory service database perform administrative tasks to manage that database.
Such improved tools and techniques are disclosed and claimed herein.
The present invention provides tools and techniques for administering a directory tree of a directory service hierarchical database, and in particular, for placing user objects in containers and placing containers on servers, without direct instructions or guidance from a user. For instance, methods of the invention use a hash function to hash a user ID to obtain a proposed directory tree location, and then place a user object for the user (that is, a user object having the hashed user ID) at the proposed location in the directory tree. In some cases, the placing step places the user object in a balanced directory tree, while in other cases the tree is not balanced. The hash function results may be stored within an email address of the user for later reference, or they may be recomputed as needed. Some methods of the invention also automatically divide containers of the tree between servers, and some automatically move subtrees of user objects into a new partition when a server or server pair is added to a system that stores the directory tree. Similar systems and configured storage media are also provided by the invention, to perform user object placement tasks that would otherwise traditionally call for a specially trained database administrator. Other aspects and advantages of the present invention will become more fully apparent through the following description.