Sun logo      Previous      Contents      Index      Next     

Sun ONE Messaging and Collaboration 6.0 Schema Reference Manual


access control     A method for controlling access to a server or to folders and files on a server.

Access Control Entry (ACE)     A single item of information from an access control list. Also called access control information.

Access Control Information (ACI)     See Access Control Entry. Information from an access control entry.

Access Control List (ACL)     A set of data associated with a directory that defines the permissions that users and/or groups have for accessing it. Contains zero or more ACEs.

access control rules     Rules specifying user permissions for a given set of directory entries or attributes.

access domain     Limits access to certain Messaging Server operations from within a specified domain. For example, an access domain can be used to limit where mail for an account can be collected.

account     Information that defines a specific user or user group. This information includes the user or group name, valid email address or addresses, and how and where email is delivered.

administration domain     A region of administrative control. See also domain.

administration privileges     A set of privileges that define a users administrative role.

administration server administrator     User who has administrative privileges to start or stop a server even when there is no Directory Server connection. The administration server administrator has restricted server tasks (typically only Restart Server and Stop Server) for all servers in a local server group. When an administration server is installed, this administrator's entry is automatically created locally (this administrator is not a user in the user directory).

administrator     A user with a defined set of administrative privileges. See also configuration administrator, Directory Manager, administration server administrator, server administrator, message store administrator, top-level administrator, domain administrator, organization administrator, family group administrator, mail list owner.

alias     An alternate name of an email address.

allowed attributes     The attributes that optionally can be present in entries using a particular object class, but are not required to be present. See also attributes, required attributes.

alternate address     A secondary address for an account, generally a variation on the primary address. In some cases it is convenient to have more than one address for a single account.

attributes     LDAP data is represented as attribute-value pairs. Any specific piece of information is associated with a descriptive attribute. See also allowed attributes, required attributes.

AUTH     An SMTP command enabling an SMTP client to specify an authentication method to the server, perform an authentication protocol exchange, and, if necessary, negotiate a security layer for subsequent protocol interactions.

authentication     (1) The process of proving the identity of a client user to a server or, (2) The process of proving the identity of the server to a client or another server.

base DN     A distinguished name entry in the directory from which searches will occur. Also known as a search base. For example, ou=people,

bind DN     A distinguished name used to authenticate to the Directory Server when performing an operation.

calendar identifier (calid)     Identifies a calendar in the database. Must be A-Z, a-z, 0-9 (alphanumeric). A fully qualified calendar identifier consists of three parts, with the first two parts being optional: uid is the user’s unique identifier in the authentication name space. domain is the domain to which the user belongs. calid is the local identifier for the calendar, where “local” means that it is unique within the uid@domain name space. The format is: [uid]@[domain]:calid

CNAME record     A type of DNS record that maps a domain name alias to a domain name.

cn     LDAP alias for common name.

CLI     Command-Line Interface.

command-line interface     Command that can be executed from the command line. Also called utility.

configuration administrator     Person who has administrative privileges to manage servers and configuration directory data in the entire Sun™ ONE. The configuration administrator has unrestricted access to all resources in the Sun ONE topology. This is the only administrator who can assign server access to other administrators. The configuration administrator initially manages administrative configuration until the administrators group and its members are in place.

Configuration Directory Server     A Directory Server that maintains configuration information for a server or set of servers.

data store     A store that contains directory information, typically for an entire directory information tree.

DC Tree     Domain Component tree. A directory information tree that mirrors the DNS network syntax. An example of a distinguished name in a DC Tree would be cn=billbob,dc=bridge,dc=net,o=internet.

Delegated Administrator for Messaging     A set of interfaces (GUI and utilities) that allow domain administrators to add and modify users and groups to a hosted domain.

directory context     The point in the directory tree information at which a search begins for entries used to authenticate a user and password for message store access. See also base DN.

directory entry     A set of directory attributes and their values identified by its distinguished name. Each entry contains an object class attribute that specifies the kind of object the entry describes and defines the set of attributes it contains.

directory information tree     The tree-like hierarchical structure in which directory entries are organized. Also called a DIT. DITs can be organized along the DNS (DC Trees) or Open Systems Interconnect networks (OSI trees).

directory lookup     The process of searching the directory for information on a given user or resource, based on that user or resource’s name or other characteristic.

