Previous     Contents     Index     Next     
iPlanet Messaging and Collaboration Schema Reference


access control. A method for controlling access to a server or to folders and files on a server.

access control information. (ACI) A single item of information from an access control list.

access control list. (ACL) A set of data associated with a directory that defines the permissions that users and/or groups have for accessing it.

access control rules. Rules specifying user permissions for a given set of directory entries or attributes.

access domain. Limits access to certain Messaging Server operations from within a specified domain. For example, an access domain can be used to limit where mail for an account can be collected.

account. Information that defines a specific user or user group. This information includes the user or group name, valid email address or addresses, and how and where email is delivered.

administration domain. A region of administraive control. See also domain.

administration privileges. A set of privileges that define a users administrative role.

administration server administrator. User who has administrative privileges to start or stop a server even when there is no Directory Server connection. The administration server administrator has restricted server tasks (typically only Restart Server and Stop Server) for all servers in a local server group. When an administration server is installed, this administrator's entry is automatically created locally (this administrator is not a user in the user directory).

administrator. A user with a defined set of administrative privileges. See also configuration administrator, Directory Manager, administration server administrator, server administrator, message store administrator, top-level administrator, domain administrator, organization administrator, family group administrator, mail list owner.

alias. An alternate name of an email address.

allowed attributes. The attributes that optionally can be present in entries using a particular object class, but are not required to be present. See also attributes, required attributes.

alternate address. A secondary address for an account, generally a variation on the primary address. In some cases it is convenient to have more than one address for a single account.

attributes. LDAP data is represented as attribute-value pairs. Any specific piece of information is associated with a descriptive attribute. See also allowed attributes, required attributes.

AUTH. An SMTP command enabling an SMTP client to specify an authentication method to the server, perform an authentication protocol exchange, and, if necessary, negotiate a security layer for subsequent protocol interactions.

authentication. (1) The process of proving the identity of a client user to iPlanet Messaging Server. (2) The process of proving the identity of iPlanet Messaging Server to a client or another server.

base DN. A distinguished name entry in the directory from which searches will occur. Also known as a search base. For example, ou=people,

bind DN. A distinguished name used to authenticate to the Directory Server when performing an operation.

CNAME record. A type of DNS record that maps a domain name alias to a domain name.

cn. LDAP alias for common name.

CLI. Command Line Interface.

command line interface. Command that can be executed from the command-line. Also called utility.

configuration administrator. Person who has administrative privileges to manage servers and configuration directory data in the entire iPlanet topology. The configuration administrator has unrestricted access to all resources in the iPlanet topology. This is the only administrator who can assign server access to other administrators. The configuration administrator initially manages administrative configuration until the administrators group and its members are in place.

Configuration Directory Server . A Directory Server that maintains configuration information for a server or set of servers.

data store. A store that contains directory information, typically for an entire directory information tree.

DC Tree. Domain Component tree. A directory information tree that mirrors the DNS network syntax. An example of a distinguished name in a DC Tree would be cn=billbob,dc=bridge,dc=net,o=internet.

Delegated Administrator for Messaging and Collaboration. A set of interfaces (GUI and utilities) that allow domain administrators to add and modify users and groups to a hosted domain.

directory context. The point in the directory tree information at which a search begins for entries used to authenticate a user and password for message store access. See also base DN.

directory entry. A set of directory attributes and their values identified by its distinguished name. Each entry contains an object class attribute that specifies the kind of object the entry describes and defines the set of attributes it contains.

directory information tree. The tree-like hierarchical structure in which directory entries are organized. Also called a DIT. DITs can be organized along the DNS (DC Trees) or Open Systems Interconnect networks (OSI trees).

directory lookup. The process of searching the directory for information on a given user or resource, based on that user or resource's name or other characteristic.

Directory Manager. User who has administrative privileges to the directory server database. Access control does not apply to this user (think of the directory manager as the directory's superuser).

directory schema. The set of rules that defines the data that can be stored in the directory.

Directory Server. The iPlanet directory service based on LDAP. See also directory service, Lightweight Directory Access Protocol, Configuration Directory Server, User/Groups Directory Server.

directory service. A logically centralized repository of information about people and resources within an organization. See also Lightweight Directory Access Protocol.

distinguished name. The comma-separated sequence of attributes and values that specify the unique location of an entry within the directory information tree. Often abbreviated as DN.

