JavaScript is required to for searching.
Skip Navigation Links
Exit Print View
Oracle Fusion Middleware Glossary for Oracle Unified Directory 11g Release 1 (11.1.1)
Oracle Technology Network
Library
PDF
Print View
Feedback
search filter icon
search icon

Document Information

1.  Glossary

A

abandon operation

abstract object class

Abstract Syntax Notation One

access control

access control instruction (ACI)

access control rule

access log

account expiration

account lockout

account status notification

account usability control

ACID

add operation

alias

AND search filter

anonymous bind

ANONYMOUS SASL mechanism

approximate index

approximate search filter

ASN.1

assertion value

attribute

attribute description

attribute option

attribute syntax

attribute type

attribute usage

attribute value

attribute value assertion

audit log

authentication

authentication ID

authentication password syntax

authorization

authorization ID

authorization identity control

auxiliary object class

AVA

B

back end

backup

base64 encoding

Basic Encoding Rules

Basic Encoding Rules Overview

The BER Type

The BER Length

The BER Value

BER Encoding Examples

BER

Berkeley DB Java Edition

binary copy

bind operation

C

cancel extended operation

CDDL

certificate

certificate mapper

chaining

changelog

cn=Directory Manager

collective attribute

Common Development and Distribution License

compare operation

connection handler

connection ID

control

CRAM-MD5 SASL mechanism

crypt algorithm

D

database

database cache

debug log

delete operation

deprecated password storage scheme

dereference policy

DIGEST-MD5 SASL mechanism

directory information tree

directory manager

directory server

directory server agent

Directory Services Markup Language

distinguished name

distribution

DIT

DIT content rule

DIT structure rule

DN

DSA

DSA-specific entry

DSE

DSML

DSML gateway

duration

dynamic group

E

entry

entry cache

entry change notification control

entryDN

entry ID

entryUUID

equality index

equality search filter

error log

export

extended operation

extensible match index

extensible match search filter

EXTERNAL SASL mechanism

F

failover algorithm

false filter

G

generalized time

get effective rights control

global index

global index catalog

greater than or equal to search filter

group

GSSAPI SASL mechanism

I

ID list

id2entry database

identity mapper

idle account lockout

in-core restart

index

index entry limit

intermediate response

Internet Draft

J

Java Management Extensions

JMX

K

key manager provider

L

last login time

lastmod plug-in

LDAP assertion control

ldapcompare command

LDAP Data Interchange Format

ldapdelete command

LDAP false filter

LDAP intermediate response

LDAP message

LDAP modify DN operation

LDAP modify operation

ldapmodify command

LDAP no-op control

LDAP post-read control

LDAP pre-read control

LDAP result

LDAPS

LDAP search filter

ldapsearch command

LDAP true filter

LDAP Subentry

LDAP URL

LDIF export

LDIF import

leaf entry

less than or equal to search filter

lexico algorithm

Lightweight Directory Access Protocol

load balancing

lookthrough limit

M

MakeLDIF command

manage DSA IT control

matched DN

matched values control

matching rule

matching rule use

MD5

message

message ID

modification

modification type

modify DN operation

modify operation

monitor entry

N

name form

naming context

network group

non-leaf entry

normalized value

notice of disconnection unsolicited notification

NOT search filter

numeric algorithm

O

object class

object class type

object identifier

operation ID

operational attribute

ordering index

OR search filter

P

partition

password

password expiration

password generator

Password Modify extended operation

password policy

password policy control

password reset

password storage scheme

password validator

persistent search control

PLAIN SASL mechanism

plug-in

presence index

presence search filter

privilege

proportional algorithm

protocol data unit

protocol op

proxied authorization control

Q

quality of protection

R

real attributes only control

referential integrity

referral

relative distinguished name

replica

replication

replication repair control

request for comments

restore

result

result code

root DN

root DSE

route

S

salt

saturation algorithm

saturation alert

saturation threshold

schema

schema checking

search attributes

search base DN

search filter

search operation

search result done

search result entry

search result reference

search scope

Secure Hash Algorithm

Secure Sockets Layer

server-side sort control

simple authentication

Simple Authentication and Security Layer

simple paged results control

size limit

smart referral

StartTLS extended operation

static group

structural object class

subentry

subschema subentry

substring assertion

substring index

substring search filter

subtree

subtree delete control

supported control

supported extension

supported feature

synchronization

T

task

time limit

transaction

Transport Security Layer

true filter

trust manager provider

typesOnly flag

U

unbind operation

unindexed search

UNIX crypt algorithm

unsolicited notification

URL

user attribute

V

virtual attribute

virtual attributes only control

virtual directory

virtual list view control

virtual static group

VLV index

W

"Who Am I?" extended operation

work queue

worker thread

workflow

workflow element

writability mode

E

 

entry

An entry is the structure that holds information in a directory server. It consists of the following components:

An entry must always have exactly one structural object class that defines what type of entry it is. It may have zero or more auxiliary object classes that may be used identify other characteristics for the entry. Together, the structural and auxiliary classes define a set of required attributes, which must be present in the entry, and optional attributes, which may be included in the entry but are not required.

entry cache

The entry cache is a mechanism that uses system memory for holding entries in a manner that may be quickly accessed so that it is not necessary to decode them from the database whenever they are needed. Entry caching mechanisms are particularly effective when used with applications that access the same entry multiple times in a sequence of operations. For example, an application which first searches to find a user entry and then binds as that user to verify a password, which is a very common usage pattern.

