Go to main content

Working With Oracle® Solaris 11.3 Directory and Naming Services: LDAP

Exit Print View

Updated: September 2018


application-level naming service

Application-level naming services are incorporated in applications offering services such as files, mail, and printing. Application-level naming services are bound below enterprise-level naming services. The enterprise-level naming services provide contexts in which contexts of application-level naming services can be bound.


Each LDAP entry consists of a number of named attributes, each of which has one or more values.

Also, the N2L service mapping and configuration files each consist of a number of named attributes. Each attribute has one or more values.


The means by which a server can verify a client’s identity.


The DN where part of the DIT is rooted. When this is the baseDN for an NIS domains entries it is also referred to as a context.


(1) The client is a principal (system or user) requesting a naming service from a naming server.

(2) In the client-server model for file systems, the client is a system that remotely accesses resources of a compute server, such as compute power and large memory capacity.

(3) In the client-server model, the client is an application that accesses services from a "server process". In this model, the client and the server can run on the same system or on separate systems.

client-server model

A common way to describe network services and the model user processes (programs) of those services. Examples include the name-server/name-resolver paradigm of the Domain Name System (DNS). See also client.


For the N2L service, a context is something under which a NIS domain is generally mapped. See also baseDN.


The authentication information that the client software sends along with each request to a naming server. This information verifies the identity of a user or system.

custom map

Any map that is not a standard map and therefore requires manual modifications to the mapping file when transitioning from NIS to LDAP.


An LDAP directory is a container for LDAP objects. In UNIX, a container for files and subdirectories.

directory cache

A local file used to store data associated with directory objects.

directory information tree (DIT)

The DIT is the distributed directory structure for a given network. By default, clients access the information assuming that the DIT has a given structure. For each domain supported by the LDAP server, there is an assumed subtree with an assumed structure.

distinguished name (DN)

A distinguished name is an entry in an X.500 directory information base (DIB) composed of selected attributes from each entry in the tree along a path leading from the root down to the named entry.


See directory information tree.


A distinguished name in LDAP. A tree-like structured addressing scheme of the LDAP directory which gives a unique name to each LDAP entry.


See Domain Name System.


(1) In the Internet, a part of a naming hierarchy usually corresponding to a Local Area Network (LAN) or Wide Area Network (WAN) or a portion of such a network. Syntactically, an Internet domain name consists of a sequence of names (labels) separated by periods (dots). For example, sales.example.com.

(2) In International Organization for Standardization’s open systems interconnection (OSI), "domain" is generally used as an administrative partition of a complex distributed system, as in MHS private management domain (PRMD), and directory management domain (DMD).

domain name

The name assigned to a group of systems on a local network that share DNS administrative files. The domain name is required for the network information service database to work properly. See also domain.

Domain Name System (DNS)

A service that provides the naming policy and mechanisms for mapping domain and system names to addresses outside of the enterprise, such as those on the Internet. DNS is the network information service used by the Internet.


The means by which the privacy of data is protected.

encryption key

See data encrypting key.


A single row of data in a database table, such as an LDAP element in a DIT.

IP address

A unique number that identifies each host in a network.

IP addresses that are used in this guide conform to RFC 5737, IPv4 Address Blocks Reserved for Documentation and RFC 3849, IPv6 Address Prefix Reserved for Documentation.

  • IPv4 addresses used in this documentation are blocks,, and

    To show a subnet, the block is divided into multiple subnets by borrowing enough bits from the host to create the required subnet. For example, host address might have subnets and

  • IPv6 addresses have prefix 2001:DB8::/32.


Lightweight Directory Access Protocol is a standard, extensible directory access protocol used by LDAP naming service clients and servers to communicate with each other.

LDAP client

An LDAP client is a system that reads and writes to any LDAP server. An LDAP naming service client handles a customized subset of naming information.


The process of converting NIS entries to or from DIT entries. This process is controlled by a mapping file.

mapping file

The NISLDAPmapping file that establishes how to map entries between NIS and LDAP files.

name resolution

The process of translating workstation or user names to addresses.

name server

Servers that run one or more network naming services.

name service switch

The svc:/system/name-service/switch service which defines the sources from which an naming client can obtain its network information.

naming service

A network service that handles system, user, domain, router, and other network names and addresses.


(1) A namespace stores information that users, workstations, and applications must have to communicate across the network.

(2) The set of all names in a naming system.


A distributed network information service containing key information about the systems and the users on the network. The NIS database is stored on the master server and all the replica or slave servers.

NIS maps

A file used by NIS that holds information of a particular type, for example, the password entries of all users on a network or the names of all systems on a network. Programs that are part of the NIS service query these maps. See also NIS.

nonstandard maps

Standard NIS maps that are customized to use mappings between NIS and the LDAP DIT other than the mappings identified in RFC 2307 or its successor.

N2L configuration files

The ypserv daemon uses the N2L configuration files, /var/yp/NISLDAPmapping and /var/yp/ypserv, to start the master server in N2L mode. For more information, see the NISLDAPmapping(4) and ypserv(4) man pages.

N2L server

An NIS master server that is reconfigured as an N2L server by using the N2L service. Reconfiguration includes replacing NIS daemons and adding new configuration files.

preferred server list

A client_info table or a client_info file. Preferred server lists specify the preferred servers for a client or domain.

private key

The private component of a pair of mathematically generated numbers, which, when combined with a private key, generates the DES key. The DES key in turn is used to encode and decode information. The private key of the sender is only available to the owner of the key. Every user or system has its own public and private key pair.

public key

The public component of a pair of mathematically generated numbers, which, when combined with a private key, generates the DES key. The DES key in turn is used to encode and decode information. The public key is available to all users and systems. Every user or system has their own public and private key pair.


Relative Distinguished Name. One part of a DN.


See entry.

RFC 2307

RFC specifying a mapping of information from the standard NIS maps to DIT entries. By default, the N2L service implements the mapping specified in an updated version RFC 2307bis.


The simple authentication and security layer. A framework for negotiating authentication and security layer semantics in application-layer protocols.


A set of rules defining what types of data can be stored in any given LDAP DIT.


A description of where to look for a given attribute in the DIT. The searchTriple is composed of a base dn, scope, and filter. This is part of the LDAP URL format as defined in RFC 2255.

Secure RPC password

Password required by the secure RPC protocol. This password is used to encrypt the private key. This password should always be identical to the user’s login password.


(1) In NIS, DNS, and LDAP a host system providing naming services to a network.

(2) In the client-server model for file systems, the server is a system with computing resources (and is sometimes called the compute server), and large memory capacity. Client systems can remotely access and make use of these resources. In the client-server model for window systems, the server is a process that provides windowing services to an application, or "client process". In this model, the client and the server can run on the same system or on separate systems.

(3) A daemon that actually handles the providing of files.

server list

See preferred server list.

slave server

A server system that maintains a copy of the NIS database. It has a disk and a complete copy of the operating environment.


NIS source files.


SSL is the Secure Sockets Layer protocol. It is a generic transport-layer security mechanism designed to make application protocols such as LDAP secure.

standard maps

NIS maps that are supported by the N2L service without requiring manual modification to the mapping file. For information about the supported standard maps, see Supported Standard Mappings.


A working scheme that divides a single logical network into smaller physical networks to simplify routing.


In LDAP, the distinguished name (DN) of the DIT.


Yellow Pages. The old name for NIS which is still used within the NIS code.