Skip Navigation Links | |
Exit Print View | |
Oracle Fusion Middleware Glossary for Oracle Unified Directory 11g Release 1 (11.1.1) |
access control instruction (ACI)
authentication password syntax
authorization identity control
Common Development and Distribution License
deprecated password storage scheme
Directory Services Markup Language
entry change notification control
extensible match search filter
greater than or equal to search filter
less than or equal to search filter
Lightweight Directory Access Protocol
notice of disconnection unsolicited notification
Password Modify extended operation
Simple Authentication and Security Layer
virtual attributes only control
An ID list is used as the value of a Directory Server index. It contains a set of entry ID for all entries that match the associated index key.
In some cases, an ID list can have a special value that indicates that there are more entries matching the index key than allowed by the index entry limit. In that case, the index key will no longer be maintained.
The id2entry database is a type of database that maps an entry ID to the contents of the corresponding entry. The entry ID is used in ID lists within indexes.
An identity mapper provides logic that can be used to map an authentication ID or authorization ID value to a corresponding user entry. Identity mappers are used in conjunction with a number of SASL mechanisms, as well as the proxied authorization control and the Password Modify extended operation.
Idle account lockout is a part of the Directory Server password policy that may be used to lock user accounts that remain unused for a significant period of time. It requires that the last login time feature be enabled so that user authentication times will be recorded, and any bind operation by a user that has not authenticated within a specified period of time will be rejected.
If a user's account has been locked due to remaining idle for too long, then it may be unlocked by an administrative password reset.
An in-core restart is a process by which the server may be restarted without actually existing the JVM used to run the server. It can be used to apply any change that requires a server restart other than one that requires the modification of a JVM argument. An in-core restart may be faster than stopping and re-starting the server process, and it has the added benefit of maintaining the JIT cache that has been accumulated from observing processing performed within the JVM.
An index is a mechanism used by the Directory Server database that can be used to efficiently find entries matching search criteria. An index maps a key to an ID list, which is the set of entry ID for the entries that match that index key.
The directory server uses six primary types of indexes:
Approximate indexes are used to identify entries containing attribute values approximately equal to a given assertion value.
Equality indexes are used to identify entries containing an attribute value that exactly matches a given assertion value.
Extensible match indexes are used to identify entries that match a given extensible match filter. This index is not currently supported.
Ordering indexes are used to identify entries that have values that are greater than or equal to, or less than or equal to, a given assertion value.
Presence indexes are used to identify entries that contain at least one value for a given attribute.
Substring indexes are used to identify entries that contain an attribute value matching a given substring assertion.
The index entry limit is a configuration limit that can be used to control the maximum number of entries that is allowed to match any given index key (that is, the maximum size of an ID list). This provides a mechanism for limiting the performance impact for maintaining index keys that match a large percentage of the entries in the server. In cases where large ID lists might be required, performing an unindexed search can often be faster than one that is indexed.
The index entry limit in the directory server is analogous to the ALL IDs threshold in Oracle Directory Server Enterprise Edition.
See LDAP intermediate response.
An Internet Draft is a form of specification defined through the IETF. Internet drafts are short-lived specifications that typically go through multiple revisions, and may change significantly between revisions. Internet Drafts that reach a point of stability may be promoted to requests for comments. Other drafts may stagnate and become no longer maintained, although in some cases they may still describe viable functionality that is worth implementing in the server.