JPH11298514A - Electronic mail server device - Google Patents

Abstract

PROBLEM TO BE SOLVED: To attain multiple management of user attribute information by each group manager and system manager while securing security of each user group in the case of using the server in an electronic mail system. SOLUTION: When an update request of user attribute information is made to a data storage means that stores collectively user attribute information of users belonging to each group, whether or not its request source is a group manager is discriminated (S103-S105). When the request source is the manager, the user attribute information of the group managed by the manager are extracted from the data storage means and updated (S107-S110) and the user attribute information after updated is stored in the data storage means in place of the user attribute information before updating (S112, S114). The electronic mail server system has such a configuration.

Description

DETAILED DESCRIPTION OF THE INVENTION

[0001]

BACKGROUND OF THE INVENTION The present invention relates to an electronic mail system (hereinafter, abbreviated as EMS).
The present invention relates to an e-mail server device used in (1).

[0002]

2. Description of the Related Art An e-mail server device is used in an EMS for sending and receiving e-mails. The e-mail server device is connected to a plurality of terminal devices (clients) for inputting and outputting e-mails. Is transmitted, and is transmitted to another designated terminal device.

[0003] In order to deliver such an e-mail, the e-mail server device has a mailbox for temporarily storing the e-mail transmitted from the terminal device, and an e-mail user required for the distribution. Has a directory for storing and managing information (hereinafter, referred to as user attribute information) regarding the attribute of the user. The user attribute information stored in this directory includes information on the first and last names of the e-mail users, information on the groups to which the users belong, and the like.

[0004] By the way, the user attribute information needs to be updated when the attribute of the e-mail user is changed (change of first and last name, change of belonging group, etc.).
Therefore, the electronic mail server device manages the user attribute information in the directory according to one of the following two patterns (centralized management system and distributed management system).

The centralized management system is a system for centrally managing all user attribute information in one e-mail server device in the EMS, and a system administrator of the EMS having the authority to operate the e-mail server device is required to perform hardware management. This is a method for collectively managing everything from maintenance of the EMS including software to user attribute information.
Therefore, if the user attribute information changes,
The EMS system administrator updates the user attribute information in the directory in accordance with an update request from an e-mail user.

On the other hand, the distributed management system is a system in which, when a plurality of e-mail server devices exist in the EMS, management authority is given to each e-mail server device. That is,
In this method, for example, a plurality of e-mail server devices are distributed and arranged for each group to which an e-mail user belongs, and an administrator of each group manages each e-mail server device individually. Therefore, when a change occurs in the user attribute information, the administrator of the group in which the change has occurred is sent to the e-mail server device managed by the group.
The user attribute information in the directory is updated.

[0007]

However, in the above-described conventional e-mail server device, the user attribute information is managed by either the centralized management method or the distributed management method. It may occur.

The centralized management method is suitable for managing the entire EMS. However, since the change of the user attribute information usually occurs irregularly for each group, the user attribute of the EMS system administrator may be reduced. The work of updating information becomes very complicated. In order to solve this complication, it is conceivable to give the administrator of each group access authority to the (single) e-mail server device of the management source. Since all user attribute information (including user attribute information of other groups) is disclosed, security of the user attribute information cannot be ensured.

On the other hand, in the case of the distributed management method, since the user attribute information can be managed for each group, it is possible to maintain the security of the user attribute information for each group and eliminate the complexity of updating the user attribute information. Can be
It becomes very difficult to match between the groups. That is, since the user attribute information is individually managed in the e-mail server device for each group, it is extremely difficult to manage the entire EMS, and there is a possibility that inconvenience may occur in the management and operation of the system.

Therefore, the present invention can easily cope with a change in the user attribute information that occurs irregularly in each group while ensuring the security of the user attribute information for each group. To provide an e-mail server device that enables multiple management by an administrator of each group and a system administrator so that an entire EMS including software can be collectively managed by an EMS system administrator. Aim.

[0011]

According to the present invention, there is provided an electronic mail server device devised to achieve the above-mentioned object, wherein the electronic mail server device is connected to a plurality of terminal devices for inputting / outputting electronic mail, and a terminal device is connected to an electronic mail server. When an e-mail is sent, the e-mail is received and distributed to another designated terminal device, and the user ID of the user and the user ID information as user attribute information regarding the user of the terminal device are A data storage unit that stores and stores a group ID of a group to which the group belongs and administrator information for specifying an administrator of each group; and user attribute information in the data storage unit from one of the terminal devices. When there is an update request, the administrator of the terminal device, which is the source of the request, determines whether or not the user belongs to the group to which the user belongs based on the administrator information. And when the administrator authentication unit determines that the user is an administrator, extracts user attribute information of all users belonging to a group managed by the administrator from the data storage unit and extracts the request source information. Information extracting means for transmitting to the terminal device, and when the user attribute information transmitted by the information extracting means is updated and returned by the requesting terminal device, the updated user attribute information is received, and An information updating means for storing and storing in the data storage means in place of the user attribute information extracted by the information extraction means.

