1. Field of the Invention
The present invention relates generally to an improved data processing system, and in particular, to a computer implemented method for managing distributed data. Still more particularly, the present invention relates to a computer implemented method, system, and computer usable program code for transmitting information about distributed group membership of data entries.
2. Description of the Related Art
Data can be distributed across a number of data servers. A request for certain data can be directed at any combination of those data servers. Generally, a user or a system requesting the data need not know the number, identity, contents, or the methods of accessing the various data servers. A data processing system, commonly called a proxy server, acts as an intermediary between the requesting data processing system and the various servers. The user targets the request for data to the proxy server, the proxy server interacts with the appropriate server in the appropriate manner, and the user receives the requested data from the proxy server.
A directory can be distributed across a number of directory servers in a similar manner. A directory is a hierarchical arrangement of information pertaining to objects, such as users, groups, and systems in an organization. A directory server is a server in a data processing environment that provides a directory service. A directory service is a process by which a user in the data processing environment can retrieve details of an object from a directory server by providing a name of the object.
Directory servers may serve directories that are arranged according to some standard. Standards, such as Lightweight Directory Access Protocol (LDAP), specify ways of accessing the information stored in a directory, the operations allowed on the information in the directory, and how those operations are to be executed with respect to the directory. A directory may be implemented using a standard, a variation of the standard, or by using a proprietary hierarchy. For example, an embodiment of the invention may be implemented using an X.500 directory server, which implements a directory standard of that name. Various embodiments of the invention may also be implemented using a name server, or a user location service server (ULS server).
Information pertaining to an object, such as a user or a system, in a directory is called an entry. Typically, an entry includes a name and a set of attributes. A set of attributes is one or more attributes. An attribute of an entry is a data component of the entry. An attribute may itself have a value, or an attribute may be a data structure that may include a set of tags, each tag having a value. A tag is a data component of an attribute. A set of tags is one or more tags.
An entry in a directory may be a member of a group. For example, an entry in a directory may correspond to user “John Doe.” User John Doe may be a member of several user groups. Those user groups may be represented by group entries in other parts of the directory. A group entry is an entry that represents a group and contains information pertaining to that group. John Doe user's entry may be a member of one or more of those group entries.
A group may be a static group or a dynamic group. A static group is a group that specifically includes its members. A static group entry is a group entry that includes some or all of the information from its member entries. A dynamic group is a group that defines its members by certain common characteristics. A dynamic group entry is a group entry that defines one or more criterion for membership. The criterion for membership into a dynamic group entry is called a filter.