DIT. See directory information tree.

DN. See distinguished name.

dn. LDAP alias for distinguished name. See also distinguished name.

DNS. See Domain Name System.

DNS alias. A host name that the DNS server recognizes as pointing to a different host—specifically a DNS CNAME record. Machines always have one real name, but they can have one or more aliases. For example, www.siroe.domain might be an alias that points to a real machine called realthing.siroe.domain where the server currently exists.

DNS database. A database of domain names (host names) and their corresponding IP addresses.

DNS domain. A group of computers whose host names share a common suffix, the domain name. Syntactically, an Internet domain name consists of a sequence of names (labels) separated by periods (dots), for example, See also domain.

domain. Resources under control of a single computer system. See also administration domain, DNS domain, hosted domain, virtual domain.

domain administrator. User who has administrative privileges to create, modify, and delete mail users, mail lists, and family accounts in a hosted domain by using the Delegated Administrator for Messaging and Collaboration GUI or CLIs. By default, this user can act as a message store administrator for all messaging servers in the topology.

domain alias. A domain entry that points to another domain. By using aliases, hosted domains can have several domain names.

domain hosting. The ability to host one or more domains on a shared messaging server. For example, the domains and might both be hosted on the mail server. Users send mail to and receive mail from the hosted domain—the name of the mail server does not appear in the email address.

domain name. (1) A host name used in an email address. (2) A unique name that defines an administrative organization. Domains can contain other domains. Domain names are interpreted from right to left. For example, is both the domain name of the Siroe Company and a subdomain of the top-level com domain. The domain can be further divided into subdomains such as, and so on. See also host name, fully-qualified domain name.

Domain Name System (DNS). A distributed name resolution software that allows computers to locate other computers on a network or the Internet by domain name. The system associates standard IP addresses with host names (such as Machines normally get this information from a DNS server. DNS servers provide a distributed, replicated, data query service for translating hostnames into Internet addresses. See also A record, MX record, CNAME record.

domain organization. A sub-domain below a hosted domain in the Organization Tree. Domain organizations are useful for companies that wish to organize their user and group entries along departmental lines.

dynamic group. A mail group defined by an LDAP search URL. Users usually join the group by setting an LDAP attribute in their directory entry.

family group administrator. User who has administrative privileges to add and remove family members in a family group. This user can grant family group administrative access to other members of group.

fully-qualified domain name (FQDN). The unique name that identifies a specific Internet host. See also domain name.

group. A group of LDAP mail entries that are organized under a distinguished name. Usually used as a mail list, but may also be used to grant certain administrative privileges to members of the group. See also dynamic group, static group.

GUI. Graphical User Interface

host. The machine on which one or more servers reside.

hosted domain. An email domain that is outsourced by an ISP. That is, the ISP provides email domain hosting for an organization by operating and maintaining the email services for that organization. A hosted domain shares the same Messaging Server host with other hosted domains. In earlier LDAP-based email systems, a domain was supported by one or more email server hosts. With Messaging Server, many domains can be hosted on a single server. For each hosted domain, there is an LDAP entry that points to the user and group container for the domain. Hosted domains are also called virtual hosted domains or virtual domains. See also domain, virtual domain.

host name. The name of a particular machine within a domain. The host name is the IP host name, which might be either a "short-form" host name (for example, mail) or a fully qualified host name. The fully qualified host name consists of two parts: the host name and the domain name. For example, is the machine mail in the domain Host names must be unique within their domains. Your organization can have multiple machines named mail, as long as the machines reside in different subdomains; for example, and Host names always map to a specific IP address. See also domain name, fully-qualified domain name, IP address.

INBOX. The name reserved for a user's default mailbox for mail delivery. INBOX is the only folder name that is case-insensitive. For example: INBOX, Inbox, and inbox are all valid names for a users default mailbox.

Internet. The name given to the worldwide network of networks that uses TCP/IP protocols.

Internet Protocol (IP). The basic network-layer protocol on which the Internet and intranets are based.

internet protocol address. See IP address.