[0012] According to the electronic mail server device having the above configuration, when an update request for the user attribute information in the data storage means is received, the administrator authentication means causes the user of the terminal device, which is the request source, to notify the user of the request. Authenticates whether or not the user belongs to a group. Then, only when the user is an administrator, the information extracting means extracts the user attribute information of the group managed by the administrator from the data storage means and causes the administrator to update the information. Thereafter, upon receiving the updated user attribute information, the information updating means stores the user attribute information in the data storage means instead of the user attribute information before the update. Therefore, with this electronic mail server device, even if the data storage unit stores and accumulates user attribute information over a plurality of groups, the user attribute information of each group is updated by the manager of each group. Becomes However, at this time, the administrator of each group can update only the user attribute information of the own group. In addition, since the data storage unit collectively stores and stores the user attribute information of each group, there is no possibility that the consistency between the groups is lost.

[0013]

DESCRIPTION OF THE PREFERRED EMBODIMENTS Hereinafter, an electronic mail server device according to the present invention will be described with reference to the drawings. FIG. 1 shows an EM using an electronic mail server device according to the present embodiment.
FIG. 2 is a flowchart showing a processing procedure for updating user attribute information in S. FIG. 2 is a schematic configuration diagram of an EMS using an electronic mail server device according to the present embodiment.

Here, first, the overall configuration of the EMS using the electronic mail server device of the present embodiment will be described. As shown in FIG. 2, the EMS includes a plurality of terminal devices (hereinafter, referred to as clients) 10a, 10b, 10c, 1
, An electronic mail server device (hereinafter, referred to as a mail server) 20, and a network 30 such as a LAN (local area network) connecting the electronic mail server devices to each other.

Clients 10a, 10b, 10c, 1
.. Are composed of a computer or the like having a function of inputting / outputting an electronic mail, and are used by a user who receives the provision of the electronic mail service. Each of the clients 10a, 10b, 10c, 10d,... Has a function of inputting or updating the user attribute information of the user, and receives a user management client unit 11a, which is a program for managing the user attribute information. The user attribute information input or updated according to the instruction is stored in the user management information section 12 comprising a memory such as a hard disk device.
a, 12b, 12c, 12d... are temporarily held.

The mail server 20 is provided for each client 10
a, 10b, 10c, 10d,... are computers that provide e-mail services. For this purpose, the mail server 20 has a client 10a, 10b, 1
., And a directory 22 for storing user attribute information of an e-mail user required for distribution of the e-mail.

The directory 22 is managed by a user management server 23 which is a program for managing user attribute information. The user management server unit 23
In managing the user attribute information in the directory 22, functions as an administrator authentication unit, an information extraction unit, an information update unit, and a return information authentication unit in the present invention are realized as described in detail later. I have.

Here, the user attribute information stored in the directory 22 will be described in detail. As shown in FIG. 3, the user attribute information includes a “user ID”, a “user name”, a “department ID”, a “department name”, a “manager category”, and a “other attribute”. It is configured.

The "user ID" is information for specifying the ID of the mail address assigned to the e-mail user. "User name" is information for specifying the name of the e-mail user. The “department ID” is an ID assigned to each group to be managed, and is information for specifying the group to which the e-mail user belongs. “Department name” is information for specifying the name of each group. “Manager classification” is manager information for specifying a manager for each group. However, this "manager classification" is represented by a flag, such as "1" for an administrator and "0" for no administrator. “Other attributes” are information for specifying attributes managed for each group.

In the directory 22, the user attribute information configured in this manner is stored in a database for each e-mail user registered in advance.

Next, the processing procedure when the mail server 20 updates the user attribute information in the directory 22 in the EMS configured as described above will be described with reference to the flowchart of FIG. However, here, the administrator A of a certain department XX uses the client 10a to
A case where the user management information of the user belonging to the section XX is updated will be described as an example. The mail server 20
It is assumed that the user management information of the user belonging to the department XX is stored and stored in the directory 22 in advance.

In updating the user management information,
First, the administrator A inputs a “user ID” and a “password” using the client 10 a to which the administrator A has authority to use (step 101, hereinafter step is abbreviated as S), and logs in to the system (S 102). . This guarantees that the administrator A is a legitimate user of the client 10a. Then, after login, the administrator A inputs a command for requesting the mail server 20 to update the user management information.

When the administrator A logs in and inputs a command, here, the client 10a
The user management client unit 11a performs a department manager authentication process (S103). That is, the user management client unit 11a transmits the input command to the mail server 20.
To request the update of user management information,
The “user ID” input at the time of login is transmitted to the mail server 20 (S104).

