privilege - Sun OpenDS Standard Edition 2.2 Glossary of LDAP and Directory Terminology

Exit Print View
Sun OpenDS Standard Edition 2.2 Glossary of LDAP and Directory Terminology

Previous

Next

Document Information

abandon operation

abstract object class

Abstract Syntax Notation One

access control instruction (ACI)

access control rule

account expiration

account lockout

account status notification

account usability control

AND search filter

ANONYMOUS SASL mechanism

approximate index

approximate search filter

assertion value

attribute description

attribute option

attribute syntax

attribute usage

attribute value

attribute value assertion

authentication ID

authentication password syntax

authorization ID

authorization identity control

auxiliary object class

base64 encoding

Basic Encoding Rules

Berkeley DB Java Edition

cancel extended operation

certificate mapper

cn=Directory Manager

collective attribute

Common Development and Distribution License

compare operation

connection handler

CRAM-MD5 SASL mechanism

crypt algorithm

delete operation

deprecated password storage scheme

dereference policy

DIGEST-MD5 SASL mechanism

directory information tree

directory manager

directory server

directory server agent

Directory Services Markup Language

distinguished name

DIT content rule

DIT structure rule

DSA-specific entry

entry change notification control

equality search filter

extended operation

extensible match index

extensible match search filter

EXTERNAL SASL mechanism

failover algorithm

generalized time

get effective rights control

global index catalog

greater than or equal to search filter

GSSAPI SASL mechanism

id2entry database

identity mapper

idle account lockout

in-core restart

index entry limit

intermediate response

Java Management Extensions

key manager provider

last login time

lastmod plug-in

LDAP assertion control

ldapcompare tool

LDAP Data Interchange Format

ldapdelete tool

LDAP false filter

LDAP intermediate response

LDAP modify DN operation

LDAP modify operation

ldapmodify Tool

LDAP no-op control

LDAP post-read control

LDAP pre-read control

LDAP search filter

ldapsearch tool

less than or equal to search filter

lexico algorithm

Lightweight Directory Access Protocol

lookthrough limit

manage DSA IT control

matched values control

matching rule use

modification type

modify DN operation

modify operation

normalized value

notice of disconnection unsolicited notification

NOT search filter

numeric algorithm

object class type

object identifier

operational attribute

OR search filter

password expiration

password generator

Password Modify extended operation

password policy

password policy control

password storage scheme

password validator

persistent search control

PLAIN SASL mechanism

presence search filter

proportional algorithm

protocol data unit

proxied authorization control

quality of protection

QuickSetup installer

real attributes only control

referential integrity

relative distinguished name

replication repair control

request for comments

saturation algorithm

saturation alert

saturation threshold

schema checking

search attributes

search operation

search result done

search result entry

search result reference

Secure Hash Algorithm

Secure Sockets Layer

server-side sort control

simple authentication

Simple Authentication and Security Layer

simple paged results control

StartTLS extended operation

structural object class

subschema subentry

substring assertion

substring index

substring search filter

subtree delete control

supported control

supported extension

supported feature

synchronization

Transport Security Layer

trust manager provider

unbind operation

unindexed search

UNIX crypt algorithm

unsolicited notification

virtual attribute

virtual attributes only control

virtual directory

virtual list view control

virtual static group

"Who Am I?" extended operation

workflow element

writability mode

privilege

The directory server provides a privilege subsystem, which can be used to define capabilities that will be granted to users. The privilege subsystem works in conjunction with the access control implementation in the process of determining whether a user will be allowed to perform a certain operation.

Some of the privileges defined in the directory server include:

bypass-acl: Allows the user to bypass access control evaluation
modify-acl: Allows the user to modify access control rule defined in the server.
config-read: Allows the user to have read access to the server configuration
config-write: Allows the user to have write access to the server configuration
server-shutdown: Allows the user to request that the server shut down
server-restart: Allows the user to request that the server perform an in-core restart
proxied-auth: Allows the user to request an operation with a different authorization ID
unindexed-search: Allows the user to request an unindexed search
password-reset: Allows the user to password reset for other users
update-schema: Allows the user to update the server schema

See Chapter 7, Directory Server Root Users and the Privilege Subsystem, in Sun OpenDS Standard Edition 2.2 Architectural Reference for more information on the privilege subsystem.

Legal Copyright 1994-2009 Sun Microsystems, Inc.

Previous

Next