Information describing the various users, applications, files, printers and other resources accessible in a multi-user environment is often collected into a special database which may be referred to as a directory. The Lightweight Directory Access Protocol (LDAP) is an open architecture set of protocols for accessing and updating information in a directory. (LDAP version 2 is defined in Request for Comments (RFC) 1777, and LDAP version 3 is specified in RFC 2251, December 1997 (copyright, The Internet Society, 1997)). RFC 1777 and RFC 2251 are hereby incorporated herein by reference.
In the LDAP, the basic unit of information stored in the directory is referred to as an entry. Entries represent objects of interest, for example, in a multi-user dataprocessing system environment, people, servers, organizations, etc. Entries are composed of a collection of attributes that contain information about the object. Every attribute has a type and one or more values. Attribute types are associated with a syntax. The syntax specifies what kind of value can be stored. Directory entries are arranged in a tree structure or hierarchy. (Entries may also be referred to as nodes, and the terms may be used interchangeably herein.) The organization of the tree structure and the type of objects that can be stored in the directory as well as their attributes are defined in the schema for the objects. The set of schema defining a particular directory provides a road map to the organization of the directory. (Note, that the schema do not refer to the instances of entries in a particular directory.) Additionally, the data store that contains the information constituting the directory may be implemented using a multiplicity of mechanisms. The LDAP itself does not specify a particular storage mechanism. For example, the directory storage mechanism may be implemented using flat files, a binary tree (b-tree) or a relational database.
Directory entry information is retrieved by formulating an LDAP search. A search within the directory hierarchy is specified in LDAP by a “distinguished name” (DN). A DN (discussed further hereinbelow) is a unique name that unambiguously identifies a single entry within the directory hierarchy. The value of an attribute associated with a particular entry may itself be a DN. If information in the entries referred to by these DNs is to be retrieved, the distinguish name constituting the value of the attribute in the first search must be retrieved, and a new search initiated. For each such DN contained in an entry, a separate search must be performed. Consequently, there is a need in the art for mechanisms for retrieving directory information associated with a referenced object in another directory entry that do not necessitate the initiation of multiple search requests.