| Word |
Description |
| base DN |
A distinguished name (DN) that identifies the starting point of a search.
For example, if you want to search all of the entries that under the 'ou=People,o=company.com' subtree of your directory, 'ou=People,o=company.com' - is the base DN. |
| LDAP URL |
LDAP URL is a string that specifies the location of an LDAP resource. An LDAP URL consists of server host and port, search scope, baseDN, filter, attributes and extensions. |
| object identifier (OID) |
An object identifier is a numeric value that unambiguously identifies an object class, attribute, or syntax in a directory service. An OID is represented as a dotted decimal string (for example, "1.2.3.4"). Companies (and individuals) can obtain a root OID from an issuing authority and use it to allocate additional OIDs. |
| Referral |
Refers an LDAP client to another LDAP server. An LDAP server can be configured to send your client a referral if your client requests a DN with a suffix that is not in the server’s directory tree. Referrals contain LDAP URL that specify the host, port, and base DN of another LDAP server. |
| Active Directory AD |
Active Directory (AD) is an implementation of LDAP directory services by Microsoft for use primarily in Windows environments. Its main purpose is to provide central authentication and authorization services for Windows based computers. Active Directory also allows administrators to assign policies, deploy software, and apply critical updates to an organization. Active Directory stores information and settings in a central database. Active Directory networks can vary from a small installation with a few hundred objects, to a large installation with millions of objects.
Active Directory was previewed in 1996, released first with Windows 2000 Server edition, and revised to extend functionality and improve administration in Windows Server 2003.
Active Directory was called NTDS (NT Directory Service) in older Microsoft documents. This name can still be seen in some AD binaries. |
| Anonymous |
A session is described as anonymous if no user DN or secret is supplied when initiating the session (sending the bind). |
| ASN.1 |
The ITU-T's Abstract Syntax Notation-1 (X.691). A language for describing data representation. ASN.1 is encoded for use in a protocol using BER (Basic Encoding Rules) or PER (Packed Encoding Rules). In the case of LDAP only the simpler BER is used rather than the stupifyingly complicated PER. ASN.1 is further described. |
| Attribute |
A single piece of information associated with an electronic identity database record (object, entry). Some attributes are general; others are personal. Some subset of all attributes defines a unique individual. Examples of an attribute are name, phone number and title. |
| Audit |
Audit An independent review and examination of a system's records and activities to determine the adequacy of system controls, ensure compliance with established security policy and procedures, detect breaches in security services, and recommend any changes that are indicated for countermeasures. |
| Authentication |
Authentication is the process of determining whether someone or
something is, in fact, who or what it is declared to be. |
| Authentication API |
The authentication API can be used to customized the authentation process. |
| Authorization |
Authorization is the process of giving someone permission to do or have something. |
| BER |
Basic Encoding Rules an ITU-T binary format (defined in X.690) for formating ASN.1 fields for transmission within a protocol. In a number of cases, notably search filters, LDAP uses strings rather than binary (BER) encodings. |
| bind |
When connection is made to an LDAP server the first operation of the sequence is called a bind. The bind operation sends the dn of the entry that will be used for authentication and the password to be used. In the case of an anonymous bind both values will be NULL. |
| Bookmarks |
You can store shortcuts to favorite objects in the directory with the function bookmarks. You can easily go to the object by choosing the bookmark's name from the Bookmarks menu. You can also define different actions when you use a bookmark. |
| CAPTCHA |
A CAPTCHA is a type of challenge-response test used in computing to determine whether the user is human. "CAPTCHA" is a contrived acronym for "Completely Automated Public Turing test to tell Computers and Humans Apart", trademarked by Carnegie Mellon University. The process involves one computer (a server) asking a user to complete a simple test which the computer is able to generate and grade, but not able to solve on its own. Because computers are unable to solve the CAPTCHA, any user entering a correct solution is presumed to be human. |
| Certificate Authority (CA) |
Certificate Authority (CA) A certificate authority (CA) is an authority in a network that issues and manages security credentials and public keys for message encryption. |
| Certificate Policy (CP) |
A named set of rules that indicates the applicability of a certificate to a particular community and/or class of application with common security requirements. |
| Client |
Client a.k.a LDAP Client describes a piece of software that provides access to an LDAP sever. Most standard web browsers (MSIE and Gecko) provide limited LDAP client capabilities using LDAP URLs. LDAP browsers and web interfaces are both very common examples of LDAP clients. List of Open Source Clients. |
| Custom Control API |
The custom control API consists of a JAVA interface class that can be implemented to snap in customer specific logic and look and feel into a tab |
| Disable OTP Attribute |
If this parameter is set, the OTP Server will read the value of this attribute from the users object and see if it matches the Disable OTP Value
If the value matches, ONLY authentication will be performed and no OTP will be required from the user!
Leave this blank to always require OTP during authentication. |
| Disable OTP Value |
If this parameter is set, the OTP Server will read the value of this attribute from the users object and see if it matches the Disable OTP Attribute
If the value matches, ONLY authentication will be performed and no OTP will be required from the user!
