Exit Print View

Sun OpenDS Standard Edition 2.0 Glossary of LDAP and Directory Terminology

Get PDF Book Print View
 
Previous Next

Document Information

Introduction

Glossary

A

abandon operation

abstract object class

Abstract Syntax Notation One

access control

access control rule

access log

account expiration

account lockout

account status notification

account usability control

ACID

add operation

alias

AND search filter

anonymous bind

ANONYMOUS SASL mechanism

approximate index

approximate search filter

assertion value

attribute

attribute description

attribute option

attribute syntax

attribute type

attribute usage

attribute value

attribute value assertion

audit log

authentication

authentication ID

authentication password syntax

authorization

authorization ID

authorization identity control

auxiliary object class

AVA

B

back end

backup

base64 encoding

Basic Encoding Rules

Berkeley DB Java Edition

binary copy

bind operation

C

cancel extended operation

CDDL

certificate

certificate mapper

chaining

changelog

cn=Directory Manager

collective attribute

Common Development and Distribution License

compare operation

connection handler

connection ID

control

CRAM-MD5 SASL mechanism

crypt algorithm

D

database

database cache

debug log

delete operation

deprecated password storage scheme

dereference policy

DIGEST-MD5 SASL mechanism

directory information tree

directory manager

directory server

directory server agent

Directory Services Markup Language

distinguished name

DIT

DIT content rule

DIT structure rule

DN

DSA

DSA-specific entry

DSE

DSML

DSML gateway

duration

dynamic group

E

entry

entry cache

entry change notification control

entryDN

entry ID

entryUUID

equality index

equality search filter

error log

export

extended operation

extensible match index

extensible match search filter

EXTERNAL SASL mechanism

F

false filter

G

generalized time

get effective rights control

greater than or equal to search filter

group

GSSAPI SASL mechanism

I

ID list

id2entry database

identity mapper

idle account lockout

in-core restart

index

index entry limit

intermediate response

Internet Draft

J

Java Management Extensions

Java Web Start

K

key manager provider

L

last login time

lastmod plug-in

LDAP assertion control

ldapcompare tool

LDAP Data Interchange Format

ldapdelete tool

LDAP false filter

LDAP intermediate response

LDAP modify DN operation

LDAP modify operation

ldapmodify Tool

LDAP message

LDAP no-op control

LDAP post-read control

LDAP pre-read control

LDAP result

LDAPS

LDAP search filter

ldapsearch tool

LDAP URL

LDIF export

LDIF import

leaf entry

less than or equal to search filter

Lightweight Directory Access Protocol

lookthrough limit

M

MakeLDIF tool

manage DSA IT control

matched DN

matched values control

matching rule

matching rule use

MD5

message

message ID

modification

modification type

modify DN operation

modify operation

monitor entry

N

name form

naming context

non-leaf entry

normalized value

notice of disconnection unsolicited notification

NOT search filter

O

object class

object class type

object identifier

operation id

operational attribute

ordering index

OR search filter

P

password

password expiration

password generator

Password Modify extended operation

password policy

password policy control

password reset

password storage scheme

password validator

persistent search control

PLAIN SASL mechanism

plug-in

presence index

presence search filter

privilege

protocol data unit

protocol op

proxied authorization control

Q

quality of protection

QuickSetup installer

R

real attributes only control

referential integrity

referral

relative distinguished name

replica

replication

replication repair control

request for comments

restore

result

result code

root DN

root DSE

S

salt

schema

schema checking

search attributes

search base DN

search filter

search operation

search result done

search result entry

search result reference

search scope

Secure Hash Algorithm

Secure Sockets Layer

server-side sort control

simple authentication

Simple Authentication and Security Layer

simple paged results control

size limit

smart referral

StartTLS extended operation

static group

structural object class

subentry

subschema subentry

substring assertion

substring index

substring search filter

subtree

subtree delete control

supported control

supported extension

supported feature

synchronization

T

task

time limit

transaction

Transport Security Layer

true filter

trust manager provider

typesOnly flag

U

unbind operation

unindexed search

UNIX crypt algorithm

unsolicited notification

URL

user attribute

V

virtual attribute

virtual attributes only control

virtual directory

virtual list view control

virtual static group

VLV index

W

"Who Am I?" extended operation

work queue

worker thread

writability mode

password storage scheme

A password storage scheme provides a mechanism for encoding user passwords for storage in the server. In most cases, the password is encoded in a manner that prevents users from determining what the clear-text password is, while still allowing the server to determine whether the user-supplied password is correct. Password storage schemes currently available for use include:

3DES

The password will be encoded using triple DES. Triple DES is a variation of the Data Encryption Standard (DES) that is three times slower than its predecessor but provides stronger reliability. The algorithm uses three 64-bit keys for a combined key length of 192 bits. The data is encrypted with the first key, decrypted with the second key, and then re-encrypted with the third key. You must ensure that all three keys, the first and the second key, or the second and the third keys are not identical.

AES

The Advanced Encryption Standard uses a symmetric block cipher that processes data blocks of 128 bits, using cipher keys with lengths of 128 (AES-128), 192 (AES-192), and 256 (AES-256) bits and is based on the Rijndael algorithm

BASE64

The password will be base64–encoded, which provides a very weak form of protection and should only be used for cases in which clients require this storage scheme.

BlowFish

The password will be encoded using the BlowFish Algorithm with a 128 bits key length.

CLEAR

The password will be stored in clear-text. It will not provide any protection at all, so this should only be used for cases in which clients require this storage scheme.

CRYPT

The password will be encoded using the UNIX crypt algorithm. This is a one-way algorithm, but it is considered weak by current standards and should generally only be used for clients which require this storage scheme.

MD5

The password will be encoded using an unsalted version of the MD5 message digest algorithm. This is relatively secure, although a salted hash is preferred, and one of the SHA variants are considered stronger than MD5.

RC4

The password will be encoded using RC4, a stream cipher using a variable key-size stream cipher with byte-oriented operations. The algorithm is based on the use of a random permutation.

SMD5

The password will be encoded using a salted version of the MD5 message digest algorithm.

SHA

The password will be encoded using an unsalted version of the SHA-1 Secure Hash Algorithm. The salted variant of this algorithm is preferred.

SSHA

The password will be encoded using a salted version of the SHA-1 Secure Hash Algorithm. This is the default password storage scheme used by the directory server

SSHA256

The password will be encoded using a salted 256-bit version of the SHA-2 Secure Hash Algorithm.

SSHA384

The password will be encoded using a salted 384-bit version of the SHA-2 Secure Hash Algorithm.

SSHA512

The password will be encoded using a salted 512-bit version of the SHA-2 Secure Hash Algorithm.

Note that the directory server also supports the use of the authentication password syntax.

Legal Copyright 1994-2009 Sun Microsystems, Inc.
Previous Next