The entry cache may be used either instead of or in addition to the server's database cache. The database cache generally uses a more compact representation of the data, but the entry cache generally holds data in a format that can be more efficiently used by the server.

Unlike the database cache which is maintained by the underlying database, the entry cache is managed by the directory server itself. There are a number of different entry cache implementations that may be used.

entry change notification control

The entry change notification control is a control that is included in search result entries returned to clients in response to a search operation that uses the persistent search control. This control contains additional information about the change made to the entry, including the type of change made, the change number (which corresponds to an item in the server's change log, if the server supports a change log), and, if the entry was renamed, the old DN of the entry. The control is described in draft-ietf-ldapext-psearch-03 and has an OID of 2.16.840.1.113730.3.4.7.

The control is defined as follows:

EntryChangeNotification ::= SEQUENCE {
          changeType ENUMERATED {
               add             (1),
               delete          (2),
               modify          (4),
               modDN           (8)
          },
          previousDN   LDAPDN OPTIONAL,     -- modifyDN ops. only
          changeNumber INTEGER OPTIONAL     -- if supported
}

entryDN

An entryDN is an operational attribute that provides a copy of the entry's current DN. Because a DN is not an attribute of the entry, it cannot be used to perform attribute value assertions. The entryDN provides a mechanism to access an entry's DN and is described in RFC 5020.

entry ID

An entry ID is an integer value that is used to uniquely identify an entry in the Directory Server back end. Although the entry's distinguished name could be used for this purpose, the numeric entry ID is much more compact and more efficient to decode, so it is more appropriate for widespread use.

The entry ID is used as the key to the actual entry data in the id2entry database, and it is used in ID lists to identify entries matching the associated index key.

entryUUID

An entryUUID is a universally unique identifier that is contained in the entryUUID operational attribute and is assigned to each entry in the directory server. It is defined in RFC 4530 and it is intended to be a unique identifier that will not change over the life of the entry (as opposed to the distinguished name, which can change as a result of a modify DN operation). Because of the greater stability of the entryUUID, it is used by the replication subsystem to track entries even if the DN does change.

equality index

An equality index is a type of indexwhich is used to identify efficiently which entries are exactly equal to a given assertion value. An equality index may only be maintained for attributes that have a corresponding equality matching rule. That matching rule will be used to normalize values to use as index keys, and the value for that key will be the ID list containing the entry IDs of the entries with values that are equal to that normalized value.

equality search filter

An equality search filter is a type of search filter that can be used to identify entries that contain a specific value for a given attribute. The server will use an equality matching rule to make the determination.

The string representation of an LDAP equality filter comprises an opening parenthesis followed by the attribute name, an equal sign, the attribute value, and the closing parenthesis. For example, an equality filter of (uid=john.doe) will match any entry in which the uid attribute contains a value of john.doe.

error log

The error log provides a mechanism for reporting errors, warnings, and other significant events that happen in the life of the server. Each message written to the error log will include a category (indicating the area of the server in which the message was generated) and severity (indicating the relative importance of the message), along with an integer value that uniquely identifies the associated message string.

export

See LDIF export.

extended operation

The LDAP extended operation provides a degree of extensibility to the LDAP protocol by allowing clients to request operations not defined in the core protocol specification. Examples of LDAP extended operations include:

Cancel extended operation

This operation may be used to cancel a previously-requested operation.

Password Modify extended operation

This operation may be used to change a user password.

StartTLS extended operation

This operation may be used to initiate a secure communication channel over an existing connection.

“Who Am I?” extended operation

This operation may be used to determine the authorization identity associated with the client connection.

The extended request protocol op is defined as follows:

ExtendedRequest ::= [APPLICATION 23] SEQUENCE { 
     requestName      [0] LDAPOID,
     requestValue     [1] OCTET STRING OPTIONAL }

The elements of the extended request include:

The response to an LDAP extended operation is defined as follows:

ExtendedResponse ::= [APPLICATION 24] SEQUENCE {
     COMPONENTS OF LDAPResult,
     responseName     [10] LDAPOID OPTIONAL,
     responseValue    [11] OCTET STRING OPTIONAL }

The extended response includes these elements:

extensible match index

An extensible match index is a type of index that is used to help accelerate search operations using an extensible match filter. Index keys are values that have been normalized using a specified matching rule, and the corresponding ID list contains the entry IDs for all entries that match the value according to that matching rule.

extensible match search filter

An extensible match search filter is a type of search filter that can be used to identify matching entries using a specified matching rule.

An extensible matching filter contains the following components:

The string representation of an LDAP extensible match filter comprises the following components in order:

EXTERNAL SASL mechanism

The EXTERNAL SASL mechanism provides a way for clients to authenticate to the Directory Server using information that is available outside of the communication performed at the LDAP protocol level. The most common use of EXTERNAL authentication (and at present, the only form that the directory server supports) is for the server to identify the client based on a certificate that the client presented during SSL or StartTLS negotiation. The Directory Server will use a certificate mapper to map the client's certificate to a user in the directory, and may optionally perform additional validation (for example, ensuring that the presented certificate actually exists in the user's entry).

Copyright © 2006, 2011, Oracle and/or its affiliates. All rights reserved. Legal Notices
Previous Next