Directory Manager     User who has administrative privileges to the directory server database. Access control does not apply to this user (think of the directory manager as the directory's superuser).

directory schema     The set of rules that defines the data that can be stored in the directory.

Directory Server     The Sun ONE directory service based on LDAP. See also directory service, Lightweight Directory Access Protocol, Configuration Directory Server, User/Groups Directory Server.

directory service     A logically centralized repository of information about people and resources within an organization. See also Lightweight Directory Access Protocol.

distinguished name     The comma-separated sequence of attributes and values that specify the unique location of an entry within the directory information tree. Often abbreviated as DN.

DIT     See directory information tree.

DN     See distinguished name.

dn     LDAP alias for distinguished name. See also distinguished name.

DNS     See Domain Name System.

DNS alias     A host name that the DNS server recognizes as pointing to a different host—specifically a DNS CNAME record. Machines always have one real name, but they can have one or more aliases. For example, www.siroe.domain might be an alias that points to a real machine called realthing.siroe.domain where the server currently exists.

DNS database     A database of domain names (host names) and their corresponding IP addresses.

DNS domain     A group of computers whose host names share a common suffix, the domain name. Syntactically, an Internet domain name consists of a sequence of names (labels) separated by periods (dots), for example, See also domain.

domain     Resources under control of a single computer system. See also administration domain, DNS domain, hosted domain, virtual domain.

domain name space     The name space within which identifiers for users, resources and groups are unique. A given identifier can be used in different domains.

domain administrator     User who has administrative privileges to create, modify, and delete mail users, mail lists, and family accounts in a hosted domain by using the Delegated Administrator for Messaging and Collaboration GUI or CLIs. By default, this user can act as a message store administrator for all messaging servers in the topology.

domain alias     A domain entry that points to another domain. By using aliases, hosted domains can have several domain names.

domain hosting     The ability to host one or more domains on a shared messaging server. For example, the domains and might both be hosted on the mail server. Users send mail to and receive mail from the hosted domain—the name of the mail server does not appear in the email address.

domain name     (1) A host name used in an email address. (2) A unique name that defines an administrative organization. Domains can contain other domains. Domain names are interpreted from right to left. For example, is both the domain name of the Siroe Company and a subdomain of the top-level com domain. The domain can be further divided into subdomains such as, and so on. See also host name, fully qualified domain name.

Domain Name System (DNS)     A distributed name resolution software that allows computers to locate other computers on a network or the Internet by domain name. The system associates standard IP addresses with host names (such as Machines normally get this information from a DNS server. DNS servers provide a distributed, replicated, data query service for translating hostnames into Internet addresses. See also A record, MX record, CNAME record.

domain organization     A subdomain below a hosted domain in the Organization Tree. Domain organizations are useful for companies that wish to organize their user and group entries along departmental lines.

dynamic group     A mail group defined by an LDAP search URL. Users usually join the group by setting an LDAP attribute in their directory entry.

family group administrator     User who has administrative privileges to add and remove family members in a family group. This user can grant family group administrative access to other members of group.

fully qualified domain name (FQDN)     The unique name that identifies a specific Internet host. See also domain name.

group     A group of LDAP mail entries that are organized under a distinguished name. Usually used as a mail list, but may also be used to grant certain administrative privileges to members of the group. See also dynamic group, static group.

GUI     Graphical User Interface

host     The machine on which one or more servers reside.

hosted domain     An email domain that is outsourced by an ISP. That is, the ISP provides email domain hosting for an organization by operating and maintaining the email services for that organization. A hosted domain shares the same Messaging Server host with other hosted domains. In earlier LDAP-based email systems, a domain was supported by one or more email server hosts. With Messaging Server, many domains can be hosted on a single server. For each hosted domain, there is an LDAP entry that points to the user and group container for the domain. Hosted domains are also called virtual hosted domains or virtual domains. See also domain, virtual domain.

host name     The name of a particular machine within a domain. The host name is the IP host name, which might be either a “short-form” host name (for example, mail) or a fully qualified host name. The fully qualified host name consists of two parts: the host name and the domain name. For example, is the machine mail in the domain Host names must be unique within their domains. Your organization can have multiple machines named mail, as long as the machines reside in different subdomains; for example, and Host names always map to a specific IP address. See also domain name, fully qualified domain name, IP address.

Identity Server     (IS) The Sun ONE product responsible for implementing Sun ONE Schema, v.2. It is used for SSO authentication and contains administrative tools. The User Management Utility uses the IS SDK as the backend of its command line utilities.