IP. See Internet Protocol.

IP address. A set of numbers, separated by dots, such as, that specifies the actual location of a machine on an intranet or the Internet. A 32-bit address assigned to hosts using TCP/IP.

knowledge information. Part of the directory service infrastructure information. The directory server uses knowledge information to pass requests for information to other servers.

LDAP. See Lightweight Directory Access Protocol.

LDAP Data Interchange Format (LDIF). The format used to represent Directory Server entries in text form.

LDAP filter. A method of specifying a set of entries, based on the presence of a particular attribute or attribute value.

LDAP referrals. An LDAP entry that consists of a symbolic link (referral) to another LDAP entry. An LDAP referral consists of an LDAP host and a distinguished name. LDAP referrals are often used to reference existing LDAP data so that this data does not have to be replicated. They are also used to maintain compatibility for programs that depend on a particular entry that may have been moved.

LDAP search string. A string with replaceable parameters that defines the attributes used for directory searches. For example, an LDAP search string of "uid=%s" means that searches are based on the user ID attribute.

LDAP Server. A software server that maintains an LDAP directory and services queries to the directory. The iPlanet Directory Services are implementations of an LDAP Server.

LDBM. LDAP Data Base Manager.

LDIF. See LDAP Data Interchange Format.

Lightweight Directory Access Protocol (LDAP). Directory service protocol designed to run over TCP/IP and across multiple platforms. A simplification of the X.500 Directory Access Protocol (DAP) that allows a single point of management for storage, retrieval, and distribution of information, including user profiles, mail lists, and configuration data across iPlanet servers. The iPlanet Directory Server uses the LDAP protocol.

local part. The part of an email address that identifies the recipient. See also domain part.

mailbox . A place where messages are stored and viewed. See also folder.

mail list. A list of email addresses to which a message can be sent by way of a mail list address. Sometimes called a group.

mail list owner. A user who has administrative privileges to add members to and delete members from the mail list.

managed object. A collection of configurable attributes, for example, a collection of attributes for the directory service.

master directory server. The directory server that contains the data that will be replicated.

member. A user or group who receives a copy of an email addressed to a mail list. See also mail list, expansion, moderator, and owner.

message quota. A limit defining how much disk space a particular folder can consume.

Messaging Server administrator. The administrator whose privileges include installation and administration of an iPlanet Messaging Server instance.

name resolution. The process of mapping an IP address to the corresponding name. See also DNS.

namespace. The tree structure of an LDAP directory. See also directory information tree.

naming attribute. The final attribute in a directory information tree distinguished name. See also relative distinguished name.

naming context. A specific suffix of a directory information tree that is identified by its DN. In iPlanet Directory Server, specific types of directory information are stored in naming contexts. For example, a naming context which stores all entries for marketing employees in the Siroe Corporation at the Boston office might be called ou=mktg, ou=Boston, o=siroe, c=US.

node. An entry in the DIT.

object class. A template specifying the kind of object the entry describes and the set of attributes it contains. For example, iPlanet Directory Server specifies an emailPerson object class which has attributes such as commonname, mail (email address), mailHost, and mailQuota.

object identifier (OID). An OID is a sequence of integers, typically written as a dot-separated string. An OID is assigned to each attribute and object class to conform with the LSAP and X.500 standards.

OID. See object identifier (OID).

organization administrator. User who has administrative privileges to create, modify, and delete mail users and mail lists in an organization or suborganization by using the Delegated Administrator for Messaging and Collaboration GUI or CLIs.

OSI tree. A directory information tree that mirrors the Open Systems Interconnect network syntax. An example of a distinguished name in an OSI tree would be cn=billt,o=bridge,c=us.

personal folder. A folder that can be read only by the owner. See also shared folder.

port number. A number that specifies an individual TCP/IP application on a host machine, providing a destination for transmitted data.

protocol. A formal description of messages to be exchanged and rules to be followed for two or more systems to exchange information.

provisioning. The process of adding, modifying or deleting entries in the iPlanet Directory Server. These entries include users and groups and domain information.

