ACL.  Access control list. Netscape's mechanism for controlling access to your directory.

attribute.  Holds descriptive information about an entry. Attributes have a label and a value. Each attribute also follows a standard syntax for the type of information that can be stored as the attribute value.

attribute list.  A list of required and optional attributes for a given entry type or object class.

authentication.  1. Process of proving the identity of the client user to the Directory Server. Users must provide a bind DN and the corresponding password in order to be granted access to the directory. The Directory Server allows the user to perform functions or access files and directories based on the permissions granted to that user by the directory administrator.

2. Allows a client to make sure they are connected to a secure server, preventing another computer from impersonating the server or attempting to appear secure when it is not.

authentication certificate.  Digital file that is not transferable and not forgeable and is issued by a third party. Authentication certificates are sent from server to client or client to server in order to verify and authenticate the other party.

bind DN.  Distinguished name used to authenticate to the Directory Server when performing an operation.

bind DS.  In pass-through authentication (PTA), the bind DS is the directory server that contains the authentication credentials of the requesting client. The PTA-enabled host sends PTA requests it receives from clients to the bindhost.

browser.  Software, such as Netscape Navigator, used to request and view World Wide Web material stored as HTML files. The browser uses the HTTP protocol to communicate with the host server. Also known as a client program.

CA.  See Certification Authority.

Certification Authority.  Company or organization that sells and issues authentication certificates. You may purchase an authentication certificate from a Certification Authority that you trust. Also known as a CA.

CGI.  Common Gateway Interface. An interface for external programs to communicate with the HTTP server. Programs written to use CGI are called CGI programs or CGI scripts, and can be written in many of the common programming languages. CGI programs handle forms or perform output parsing that is not done by the server itself.

ciphertext.  Encrypted information that cannot be read by anyone without the proper key to decrypt the information.

CIR.  See consumer-initiated replication

client.  See LDAP client.

consumer.  Server containing replicated directory trees or subtrees from a supplier server.

consumer-initiated replication.  Replication configuration where consumer servers pull directory data from supplier servers.

daemon.  A background process on a Unix machine that is responsible for a particular system task. Daemon processes do not need human intervention to continue functioning.

Directory Server gateway.  A collection of CGI forms that allows a browser to perform LDAP client functions, such as querying and accessing a Directory Server, from a web browser.

directory service.  A database application designed to manage descriptive, attribute-based information about people and resources within an organization.

distinguished name.  String representation of an entry's name and location in an LDAP directory.

DNS.  Domain Name System. The system used by machines on a network to associate standard IP addresses (such as 198.93.93.10) with hostnames (such as www.netscape.com). Machines normally get the IP address for a hostname from a DNS server, or they look it up in tables maintained on their systems.

DNS alias.  A DNS alias is a hostname that the DNS server knows points to a different host—specifically a DNS CNAME record. Machines always have one real name, but they can have one or more aliases. For example, an alias such as www.[yourdomain].[domain] might point to a real machine called realthing.[yourdomain].[domain] where the server currently exists.

file extension.  The section of a filename after the period or dot (.) that typically defines the type of file (for example, .GIF and .HTML). In the filename index.html the file extension is html.

file type.  The format of a given file. For example, graphics files are often saved in GIF format, while a text file is usually saved as ASCII text format. File types are usually identified by the file extension (for example, .GIF or .HTML).

gateway.  See Directory Server gateway.

hostname.  A name for a machine in the form machine.domain.dom, which is translated into an IP address. For example, www.netscape.com is the machine www in the subdomain netscape and com domain.

HTML.  Hypertext Markup Language. The formatting language used for documents on the World Wide Web. HTML files are plain text files with formatting codes that tell browsers such as the Netscape Navigator how to display text, position graphics and form items, and display links to other pages.

HTTP.  Hypertext Transfer Protocol. The method for exchanging information between HTTP servers and clients.

HTTPD.  An abbreviation for the HTTP daemon or service, a program that serves information using the HTTP protocol. The daemon or service is often called an httpd.

HTTP-NG.  The next generation of Hypertext Transfer Protocol.

HTTPS.  A secure version of HTTP, implemented using the Secure Sockets Layer, SSL.

IP address.  Internet Protocol address. A set of numbers, separated by dots, that specifies the actual location of a machine on the Internet (for example, 198.93.93.10).

LDAP.  Lightweight Directory Access Protocol. Directory service protocol designed to run over TCP/IP and across multiple platforms.

LDAP client.  Software used to request and view LDAP entries from an LDAP Directory Server. See also browser.

LDAP Data Interchange Format.  See LDIF.

LDIF.  LDAP Data Interchange Format. Format used to represent Directory Server entries in text form.

Lightweight Directory Access Protocol.  See LDAP.

management information base.  See MIB.

master agent.  See SNMP master agent.

MD5.  A message digest algorithm by RSA Data Security, Inc., which can be used to produce a short digest of data, that is unique with high probability, and is mathematically extremely hard to produce a piece of data that will produce the same message digest.

MD5 signature.  A message digest produced by the MD5 algorithm.