INBOX     The name reserved for a user’s default mailbox for mail delivery. INBOX is the only folder name that is case insensitive. For example: INBOX, Inbox, and inbox are all valid names for a users default mailbox.

Internet     The name given to the worldwide network of networks that uses TCP/IP protocols.

Internet Protocol (IP)     The basic network-layer protocol on which the Internet and intranets are based.

internet protocol address     See IP address.

IP     See Internet Protocol.

IP address     A set of numbers, separated by dots, such as, that specifies the actual location of a machine on an intranet or the Internet. A 32-bit address assigned to hosts using TCP/IP.

knowledge information     Part of the directory service infrastructure information. The directory server uses knowledge information to pass requests for information to other servers.

LDAP     See Lightweight Directory Access Protocol.

LDAP Data Interchange Format (LDIF)     The format used to represent Directory Server entries in text form.

LDAP filter     A method of specifying a set of entries, based on the presence of a particular attribute or attribute value.

LDAP referrals     An LDAP entry that consists of a symbolic link (referral) to another LDAP entry. An LDAP referral consists of an LDAP host and a distinguished name. LDAP referrals are often used to reference existing LDAP data so that this data does not have to be replicated. They are also used to maintain compatibility for programs that depend on a particular entry that may have been moved.

LDAP search string     A string with replaceable parameters that defines the attributes used for directory searches. For example, an LDAP search string of "uid=%s" means that searches are based on the user ID attribute.

LDAP Server     A software server that maintains an LDAP directory and services queries to the directory. The Sun ONE Directory Services are implementations of an LDAP Server.

LDBM     LDAP Data Base Manager.

LDIF     See LDAP Data Interchange Format.

Lightweight Directory Access Protocol (LDAP)     Directory service protocol designed to run over TCP/IP and across multiple platforms. A simplification of the X.500 Directory Access Protocol (DAP) that allows a single point of management for storage, retrieval, and distribution of information, including user profiles, mail lists, and configuration data across Sun ONE servers. The Sun ONE Directory Server uses the LDAP protocol.

local part     The part of an email address that identifies the recipient. See also domain part.

mailbox     A place where messages are stored and viewed. See also folder.

mail list     A list of email addresses to which a message can be sent by way of a mail list address. Sometimes called a group.

mail list owner     A user who has administrative privileges to add members to and delete members from the mail list.

managed object     A collection of configurable attributes, for example, a collection of attributes for the directory service.

master directory server     The directory server that contains the data that will be replicated.

member     A user or group who receives a copy of an email addressed to a mail list. See also mail list, expansion, moderator, and owner.

message quota     A limit defining how much disk space a particular folder can consume.

Messaging Server administrator     The administrator whose privileges include installation and administration of an Sun ONE Messaging Server instance.

name resolution     The process of mapping an IP address to the corresponding name. See also DNS.

namespace     The tree structure of an LDAP directory. See also directory information tree.

naming attribute     The final attribute in a directory information tree distinguished name. See also relative distinguished name.

naming context     A specific suffix of a directory information tree that is identified by its DN. In Sun ONE Directory Server, specific types of directory information are stored in naming contexts. For example, a naming context which stores all entries for marketing employees in the Siroe Corporation at the Boston office might be called ou=mktg, ou=Boston, o=siroe, c=US.

node     An entry in the DIT.

object class     A template specifying the kind of object the entry describes and the set of attributes it contains. For example, Sun ONE Directory Server specifies an emailPerson object class which has attributes such as commonname, mail (email address), mailHost, and mailQuota.

object identifier (OID)     An OID is a sequence of integers, typically written as a dot-separated string. An OID is assigned to each attribute and object class to conform with the LSAP and X.500 standards.

OID     See object identifier (OID).

organization administrator     User who has administrative privileges to create, modify, and delete mail users and mail lists in an organization or suborganization by using the Delegated Administrator for Messaging and Collaboration GUI or CLIs.

OSI tree     A directory information tree that mirrors the Open Systems Interconnect network syntax. An example of a distinguished name in an OSI tree would be cn=billt,o=bridge,c=us.

personal folder     A folder that can be read only by the owner. See also shared folder.

port number     A number that specifies an individual TCP/IP application on a host machine, providing a destination for transmitted data.

protocol     A formal description of messages to be exchanged and rules to be followed for two or more systems to exchange information.

provisioning     The process of adding, modifying or deleting entries in the Sun ONE Directory Server. These entries include users and groups and domain information.

