Oracle Internet Directory Administrator's Guide Release 2.0.6 A77230-01 |
|
An attribute that determines who has what type of access to what directory data. It contains a set of rules for structural access items, which pertain to entries, and content access items, which pertain to attributes. Access to both structural and content access items may be granted to one or more users or groups.
The group of access directives that you define. The directives grant levels of access to specific data for specific clients and/or groups of clients.
See Access Control Information Item (ACI)
An entry that contains security directives that apply downward to all entries at lower positions in the Directory Information Tree (DIT).
See Access Control Policy Point.
A store-and-forward transport feature available in Oracle8i. It allows database tables to be kept synchronized across two Oracle databases.
Programs to access the services of a specified application. For example, LDAP-enabled clients access directory information through programmatic calls available in the LDAP API.
A subtree on a directory server whose entries are under the control (schema, ACL, and collective attributes) of a single administrative authority.
See Application Program Interface (API).
See Advanced Symmetric Replication (ASR).
A piece of information that describes some aspect of an entry. An entry comprises a set of attributes, each of which belongs to an object class. Moreover, each attribute has both a type--which describes the kind of information in the attribute--and a value-- which contains the actual data.
The process of authenticating to a directory.
A database that records changes made to a directory server.
In SSL, a set of authentication, encryption, and data integrity algorithms used for exchanging messages between network nodes. During an SSL handshake, the two nodes negotiate to see which cipher suite they will use when transmitting messages back and forth.
The total number of clients that have established a session with Oracle Internet Directory
The amount of concurrent operations that are being executed on the directory from all of the concurrent clients. Note that this is not necessarily the same as the concurrent clients because some of the clients may be keeping their sessions idle.
A directory entry holding the configuration parameters for a specific instance of the directory server. Multiple configuration set entries can be stored and referenced at run-time. The configuration set entries are maintained in the subtree specified by the subConfigsubEntry attribute of the DSE, which itself resides in the associated Directory Information Base (DIB) against which the servers are started.
A directory server that is the destination of replication updates.
The DN of the root of a directory naming context.
The guarantee that the contents of the message received were not altered from the contents of the original message sent.
The process of converting the contents of an encrypted message (ciphertext) back into its original readable format (plaintext).
See Directory Information Base (DIB).
The complete set of all information held in the directory. The DIB consists of entries that are related to each other hierarchically in a Directory Information Tree (DIT).
A hierarchical tree-like structure consisting of the DNs of the entries.
a subtree that resides entirely on one server. It must be contiguous, that is, it must begin at an entry that serves as the top of the subtree, and extend downward to either leaf entries or knowledge references (also called referrals) to subordinate naming contexts. It can range in size from a single entry to the entire DIT.
The directory servers participating in a replication agreement.
The X.500 term for a directory server.
The unique name of a directory entry. It comprises all of the individual names of the parent entries back to the root.
See Directory Information Tree (DIT).
See Directory Replication Group (DRG).
See Directory System Agent (DSA).
DSA Specific Entries. Different DSAs may hold the same DIT name, but with different contents. That is, the contents can be specific to the DSA holding it. A DSE is an entry with contents specific to the DSA holding it.
The process of disguising the contents of a message and rendering it unreadable (ciphertext) to anyone but the intended recipient.
The building block of a directory, it contains information about an object of interest to directory users.
A method of qualifying data, usually data that you are seeking. Filters are always expressed as DNs, for example: cn=susie smith, o=acme, c=us
.
In a multi-master replication environment, an entry replicated on multiple nodes has the same DN on each node. However, even though it has the same DN, it is assigned a different GUID on each node. For example, the same DN can be replicated on both node1 and node2, but the GUID for that DN as it resides on node1 is different from the GUID for that DN on node2.
See global unique identifier (GUID).
When an object class has been derived from another class, it also derives, or inherits, many of the characteristics of that other class.
A protocol allowing a client to access and manipulate electronic mail messages on a server. It permits manipulation of remote message folders, also called mailboxes, in a way that is functionally equivalent to local mailboxes.
The access information (name and address) for a remote DSA and the name of the DIT subtree that the remote DSA holds. Knowledge references are also called referrals.
The time a client has to wait for a given directory operation to complete
Lightweight Directory Access Protocol. The framework of design conventions supporting industry-standard directory products, such as the Oracle Internet Directory.
