Disclosure for the use of LDAP protocol for system administration and management purposes (17-Sep-2008)

Disclosure for the use of LDAP protocol for system administration and management purposes

A program is disclosed that extends the LDAP (Lightweight Directory Access Protocol) protocol to provide system administration. The problem first solved is management of the IBM Directory Server product itself, but the program described below can be extended to manage any program, process, or user.

Problem Definition

An implementation of a directory server is prone to be large and complex by nature. When installed on a system (either Windows** or UNIX***), the directory administrator will need to have "root" access to the machine (i.e., who must be a machine administrator and have local access to the system itself) in order to start, stop, and maintain the directory server itself (this is without regards to managing the data).

The above paragraph briefly describes a typical deployment of an LDAP directory. There are two distinct problems presented here. First, the directory administrator (who should be administering data, similar in functionality to a database administrator, or DBA) must have administrative access to a machine. This is not an ideal situation, since most customers would like to separate the roles of a system administrator and a directory data administrator. Currently, this is not very practical.

Secondly, there is no way to start, stop or configure the directory server remotely. The system administrator must have local access to the system in order to perform these tasks. This is a significant drawback. Not only does it provide this limitation to directory administrators, it also prohibits decoupling of software management consoles. IBM products (and competing products) will typically provide a web-based interface to manage servers, or in this case, the directory. Current implementations require a web console to be run locally with each deployment of...