Softerra LDAP Administrator HelpShow AllHide All

Glossary

This glossary defines a selection of professional terms widely used in this documentation, as well as in other LDAP technology related texts.

Active Directory (AD)

An implementation of LDAP directory services by Microsoft.

Active Directory Application Mode (ADAM)

ADAM is a LDAP directory service that runs as a user service, rather than as a system service.

application directory partition

An Active Directory specific term for a directory partition that is used for storing application-specific data. Application directory partitions can contain any type of objects, except security principals. Application directory partitions can be replicated only to specific domain controllers unlike directory partitions which are replicated to all DCs in the domain.

base DN

A distinguished name (DN) that identifies the starting point of a search.

For example, if you want to search for all entries located under the 'ou=People,o=company.com' subtree of your directory, so 'ou=People,o=company.com' will be the base DN.

directory information tree (DIT)

The hierarchical organization of entries that make up a directory.

directory partition

See naming context.

directory service

A network service that stores and organizes information about various network resources and makes them accessible to users and applications.

There are a number of directory services that are used widely. One of the most important is LDAP. All directory services are based on the X.500 ITU standard.

directory server

A network server running directory services.

distinguished name (DN)

Uniquely identifies an entry in the directory. A DN is made up of relative distinguished names (RDNs) of the entry and each of the entry's parent entries, up to the root of the directory tree. RDNs are usually separated by commas and optional spaces. For example: 'uid=JohnDoe, ou=People, dc=company, dc=com'.

Domain Name System (DNS)

A protocol/service used to store, keep and retrieve information on hosts and domain names on networks such as the Internet. The most important function of DNS is to translate user-friendly host names like ldapadministrator.com into addresses used by lower-level Internet transport protocols.

domain

A group of computers and devices on a network that share a directory database and are administered with common rules and procedures. Each domain has an unique name.

domain name

A name that identifies one or more network devices that share a directory database. Being part of the DNS naming structure, domain names consist of a sequence of name labels separated by periods.

domain controller (DC)

A network server which holds a directory database that manages user access to a network, which includes logging on, authentication, and access to the network resources.

DSA

An X.500 term for a directory server. DSA stands for 'Directory System Agent'.

DSE

An entry containing server-specific information. DSE stands for 'DSA-specific entry'. Each directory server has different attribute values for the DSE.

forest

A collection of one or more Windows domains that share a common schema, configuration, and global catalog and are replicated to each other.

IETF

Short for Internet Engineering Task Force, the main standards organization for the Internet. The IETF is a large open international community of network designers, operators, vendors, and researchers concerned with the evolution of the Internet architecture and the smooth operation of the Internet.

ITU

Short for International Telecommunication Union, an intergovernmental organization through which public and private organizations develop telecommunications. It is responsible for adopting international treaties, regulations and standards governing telecommunications.

Knowledge Consistency Checker (KCC)

A Microsoft Windows 2000 and Microsoft Windows Server 2003 directory service component that automatically generates and maintains the replication topology.

Lightweight Directory Access Protocol (LDAP)

The primary access protocol for Active Directory. Lightweight Directory Access Protocol version 3 is defined by a set of Proposed Standard documents in IETF (RFC 2251*).

LDAP attribute

A characteristic of an object and the type of information an object can hold. For each object class, the schema defines what attributes an instance of the class must have and what additional attributes it might have.

LDAP control

A part of the LDAP v3 protocol. The control that provides means to specify additional information for an operation. Clients and servers can send controls as part of the requests and responses for an operation.

LDAP filter

A logical expression specifying attributes the requested LDAP entries must have.

LDAP schema

Defines a set of rules, which specify types of objects a directory may contain and the required and optional attributes entries of different types should have. A LDAP schema may also specify the namespace structure and the relationship between different types of objects.

LDAP URL

String specifying the location of an LDAP resource. An LDAP URL consists of server host and port, search scope, base DN, filter, attributes and extensions.

naming context

A subtree of entries held in a single master DSA.

A directory server can have multiple naming contexts, each identifying a locally held directory hierarchy, for example, 'ou=People,o=company.com', 'ou=Offices,o=company.com'.

object class

A formal definition of a specific kind of objects that can be stored in the directory. An object class is a distinct, named set of attributes that represents something specific, such as a user, a computer, or an application.

object identifier (OID)

An object identifier is a numeric value that unambiguously identifies an object class, attribute, or syntax in a directory service. An OID is represented as a dotted decimal string (for example, "1.2.3.4"). Companies (and individuals) can obtain a root OID from an issuing authority and use it to allocate additional OIDs.

operational attribute

An attribute implemented internally by a particular directory implementation. Operational attributes do not appear in the schema and must be requested explicitly. Operational attributes occurred originally in the X.500 specifications for a directory service and have been carried over into the LDAP version 3 specifications (RFC 4510*).

replica

A part of a directory database that participates in replication.

replication

The process of creating and managing duplicates of a directory database.

relative distinguished name (RDN)

An RDN identifies an entry among the children of its parent entry. For example, 'uid=JohnDoe'.

A multi-valued RDN is made up of more than one attribute-value pair. In multi-valued RDNs, the attribute-value pairs are separated by plus signs (+). For example, "uid=JohnDoe + mail=jdoe@company.com".

referral

With the help of referrals an LDAP server can be configured to redirect its clients to other servers when the clients request DNs with a suffix that is not in the server’s directory tree. Referrals contain LDAP URL that specify the host, port, and base DN of another LDAP server.

RootDSE

Each directory server has a unique entry called RootDSE. It provides data about the server, such as its capabilities, the supported LDAP version, and the naming contexts used.

X.500

An ITU standard that defines how global directories should be structured. X.500 directories are hierarchical with different levels for each category of information, such as country, state, and city.

See Also