MIB.  Management Information Base.

network management application.  An application on a network that can be managed by SNMP.

network management station.  see NMS.

NIS.  Network Information Service. A system of programs and data files that Unix machines use to collect, collate, and share specific information about machines, users, file systems, and network parameters throughout a network of computers.

NMS.  Network Management Station.

ns-slapd.  Netscape's LDAP Directory Server daemon or service that is responsible for all actions of the Directory Server. See also slapd.

object class.  Defines an entry type in the directory by defining which attributes are contained in the entry.

object identifier.  A string, usually of decimal numbers, that uniquely identifies an object, such as an object class or an attribute, in an object-oriented system.

OID.  See object identifier.

pass-through authentication.  See PTA.

pass-through suffix.  In pass-through authentication, the PTA DS will pass through bind requests to the bind DS from all clients whose DN contains this suffix.

password file.  A file on Unix machines that stores Unix user login names, passwords, and user ID numbers. It is also known as /etc/passwd, because of where it is kept.

PDU.  Protocol Data Unit.

protocol.  A set of rules that describes how devices on a network exchange information.

protocol data unit.  See PDU.

proxy DN.  Used with proxied authorization. The proxy DN is the DN of an entry that has access permissions to the target on which the client-application is attempting to perform an operation.

PTA.  Pass-through authentication. Mechanism by which one directory server consults another to check bind credentials.

PTA DS.  In pass-through authentication (PTA), the PTA DS is the directory server that sends (passes through) bind requests it receives to the bind DS.

PTA LDAP URL.  In pass-through authentication, the URL that defines the bind DS, pass-through suffixes and optional parameters.

public-key encryption.  Encryption that uses two keys: a public key for encrypting data, and a private key for decrypting data. Someone sending you encrypted information encrypts it using your public key. The information can then only be decrypted using your private key.

RAM.  Random access memory. The physical semiconductor-based memory in a computer. Information stored in RAM is lost when the computer is shut down.

rc.local.  A file on Unix machines that describes programs that are run when the machine starts. It is also called /etc/rc.local because of its location.

RDN.  Relative distinguished name. The name of the actual entry itself, before the entry's ancestors have been appended to the string to form the full distinguished name.

referential integrity.  Mechanism that ensures that relationships between related entries are maintained within the directory.

replication.  Act of copying directory trees or subtrees from supplier servers to consumer servers.

replication agreement.  Set of configuration parameters that identify the directory objects to replicate, the times during which replication can occur, and the servers involved in the replication process.

RFC.  Request For Comments. Procedures or standards documents submitted to the Internet community. People can send comments on the technologies before they become accepted standards.

root.  The most privileged user available on Unix machines. The root user has complete access privileges to all files on the machine.

schema.  Definitions describing what types of information can be stored as entries in the directory. When information that does not match the schema is stored in the directory, clients attempting to access the directory may be unable to display the proper results.

schema checking.  Ensures that entries added or modified in the directory conform to the defined schema. Schema checking is on by default and users will receive an error if they try to save an entry that does not conform to the schema.

Secure Sockets Layer.  See SSL.

Server Console.  Java-based application that allows you to perform administrative management of your Directory Server from a GUI.

server daemon.  The server daemon is a process that, once running, listens for and accepts requests from clients.

server service.  The server service is a process on Windows NT that, once running, listens for and accepts requests from clients.

server root.  A directory on the server machine dedicated to holding the server program and configuration, maintenance, and information files.

Server Selector.  Interface that allows you select and configure servers using a browser.

service.  A background process on a Windows NT machine that is responsible for a particular system task. Service processes do not need human intervention to continue functioning.

SIR.  See supplier-initiated replication.

slapd.  LDAP Directory Server daemon or service that is responsible for most functions of a directory except replication. See also ns-slapd.

SNMP master agent.  Software that exchanges information between the various subagents and the NMS.

SNMP subagent.  Software that gathers information about the managed device and passes the information to the master agent.

SSL.  Secure Sockets Layer. A software library establishing a secure connection between two parties (client and server) used to implement HTTPS, the secure version of HTTP.

subagent.  See SNMP subagent.

superuser.  The most privileged user available on Unix machines (also called root). The superuser has complete access privileges to all files on the machine.

supplier.  Server containing the master copy of directory trees or subtrees that are replicated to consumer servers.

supplier-initiated replication.  Replication configuration where supplier servers replicate directory data to consumer servers.

symmetric encryption.  Encryption that uses the same key for both encrypting and decrypting.

TCP/IP.  Transmission Control Protocol/Internet Protocol. The main network protocol for the Internet and for enterprise (company) networks.

uid.  A unique number associated with each user on a Unix system.

URL.  Uniform Resource Locator. The addressing system used by the server and the client to request documents. It is often called a location. The format of a URL is [protocol]://[machine:port]/[document]. The port number is necessary only on selected servers, and it is often assigned by the server, freeing the user of having to place it in the URL.

A sample URL is http://www.netscape.com/index.html.

X.500 standard.  The set of ISO/IEC documents outlining the standard object classes, attributes, and LDAP protocols to be used in directory server creation and management.