RDN. Relative distinguished name. The name of the actual entry itself, before the entry's ancestors have been appended to the string to form the full distinguished name.

referral. A process by which the directory server returns an information request to the client that submitted it, with information about the Directory Service Agent (DSA) that the client should contact with the request. See also knowledge information.

relative distinguished name. See RDN.

replica directory server. The directory that will receive a copy of all or part of the data.

required attributes. Attributes that must be present in entries using a particular object class. See also allowed attributes, attributes.

reverse DNS lookup. The process of querying the DNS to resolve a numeric IP address into the equivalent fully qualified domain name.

RFC. Request For Comments. The document series, begun in 1969, describes the Internet suite of protocols and related experiments. Not all (in fact very few) RFCs describe Internet standards, but all Internet standards are published as RFCs. See

root entry. The top-level entry of the directory information tree (DIT) hierarchy.

schema. Definitions—including structure and syntax—of the types of information that can be stored as entries in iPlanet Directory Server. When information that does not match the schema is stored in the directory, clients attempting to access the directory might be unable to display the proper results.

search base. See base DN.

server administrator. Person who performs server management tasks. The server administrator provides restricted access to tasks for a particular server, depending upon task ACIs. The configuration administrator must assign user access to a server. Once a user has server access permissions, that user is a server administrator who can provide server access permissions to users.

shared folder. A folder that can be read by more than one person. Shared folders have an owner who can specify read access to the folder and who can delete messages from the shared folder. The shared folder can also have a moderator who can edit, block, or forward incoming messages. Only IMAP folders can be shared. See also personal folder.

Sieve. A language for filtering mail.

SIMS. Sun Internet Mail Server.

sn. Aliased directory attribute for surname.

static group. A mail group defined statically by enumerating each group member. See also dynamic group.

subdomain. A portion of a domain. For example, in the domain name, corp is a subdomain of the domain See also host name, fully-qualified domain name.

subnet. The portion of an IP address that identifies a block of host IDs.

subordinate reference. The naming context that is a child of the naming context held by your directory server. See also knowledge information.

synchronization. The update of data by a master directory server to a replica directory server.

TCP. See Transmission Control Protocol.

TCP/IP. See Transmission Control Protocol/Internet Protocol.

top-level administrator. User who has administrative privileges to create, modify, and delete mail users, mail lists, family accounts, and domains in an entire Messaging Server namespace by using the Delegated Administrator for Messaging and Collaboration GUI or CLIs. By default, this user can act as a message store administrator for all messaging servers in the topology.

Transmission Control Protocol (TCP). The basic transport protocol in the Internet protocol suite that provides reliable, connection-oriented stream service between two hosts.

Transmission Control Protocol/Internet Protocol (TCP/IP). The name given to the collection of network protocols used by the Internet protocol suite. The name refers to the two primary network protocols of the suite: TCP (Transmission Control Protocol), the transport layer protocol, and IP (Internet Protocol), the network layer protocol.

UID. (1) User identification. A unique string identifying a user to a system. Also referred to as a userID. (2) Aliased directory attribute for userID (login name).

upper reference. Indicates the directory server that holds the naming context above your directory server's naming context in the directory information tree (DIT).

user account. An account for accessing a server, maintained as an entry on a directory server.

User/Groups Directory Server . A Directory Server that maintains information about users and groups in an organization.

user entry or user profile. Fields that describe information about each user, required and optional, examples are: distinguished name, full name, title, telephone number, pager number, login name, password, home directory, and so on.

user folders. A user's email mailboxes.

user quota. The amount of space, configured by the system administrator, allocated to a user for email messages.

vanity domain. A domain name associated with an individual user—not with a specific server or hosted domain. A vanity domain is specified by using the MailAlternateAddress attribute. The vanity domain does not have an LDAP entry for the domain name. Vanity domains are useful for individuals or small organizations desiring a customized domain name, without the administration overhead of supporting their own hosted domain. Also called custom domain.

virtual domain. (1) An ISP hosted domain. (2) A domain name added by the Messaging Multiplexor to a client's user ID for LDAP searching and for logging into a mailbox server. See also domain, hosted domain.

Previous     Contents     Index     Next     
Copyright © 2002 Sun Microsystems, Inc. All rights reserved.

Last Updated January 30, 2002