Upon receiving the command and the "user ID" from the client 10a, the mail server 20
The user management server unit 23 performs a directory search process (S105). That is, the user management server unit 23
The user management information stored in the directory 22 is searched to determine whether the “administrator category” of the received “user ID” is “1” (whether the user is an administrator). to decide. If the "manager classification" is "1", the authentication as the department manager is completed at that time, and the client 10a, which is the request source, is notified of the completion (S
106). In addition, when the “manager classification” is “0”,
The user is not authenticated as an administrator, and the updating process of the user management information is stopped at that time.

Upon receipt of the authentication notification from the mail server 20, the client 10a performs a department user update process by first using the "department ID" of the department XX to which the administrator A belongs as a key to identify the user belonging to the department XX. Request the list search to the mail server 20. That is, in the client 10a, the user management client unit 11a
X “Department ID” is transmitted to the mail server 20 (S1).
07). The “department ID” may be input by the administrator A at that time, or may be input in the client 10a in advance.

When the "department ID" transmitted from the client 10a is received, in the mail server 20, the user management server unit 23 performs a department related user extraction process (S1).
08). That is, the user management server unit 23 uses the received “department ID” as a key to store user attribute information on all users belonging to the department XX in the directory 22.
From the user attribute information stored and stored in the. The extraction result is returned to the requesting client 10a as "user information within department" (S1).
09). At this point, the information managed by the administrator A can be limited to only the user attribute information on the users belonging to the section XX.

At this time, the user management server unit 23
The “in-department user information” is converted into an e-mail, more specifically, the “in-department user information” is stored in the message body part (body part) of the e-mail and returned to the client 10a. By using the e-mail as described above, the client 10a can freely update the information by offline processing according to the convenience of the administrator A.

Thereafter, when the "user information within department" returned from the mail server 20 is received, the client 10
In a, the administrator A updates, for example, adds, deletes, or changes the user management information to the received "user information in department" as necessary (S110). Then, the user management client unit 11a updates the “user information within department” after the update.
The update data transmission process is performed for the “user update information within department”. In other words, "user update information in department"
Is converted into an e-mail (S111), and the "user update information within department" is transmitted to the mail server 20 (S11).
2).

Upon receiving the "user update information in department", in the mail server 20, the user management server unit 23 performs mail reception and mail address authentication processing (S11).
3). That is, the user management server unit 23 recognizes the data content of the received “user update information in department” and the mail address of the sender, and recognizes the recognition result in the “user ID” stored in the directory 22. Check with "Administrator category". Accordingly, the user management server unit 23 can determine whether or not the “user update information in department” is data transmitted by the correct administrator A.

If the source of the "in-department user update information" is authenticated by the correct administrator A, the user management server unit 23 performs a mail user attribute registration process (S1).
14). That is, the user management server unit 23 stores the received “in-department user update information” in the directory 22 instead of the corresponding user attribute information (“in-department user update information” before update) in the directory 22. .
If the source of the “user update information in department” is not from the correct administrator A, the user management server unit 23
The received “in-department user update information” is discarded, and the user attribute information in the directory 22 is not changed.

As described above, the EMS of the present embodiment is configured using the mail server 20 having functions as administrator authentication means, information extraction means and information update means. That is, the mail server 20 authenticates that the user is an administrator by using the user ID at the time of logging in to the EMS, and has “department ID” in the user attribute information in the directory 22 so that Only the user attribute information for each group can be updated.

Therefore, if the EMS is configured by using the mail server 20, even if the directory 22 stores and accumulates the user attribute information over a plurality of groups, the user attribute information of each group is stored by the respective section manager. Will be updated. At this time, since each section manager can update only the user attribute information belonging to the own group, security for each group is ensured. Further, since the directory 22 collectively stores and accumulates the user attribute information of each group, there is no possibility that consistency between the groups cannot be maintained.

That is, for example, from the point of view of the administrator A who operates the client 10a, if the mail server 20 authenticates the administrator of the department XX after logging in, the user attribute information on the department XX is transmitted from the directory 22. If the user attribute information can be obtained and the user attribute information is updated and transmitted to the mail server 20, the directory 2
The user attribute information for the department XX in the second section XX can be updated. Further, from the viewpoint of the system administrator having the operation authority of the mail server 20, one mail server 2
0 indicates that all clients 10a, 10b, 10c, 10
.., the system administrator can collectively manage the entire EMS including hardware and software.

