Skip Navigation Links | |
Exit Print View | |
Oracle Fusion Middleware Glossary for Oracle Unified Directory 11g Release 1 (11.1.1) |
access control instruction (ACI)
authentication password syntax
authorization identity control
Common Development and Distribution License
deprecated password storage scheme
Directory Services Markup Language
entry change notification control
extensible match search filter
less than or equal to search filter
Lightweight Directory Access Protocol
notice of disconnection unsolicited notification
Password Modify extended operation
Simple Authentication and Security Layer
virtual attributes only control
Generalized time is a form at may be used to represent time stamps, along with time zone information. A generalized time value contains the following components:
Four digits to signify the year.
Two digits to signify the month (01 for January, 02 for February, ..., 12 for December).
Two digits to signify the day of the month (01 through 28/29/30/31 depending on the month and whether it's a leap year).
Two digits to signify the hour of the day (00 for midnight through 23 for 11 pm).
An optional two digits that specify the minute of the hour (between 00 and 59).
An optional two digits that specify the second of the minute (between 00 and 59, or 60 for leap seconds). This may only be included if the time stamp value also contains the minute of the hour.
An optional period followed by one or more digits that specify the fraction of a second. This may only be included if the time stamp value contains minute and second information.
A time zone indicator. This may be either the capital letter Z to indicate that the value is in the UTC time zone, or a plus or minus sign followed by two or four digits that specify the offset from UTC time zone.
An example of a time stamp in a generalized time format is 20070508200557Z, which specifies a time (in the UTC time zone) of 8:05:57 PM on May 28, 2007. An equivalent value in the United States central daylight savings time (a five hour offset from UTC) would be 20070508150557-0500.
The get effective rights control is a type of control that can be used to determine the rights that a given user has when interacting with a given entry. The control has an OID of 1.3.6.1.4.1.42.2.27.9.5.2 and uses the following definition:
GetRightsControl ::= SEQUENCE { authzId authzId attributes SEQUENCE OF AttributeType } -- Only the "dn:DN form is supported.
For an example of using this control in a search request, see To Search Using the Get Effective Rights Control in Oracle Fusion Middleware Administration Guide for Oracle Unified Directory.
In the Oracle Unified Directory proxy, the global index maps the data entries to the distribution partition where the data is stored. Global indexes map a specific attribute (such as telephonenumber). For example, the global index could map telephonenumber=5551212 to distribution partition 1, while telephonenumber=4441212 to partition 2.
A global index catalog contains one or more global indexes. A global index catalog can be used with a Oracle Unified Directory proxy distribution deployment, in order to diminish the need for broadcasts, since the values of some attributes are mapped to the partition in which the entry is held.
An greater or equal search filter is a type of search filter that can be used to identify entries that contain a specific value for a given attribute that is greater than or equal to the provided assertion value. The server will use an ordering matching rule to make the determination.
The string representation of an LDAP greater or equal search filter comprises an opening parenthesis followed by the attribute name, a greater than sign, an equal sign, the assertion value, and the closing parenthesis. For example, a greater or equal filter of (createTimestamp>=20070101000000Z) will match any entry that has a createTimestamp value that is greater than or equal to 20070101000000Z.
A group is a special type of entry in the Directory Server that is used to represent a set of users in the server. Groups may be used within the server in a number of different ways, like access control and virtual attributes, and they may also be used by clients for various purposes.
There are several different types of groups defined in the server, including:
Static groups provide an explicit list of members
Dynamic groups obtain their membership information from a set of search criteria
Virtual static groups appear to be static groups but obtain their membership information from another type of group, like a dynamic group
The GSSAPI SASL mechanism provides a way for clients to authenticating to the Directory Server using a Kerberos V5 session. Kerberos is a protocol that is commonly used for single sign-on purposes, and provides the option of using integrity and/or confidentiality to protect the communication between the client and the server (although the directory server does not at present support GSSAPI for protecting network content but only for authenticating clients).
The GSSAPI SASL mechanism is described in RFC 4752.