RDN     Relative distinguished name. The name of the actual entry itself, before the entry’s ancestors have been appended to the string to form the full distinguished name.

referral     A process by which the directory server returns an information request to the client that submitted it, with information about the Directory Service Agent (DSA) that the client should contact with the request. See also knowledge information.

relative distinguished name     See RDN.

replica directory server     The directory that will receive a copy of all or part of the data.

required attributes     Attributes that must be present in entries using a particular object class. See also allowed attributes, attributes.

reverse DNS lookup     The process of querying the DNS to resolve a numeric IP address into the equivalent fully qualified domain name.

RFC     Request For Comments. The document series, begun in 1969, describes the Internet suite of protocols and related experiments. Not all (in fact very few) RFCs describe Internet standards, but all Internet standards are published as RFCs. See

root entry     The top-level entry of the directory information tree (DIT) hierarchy.

schema     Definitions, including structure and syntax, of the types of information that can be stored as entries in Sun ONE Directory Server. When information that does not match the schema is stored in the directory, clients attempting to access the directory might be unable to display the proper results.

search base     See base DN.

server administrator     Person who performs server management tasks. The server administrator provides restricted access to tasks for a particular server, depending upon task ACIs. The configuration administrator must assign user access to a server. Once a user has server access permissions, that user is a server administrator who can provide server access permissions to users.

shared folder     A folder that can be read by more than one person. Shared folders have an owner who can specify read access to the folder and who can delete messages from the shared folder. The shared folder can also have a moderator who can edit, block, or forward incoming messages. Only IMAP folders can be shared. See also personal folder.

SIEVE     A scripting language for filtering mail. Messaging and Collaboration supports the SIEVE rules as specified in RFC 3028 and in the relational extension to SIEVE found in RFC 3431.

SIMS     Sun Internet Mail Server.

sn     Aliased directory attribute for surname.

static group     A mail group defined statically by enumerating each group member. See also dynamic group.

subdomain     A portion of a domain. For example, in the domain name, corp is a subdomain of the domain See also host name, fully qualified domain name.

subnet     The portion of an IP address that identifies a block of host IDs.

subordinate reference     The naming context that is a child of the naming context held by your directory server. See also knowledge information.

synchronization     The update of data by a master directory server to a replica directory server.

TCP     See Transmission Control Protocol.

TCP/IP     See Transmission Control Protocol/Internet Protocol.

top-level administrator     User who has administrative privileges to create, modify, and delete mail users, mail lists, family accounts, and domains in an entire Messaging Server namespace by using the Delegated Administrator for Messaging and Collaboration GUI or CLIs. By default, this user can act as a message store administrator for all messaging servers in the topology.

Transmission Control Protocol (TCP)     The basic transport protocol in the Internet protocol suite that provides reliable, connection-oriented stream service between two hosts.

Transmission Control Protocol/Internet Protocol (TCP/IP)     The name given to the collection of network protocols used by the Internet protocol suite. The name refers to the two primary network protocols of the suite: TCP (Transmission Control Protocol), the transport layer protocol, and IP (Internet Protocol), the network layer protocol.

UID     (1) User identification. A unique string identifying a user to a system. Also referred to as a userID. (2) Aliased directory attribute for userID (login name).

upper reference     Indicates the directory server that holds the naming context above your directory server’s naming context in the directory information tree (DIT).

user account     An account for accessing a server, maintained as an entry on a directory server.

User/Groups Directory Server     A Directory Server that maintains information about users and groups in an organization.

user entry or user profile     Fields that describe information about each user, required and optional, examples are: distinguished name, full name, title, telephone number, pager number, login name, password, home directory, and so on.

user folders     A user’s email mailboxes.

User Management Utility     The Sun ONE command line interface (commadmin) for adding, deleting and modifying users, groups and domains.

user quota     The amount of space, configured by the system administrator, allocated to a user for email messages.

virtual domain     (1) An ISP hosted domain. (2) A domain name added by the Messaging Multiplexor to a client’s user ID for LDAP searching and for logging into a mailbox server. See also domain, hosted domain.

Previous      Contents      Index      Next     

Copyright 2003 Sun Microsystems, Inc. All rights reserved.