Therefore, if this mail server 20 is used, it is possible to have a plurality of department managers in the EMS at the same time, and the department manager can change the user attribute information that occurs irregularly for each group. This makes it possible to implement multidimensional management in which the system administrator performs maintenance of the entire system. In other words, it is possible to assign roles of a plurality of department managers and a system administrator who manages the entire system, the department manager is responsible for user management of a group to which the department belongs, and the system administrator is responsible for management of the entire EMS. . As a result, it is possible to easily cope with a change in user attribute information that occurs irregularly in each group while ensuring the security of the user attribute information for each group. There is an advantage that the entire system can be managed collectively by the EMS system administrator.

Also, the mail server 20 of the present embodiment has a function as return information authentication means,
When the "user update information in department" is received, authentication for the source is performed, and only when the authentication is performed, the user attribute information in the directory 22 is updated.
Therefore, for example, when "user update information in department" is transmitted from a person other than the department manager, the user attribute information in the directory 22 is not updated, so that data tampering and update by a fake user are prevented. , The security of the user attribute information in the directory 22 can be further improved.

Further, the mail server 20 of the present embodiment
Then, the "in-department user information" or "in-department user update information" is transmitted to the clients 10a, 10b, 10c, and 10d.
When sending and receiving to and from…, it is designed to be done using e-mail. Therefore, the client 10a,
On the 10b, 10c, 10d ... side, it is possible to update the "user information in section" by offline processing at the convenience of the section manager, which is very convenient for the section manager. In order to perform offline processing, the clients 10a, 10b, 10c, and 10d
... completely receives the "in-department user information", so that the network 30 is not restricted for a long time to update the "in-department user information". Furthermore,
Because EMS is primarily for sending and receiving e-mails,
"User information in department" or "User update information in department"
No new configuration is required for sending and receiving the e-mail.

In the present embodiment, an example has been described in which “user information within department” or “user update information within department” is transmitted and received by e-mail, but the present invention is not limited to this. However, the present invention can be applied even when, for example, a method in normal network communication is used.

In this embodiment, each of the clients 10a, 10b, 10c, 10d...
Have been described by way of example in the case where they are connected via a network 30 such as a LAN, but the present invention is not limited to this. For example, a large-scale group using a network called the Internet or an intranet. Even a wear system is applicable as long as electronic mail can be sent and received.

[0039]

As described above, the e-mail server device of the present invention updates only the user attribute information for each group by having the "department ID" in the user attribute information in the data storage means. This enables the security of each group without impairing it. Therefore, if this e-mail server device is used, it is possible to have a plurality of department managers in the EMS at the same time, and to change the user attribute information that occurs irregularly for each group, the department manager performs the change. Multi-dimensional management in which the system administrator performs maintenance of the entire system can be realized. As a result, it is possible to easily cope with a change in the user attribute information that occurs irregularly in each group while ensuring the security of the user attribute information for each group.
There is an effect that the EMS system administrator can manage the entire MS in a lump.

[Brief description of the drawings]

FIG. 1 is a flowchart showing a processing procedure when updating user attribute information in an EMS using an example of an electronic mail server device according to the present invention.

FIG. 2 is a schematic configuration diagram of an EMS using an example of an electronic mail server device according to the present invention.

FIG. 3 is an explanatory diagram showing a specific example of a data configuration of user attribute information.

[Explanation of symbols]

10a, 10b, 10c, 10d Terminal device (client) 20 E-mail server device (mail server) 22 Directory 23 User management server section

Claims (3)

[Claims] An electronic mail server device connected to a plurality of terminal devices for inputting / outputting electronic mail, receiving an electronic mail from one terminal device, and receiving the electronic mail and delivering it to another designated terminal device. In the user attribute information on the user of the terminal device,
A data storage unit that stores and stores a user ID of the user, a group ID of a group to which the user belongs, and manager information for specifying a manager for each group; Therefore, when there is a request for updating the user attribute information in the data storage means, it is determined whether or not the user of the requesting terminal device is a manager of the group to which the user belongs by the manager information. An administrator authentication unit that determines based on the above, and when the administrator authentication unit determines that the user is an administrator, the user attribute information of all users belonging to a group managed by the administrator is stored in the data storage unit. An information extracting unit that extracts from the information and transmits the information to the requesting terminal device, and the user attribute information transmitted by the information extracting unit is updated and returned by the requesting terminal device. Receiving user attribute information after the new e-mail server, characterized in that it comprises an information updating unit which in place of the user attribute information extracted by the said information extracting means is stored accumulated in said data storage means. 2. When the user attribute information is returned from the requesting terminal device, whether the user of the terminal device that is the source of the user attribute information is a manager of the group related to the user attribute information. The return information authenticating means for determining whether or not the return information authenticating means is an administrator, based on the return information authenticating means, based on the administrator information; 2. The electronic mail server device according to claim 1, wherein the data is stored in said data storage means. 3. The apparatus according to claim 1, wherein the information extracting unit and the information updating unit exchange user attribute information with the terminal device by using an electronic mail. E-mail server device.