1. Field of the Invention
The present invention relates to a distributed directory management system which enables retrieval and management of various service objects while coping with changes of a network structure in a complicated network environment such as a large scale intranet or the Internet.
2. Description of the Related Art
For retrieving various information in a complicated network environment such as a large scale intranet or the Internet, a system is necessary for managing and accessing the information. This system is called a directory management system, and there are directory services for offering such a system to users. As examples of the directory services, there are known the “hosts” file and the DNS (domain name system) for recording and managing the correspondence between host names and IP addresses in the TCP/IP network. These are a kind of database files with a name managing function.
There is available another directory service called X.500 regulated by the CCITT. This regulates protocols and structures of distributed arrangement/hierarchy management/reproduction management of directories and manages various network resources according to an object oriented concept. Here, the network resources refer to information about directories. The X.500 directory service has been widely adopted in distributed operating systems, distributed processing middleware and so on.
In the X.500, when a user is connected to the directory service to retrieve/change a service object in a directory, a protocol called a DAP (directory access protocol) is used. The service object is information to be retrieved by the user. There has further appeared the LDAP (Lightweight Directory Access Protocol) which solves a problem of the DAP and is used as an access protocol in many directory services.
For example, the LDAP is used in the active directory function introduced in WindowsNT5.0 and, the Netscape Directory Server.
The foregoing conventional techniques, however, have the following problem.
While running the network, the network resources used in the directory service, i.e. the information about the network directory, are changed through addition, deletion and update according to various environmental changes. However, the management of the directory service corresponding to those changes is carried out manually, which is quite bothersome.
On the other hand, the directory service for realizing cooperation of networks each having a unique service space is called a hierarchy managing function between directories. In this directory service, when a user in a certain service space retrieves a target service object, it is necessary that the user knows a hierarchy structure between directories and carries out a retrieval process corresponding thereto. Accordingly, without recognizing the hierarchy structure between the directories, the proper retrieval can not be achieved.
Further, when utilizing the network in such a large scale wide-area distributed environment, a mechanism is necessary for giving a right of using the system to only those users having particular qualification, per service space. The conventional directory service protocols are not provided with a function satisfying such a requirement.