        |  |
 |
 |
 |
 |
 |
 |
 |
 |
 |
|
LDAP Connect User's Guide
APPENDIX A
A directory entry that names another directory entry.
A connection to a directory server established without a password (and usually also without a user ID). The rights granted under an anonymous bind are usually restrictive.
Any request made without expectation of an immediate response. Usually, a client that makes an asynchronous request will begin other processing immediately, without waiting for a response from the server. This is in contrast to a synchronous request, in which the client issues a request and then blocks until a response has been received from the host.
The process of verifying the identity of a participant in a conversation. ("Is this person who he says he is?")
The partially qualified name (or container context) specifying the "starting point" for a search or for access to a directory.
To obtain access to a directory based on a set of credentials. (When access is granted based on empty credentials, it is said to be an anonymous bind.)
Certification Authority. An entity that issues digital certificates and/or can vouch for the authenticity of a certificate.
In a generic sense, an entry in a directory is analogous to a record or row in a database. The node holding the name Robert can also hold information about the person, such as his manager's name, e-mail, instant messaging name, and so forth. The whole node is an entry.
An attribute is associated with a value. For example, a cn (common name) attribute might be associated with a value of Robert. Objects in a tree are collections of attributes and their associated values.
A name-resolution facility whereby the server, acting as a proxy for the client, locates non-local DIT entries by following referrals. This type of referral-following is not under the control of the client.
A directory object that can contain other objects.
Directory Access Protocol (X.519)
The entire information tree of the directory itself is called the DIT (Directory Information Tree).
A distinguished name is a fully qualified name that uniquely identifies an entity in a directory. For example, a user of a website might be entered into a directory with a unique DN of cn=Theo87,ou=Visitors,o=Blogsville. There can be only one entry with that particular DN. (Notice that the order and reading direction of the DN are critical. The DN is parsed left-to-right with the "leaf" or terminus portion—in this case, cn=Theo87—coming first.)
Directory Server Agent—the X.500 term for a directory server or (L)DAP host.
DSA-specific-entry—a root-level entry in a directory, describing server capabilities.
Directory Services Markup Language—an XML grammar for encoding directory information and requests.
Java LDAP library—an open-source LDAP SDK developed by Novell.
A collection of attributes and values—an instance of an object class. (See Object Class, below.)
The formal definition of an object (as contained in the directory schema), including the number and types of required and optional attributes, the OID, the object type (abstract, structural, or auxiliary), and the object class name.
A string, in dotted-decimal form, that identifies an object type.
A name-resolution hint. A server can send a referral to a client to help the client locate information that is not local to the current host. It is up to the client whether to follow the referral or not.
RDN (Relative Distinguished Name) is a portion of an entity's fully qualified DN, containing (or equal to) the terminal or "leaf-node" identifier for the entity, such as cn=Rich.
Request for Comment. A mechanism by which the Internet Engineering Task Force (IETF) publishes web-protocol specifications.
The schema of an LDAP directory gives the layout of the information it contains and specifies how the information is grouped. It therefore allows clients or external interfaces to discover structural features of the directory and how the tree can be accessed in terms of search, addition, deletion, modification, and so on. Refer to RFC 2256 for information on the LDAP object classes and attributes.
The bounds within which an operation is valid. For an LDAP search request, scope can be one of base, first child level, or subtree. If a search is scoped to base level, only entries within the base-DN container will be searched. If the search is scoped to first child level, the container and its immediate children will be searched. "Subtree" scope means the container, its child objects, and all children-of-children, etc. (down to terminal entries) will be searched.
An object or entry that is contained by a "container object."
Transport Layer Security—a non-proprietary industry standard for implementing encrypted, authenticated communications over network connections. It can accommodate, but is not limited to, conventional SSL (Secure Socket Layer) methodologies.
A document, published by the International Telecommunications Union, that describes the fundamental concepts underlying the notion of a directory. Often, X.500 is used as a synonym for "the non-lightweight directory protocos" (otherwise known as DAP), but in fact the DAP protocol is specified in X.519, and the complete ITU directory "specification" is distributed across a dozen or so X.500-series publications.
Copyright © 2003 Novell, Inc. All rights reserved. Copyright © 1997, 1998, 1999, 2000, 2001, 2002, 2003 SilverStream Software, LLC. All rights reserved. more ...