This invention relates generally to directory services in a distributed computing environment and, more particularly, to scalable event notification in lightweight directory access protocol (LDAP) systems.
A directory service is the central point where network services, security services and applications can inform other entities in the network about their services, thus forming an integrated distributed computing environment. The Lightweight Directory Access Protocol (LDAP) has emerged as an Internet Engineering Task Force (IETF) open standard to provide directory services to applications including e-mail systems and distributed system management tools. LDAP is a sibling protocol to the hypertext transfer protocol (HTTP) and the file transfer protocol (FTP) and uses the Idap:// prefix in its uniform resource locator (URL). LDAP is an evolving protocol that is based on a client-server model in which a client makes a transmission control protocol/Internet protocol (TCP/IP) connection to an LDAP server, sends requests and receives responses.
The LDAP information model, in particular, is based on an entry that contains information about some object. Entries are often created in a directory to hold information about some object or concept in the real world, such as, for example, a person, an organization or a printer. Entries are composed of attributes that contain information to be recorded about an object. Entries are usually arranged in a tree structure that follows a geographical and organizational distribution. Entries are named according to their position in this hierarchy by a distinguished name (DN).
LDAP provides the capability for directory information to be queried and modified. It offers searching capabilities that permit users to put together complex queries to get desired information. Many LDAP clients want to know when particular data in the database of an LDAP server has been modified. One way to do this is commonly referred to as a persistent search, by which an LDAP client can submit specific search criteria in the form of a search filter. A persistent search is an ongoing search that provides a mechanism by which an LDAP client can receive notification of modifications that occur in an LDAP database. A persistent search does not end after an initial set of entries matching the search criteria of the persistent search of the client have been returned. Rather, the LDAP server continues the persistent search via an active channel through which entries that are modified, as well as additional information about the modifications that occur, can be communicated. A persistent search continues until the client abandons the persistent search. After an initial persistent search is performed, the LDAP server keeps track of the search criteria and sends back information when any entry that matches the search criteria is modified.
Each client that performs a persistent search must maintain an open TCP/IP connection to the LDAP server. This connection can negatively impact on the performance of the LDAP server. For this reason, LDAP client implementors have been encouraged to avoid use of persistent searches for non-essential tasks and to close idle TCP/IP connections as soon as possible. Moreover, LDAP server implementors have been encouraged to support a large number of client connections if large numbers of persistent-search clients are anticipated. However, it is sometimes impractical or undesirable to follow these suggestions.
As the number of persistent-search clients increases, performance of the LDAP server can suffer to a greater extent and the time required for clients to receive responses to their persistent-search requests can increase significantly. Of course, the number of modifications that are made to the directory of the LDAP server also impacts performance of the LDAP server. One of the reasons LDAP persistent search does not scale well as the number of active persistent-search clients increases is because search criteria submitted by each persistent-search client must be compared by the LDAP server every time an entry is updated.
Thus, there is a need to provide a more efficient, less resource-intensive, and faster system and method to perform directory searches of LDAP servers.
The present invention is directed to a method and system that satisfy the need for more efficient, less resource-intensive, and faster directory searches of LDAP servers. In accordance with the method, a portion of a directory of a server is searched using a proxy. The proxy is notified of modifications made to entries in the portion of the directory. A determination is then made by the proxy as to whether a modified entry matches certain registration criteria specified by at least one client. If so, the proxy notifies the at least one client of the modified entry. The proxy can combine registration criteria received from a plurality of clients into a single search of the portion of the directory. The clients can perform registrations restricted to the portion of the directory.
A directory-search system having features of the present invention comprises a server including a directory that has a plurality of entries. Each entry is represented by a unique identifier. The directory-search system responds to a submitted search of a portion of the directory by issuing notice of modified entries in that portion of the directory found by the search. A proxy of the directory-search system is interoperably connected to the server. The proxy submits a search of the portion of the directory and, responsive to a match between a modified entry and a registration by at least one client, notifies the at least one client of the modified entry. The search submitted by the proxy can comprise a combination of registrations by a plurality of clients into a single search of the portion of the directory. Registrations of the clients can be restricted to the portion of the directory.