In a computer network, a Lightweight Directory Access Protocol (LDAP) server can be used to control user access to network resources and/or services. This is typically accomplished by defining multiple groups corresponding to the network resources, and assigning users to each the groups based on the resources they need to access. For example, subsequent to defining a database administrator (DBA) group and a mail server group, a first user can be assigned to the DBA group, a second user can be assigned to the mail server group, and a third user can be assigned to both of the groups. By querying, via an LDAP client, the LDAP server, an application associated with a given resource (e.g., a database server) can determine if a given user can access the given resource.
The description above is presented as a general overview of related art in this field and should not be construed as an admission that any of the information it contains constitutes prior art against the present patent application.