The set of standards for formatting an input file for any of the LDAP command line utilities.
In replication, a Master Definition Site is the Oracle Internet Directory database from which the administrator runs the configuration scripts.
In replication, a master site is any site other than the Master Definition Site that participates in LDAP replication.
A specialized attribute that holds values for different types of RDN. A naming attribute is identifiable by its mnemonic label, usually cn
, sn
, ou
, o
, c
, and so on. For example, the naming attribute c is the mnemonic for the naming attribute country, and it holds the RDN for specific country values.
The foundation of the Oracle family of networking products, allowing services and their applications to reside on different computers and communicate as peer applications. The main function of Net8 is to establish network sessions and transfer data between a client machine and a server or between two servers. Net8 is located on each machine in the network. Once a network session is established, Net8 acts as a data courier for the client and the server.
A named group of attributes. When you want to assign attributes to an entry, you do so by assigning to that entry the object classes that hold those attributes.
All objects in the same object class share the same attributes.
A command-line tool for issuing run-server and stop-server commands. The commands are interpreted and executed by the OID Monitor process.
The Oracle Internet Directory component that initiates, monitors, and terminates the Oracle Internet Directory server processes. It also controls the replication server if one is installed.
A Java-based application that security administrators use to manage public-key security credentials on clients and servers.
A unique, non-overlapping directory naming context that is stored on one directory server.
The process where the sender of a message encrypts the message with the public key of the recipient. Upon delivery, the message is decrypted by the recipient using the recipient's private key.
A mathematically related set of two numbers where one is called the private key and the other is called the public key. Public keys are typically made widely available, while private keys are available only to their owners. Data encrypted with a public key can only be decrypted with its associated private key and vice versa. Data encrypted with a public key cannot be decrypted with the same public key.
Each copy of a naming context that is contained within a single server.
See Relative Distinguished Name (RDN).
Entries containing run-time information associated with invocations of Oracle Internet Directory servers, called server instances. Registry entries are stored in the directory itself, and remain there until the corresponding directory server instance stops.
The local, most granular level entry name. It has no other qualifying entry names that would serve to uniquely address the entry. In the example, cn=Smith,o=acme,c=US
, the RDN is cn=Smith
.
See Root Directory Specific Entry.
An entry storing operational information about the directory. The information is stored in a number of attributes.
The collection of attributes, object classes, and their corresponding matching rules.
A discrete invocation of a directory server. Different invocations of a directory server, each started with the same or different configuration set entries and startup flags, are said to be different server instances.
Standalone LDAP daemon.
Administrative areas control:
A specific administrative area controls one of the above aspects of administration. A specific administrative area is part of an autonomous administrative area. Or it can be viewed as if for each specific aspect of administration, the AAA is partitioned into one or more specific administrative areas.
In replication, the node that is used to provide initial data to a new node.
An object class derived from another object class. The object class from which it is derived is called its superclass.
The list of DIT areas having independent schema definitions
Contains information applicable to a group of entries in a subtree. The information can be of these types:
Subentries are located immediately below the root of an administrative area.
A knowledge reference pointing downward in the DIT to a naming context that starts immediately below an entry.
A specific type of subentry that contains ACL information.
A specific type of subentry containing schema information.
The object class from which another object class is derived. For example, the object class person is the superclass of the object class organizationalPerson. The latter, namely, organizationalPerson, is a subclass of person and inherits the attributes contained in person.
A knowledge reference pointing upward to a DSA that holds a naming context higher in the DIT than all the naming contexts held by the referencing DSA.
In replication, the server that holds the master copy of the naming context. It supplies updates from the master copy to the consumer server.
A group of shared memory structures that contain data and control information for one Oracle database instance. If multiple users are concurrently connected to the same instance, the data in the instance's SGA is shared among the users. Consequently, the SGA is sometimes referred to as the "shared global area".
An attribute holding information that pertains to the operation of the directory itself. Some operational information is specified by the directory to control the server--for example, the time stamp for an entry. Other operational information, such as access information, is defined by administrators and is used by the directory program in its processing.
The overall rate at which directory operations are being completed by Oracle Internet Directory. This is typically represented as "operations per second".
A third party identity that is qualified with a level of trust. The trust is used when an identity is being validated as the entity it claims to be. Typically, the certificate authorities you trust issue user certificates.
|
Copyright © 1999 Oracle Corporation. All Rights Reserved. |
|