Glossary

Control to grant or to deny access to a resource.

An instruction or rule that can be used to grant or deny access to users to perform operations on a server.

A list connecting a user or group of users to one or more security entitlements.

A server log tracing the operations the server processes including timestamps, connection information, and information about the operation itself.

The act of making an account temporarily or permanently inactive after successive authentication failures.

A user with valid credentials and the ability to authenticate and use the services.

Matches values that sound like those provided in the filter.

An attribute description and a matching rule assertion value for the attribute used to determine whether an entry matches the assertion.

A server access log with changes in LDIF format.

The act of confirming the identity of a principal.

The act of determining whether to grant or deny a user access to a resource.

A repository to store directory data. Different implementations with different capabilities exist.

The distinguished name of a non-leaf entry in the Directory Information Tree and its subordinates.

An entity that issues digital certificates.

An opaque string uniquely identifying a single change to directory data and when it occurred.

A standard mechanism for defining attributes on all the entries in a particular subtree.

Memory space set aside for database content.

A set of directory entries organized hierarchically in a tree structure.

A single directory server.

An account with full administration privileges to bypass access control evaluation, change access controls, and change administrative privileges. Analogous to the Linux root and Windows Administrator accounts.

A name uniquely identifying an object within the hierarchy of a directory tree.

An entry holding information for use by the directory, not returned in searches by default.

A group specifying members with LDAP URLs.

Time to process a request, starting from the moment a worker thread can process the decoded operation.

An object in the directory having one of more object classes and their attributes.

Memory space set aside for frequently accessed, large entries.

Matches values that correspond exactly, optionally for case sensitivity, to those provided in the filter.

A server log tracing server events, error conditions, and warnings, categorized and identified by severity.

Save directory data to an LDIF file.

Matches with a matching rule like generalized time other than approximate, equality, ordering, presence, substring or VLV.

An initial state identifier for a replication base DN based on the first 1000 entries.

A standalone HDAP web application.

The DS feature providing REST APIs and HTTP access to directory data.

Read in and index directory data from an LDIF file.

A user who can’t authenticate or use the services.

A backend feature for quick entry lookup based on attribute values.

The maximum number of entries listed for an index key, beyond which the server stops maintaining the list for that key.

Stop processing a request in progress and drop the connection without a reply to the client application.

Adds a new entry or entries to the directory.

Simple authentication with an empty DN and an empty password, allowing anonymous access like reading public information.

A property of a directory entry, stored as one or more key-value pairs.

Authenticates the client application. The server uses the identity to make authorization decisions.

Compares a specified attribute value with the value stored on an entry in the directory.

An addition to an LDAP message to specify how to process the operation.

An IETF standard file format for representing LDAP directory content and modifications to directory content. Typically used to import and export LDAP-based directory information.

Removes an existing entry or entries from the directory.

An LDAP operation not included in the original standards.

An entry identifying a set of member entries in the directory.

Changes the distinguished name of an entry.

Changes one or more attributes of an entry.

An attribute with a special, operational meaning for the server, not returned in searches by default.

Definitions of object classes, attributes types, attribute value syntaxes, matching rules, and other constrains on entries.

An expression the server uses to find entries matching a search request.

Return entries based on an LDAP filter, a base DN, and a scope.

An entry enumerating member entries.

An entry residing with user data but holding operational data, not returned in searches by default.

Release resources at the end of a session.

A standard uniform resource locator for accessing entries in a directory.

An attribute for storing user or application data on a directory entry.

An attribute with dynamically generated values not persistently stored in the backend.

An entry representing dynamic groups as static groups.

LDAP over TLS.

An open, cross-platform protocol used for interacting with directory services.

A rule for matching operations against assertion values, associated with attribute syntaxes.

A base DN under which client applications can look for user data.

A hierarchical string of digits and dots to uniquely identify an object.

Matches values for a filter that specifies a range.

A set of rules for sequence of characters constituting an acceptable password.

Password change performed by a user other than the user who owns the entry.

A mechanism for encoding user passwords stored on directory entries.

A mechanism to accept or reject a proposed password.

Matches when an attribute’s present on the entry, regardless of the value.

Represents a successfully authenticated entity, such as a user, a device, or an application.

A server setting controlling access to an administrative operation.

The act of ensuring group membership remains consistent following changes to member entries.

A server log tracing referential integrity events, with entries similar to the errors log.

A reference to another directory location where the server can process the current operation.

The initial portion of a DN distinguishing the entry from all others at the same level.

A directory server configured to use replication.

Data synchronization to ensure all participating servers eventually share a consistent set of directory data.

The entry with an empty string DN ("") exposing information about the directory server itself.

Bind with a user’s entry DN and password.

Matches values specified with wildcards in the filter.

The DN of a root entry in the DIT and all its subordinate entries taken together as a single object of administrative tasks.

A mechanism for remote access to server administrative actions.

A search operation for which the server has no appropriate index.

Matches browsing requests for paging through a long list of results.

A family of standardized protocols for accessing, browsing, and maintaining a directory, predating LDAP.