Leave this blank to always require OTP during authentication. |
| Distinguished name |
Distinguished name is a unique name for an object in the Directory Service |
| DIT |
The hierarchical organization of entries that make up a directory. |
| DSA |
Directory System Agent. X.500 term for any DAP or LDAP enabled directory service e.g. an LDAP server. |
| DSE |
DSA Specific Entry. An entry in a local directory server. |
| DSEditor.properties |
When the NordicEdge® Identity Manager is installed, the locally stored file named DSEditor.properties will automatically be created locally under . This file contains default policies that enable the Standalone Client to use any directory service. |
| Enhanced standalone configuration |
The standalone client has now a more flexible way of storing the configurations for different LDAP directory server profiles.
|
| Entry (Object) |
The name given to a stored object in a LDAP enabled directory. Each entry has one parent entry (object) and zero or more child entries (objects). The data content of an entry consist of one or more attributes one (or more) of which is (are) used as the naming attribute (more correctly the RDN) to uniquely identify this object in the DIT. |
| EQUALITY |
EQUALITY defines the comparison rule of an attribute when used in a search filter which contains NO wildcards both contents and length must be exactly the same. When wildcards are used this is called a substring and the SUBSTR rule is used. Attribute definition. |
| Event API |
This allows customers to interact with all events (create, delete, modify, rename, edit). The API can run before or after the event occurred |
| External EAM products (authentication API): |
This enables customers to integrate the html framework with existing external EAM (Extranet Access Management) products to enable single sign on and access control. |
| Filter |
LDAP filter is a logical expression specifying the attributes that the LDAP entries being requested should have. |
| Filter API |
The filter API consists of a standard JAVA class method that can take data to be used in the filter and/or return formatted data to be stored in the attribute. |
| GroupWise |
GroupWise is a cross-platform collaborative software product from Novell, Inc. offering e-mail, calendaring, instant messaging and document management. |
| Identity Manager Standalone Client |
The NordicEdge standalone client needs to be installed on the workstation. Apart from doing
administration of the objects in the different data sources, the standalone client is
also used to set up security polices, forms and themes. So, the standalone client
is used to do some of the Identity Manager system administration. |
| Identity Manager Web Based Client |
The web based client is a JAVA servlet that runs on a servlet engine or an
application server, like Jakarta Tomcat, BEA WebLogic, etc.
All the database connectivity is done from the engine where the JAVA servlet is
installed.
A proxy user can be used when connecting to the directory service. Identity
Manager will authenticate the user and read the users security polices, but when
operations like read/write are performed, the proxy user account will be used.
When using a proxy account the directory ACL rights assigned to the proxy
account will be used to read and write data. This will remove the need to set ACL
rights to all administrators, IM will act as security layer and control what rights the
administrator has. The use of proxy account can be turned off, and then the ACL
of the administrator will be used instead.
The administrators and users connect to the Identity Manager using a web
browser. |
| Inactive Attribute |
The LDAP attribute that will be read during authentication to check if the user account is locked. It will, if “Login Retries” above is set, also be used to lock the account if maximum number of failed logins occurred. |
| Inactive Value |
The value of Inactive Attribute when the Account is locked, for example TRUE. If the Inactive Attribute has this value, the user account is considered to be locked. This value will also be set if max Login Retries has been reached. |
| Java |
Java is a programming language originally developed by Sun Microsystems and released in 1995 as a core component of Sun's Java platform. The language derives much of its syntax from C and C++ but has a simpler object model and fewer low-level facilities. Java applications are typically compiled to bytecode which can run on any Java virtual machine (JVM) regardless of computer architecture.
|
| JDBC |
Java Database Connectivity (JDBC) is an application program interface
(API) specification for connecting programs written in Java to the data in
popular databases. |
| LDAP |
(Lightweight Directory Access Protocol) is a software protocol for enabling anyone to locate organizations, individuals, and other resources such as files and devices in a network, whether on the public Internet or on a corporate intranet. LDAP is a "lightweight" version of Directory Access Protocol (DAP). |
| ldap directory |
An LDAP directory is one that supports the Lightweight Directory Access Protocol (LDAP). LDAP is a widely adopted IETF standard directory access protocol well suited to the authentication and authorization needs of modern application architectures. |
| ldapHost |
The DNS or Ipaddress to the LDAP Server
Example: ldap.nordicedge.se |
| ldapPort |
The LDAP server portnumber
Example: 389 |
| Lotus Domino |
Lotus Domino is an IBM server product that provides enterprise-grade e-mail, collaboration capabilities, and custom application platform. Domino began life as Lotus Notes Server, the server component of Lotus Development Corporation's client-server messaging technology. It can be used as an application server for Lotus Notes applications and/or as a web server. It also has a built-in database system in the format of NSF. From release 7, Domino server can use DB2 system as its backend database. |
| Microsoft Active Directory |
Active Directory (AD) is an implementation of LDAP directory services by Microsoft for use primarily in Windows environments. Its main purpose is to provide central authentication and authorization services for Windows based computers. Active Directory also allows administrators to assign policies, deploy software, and apply critical updates to an organization. Active Directory stores information and settings in a central database. Active Directory networks can vary from a small installation with a few hundred objects, to a large installation with millions of objects. Active Directory was previewed in 1996, released first with Windows 2000 Server edition, and revised to extend functionality and improve administration in Windows Server 2003. Active Directory was called NTDS (NT Directory Service) in older Microsoft documents. This name can still be seen in some AD binaries. |
| Microsoft ADAM |
Active Directory Application Mode (ADAM) is a light-weight implementation of Active Directory. ADAM is capable of running as a service, on computers running Microsoft Windows Server 2003 or Windows XP Professional. ADAM shares the code base with Active Directory and provides the same functionality as Active Directory, including an identical API, but does not require the creation of domains or domain controllers. Like Active Directory, ADAM provides a Data Store, which is a hierarchical datastore for storage of directory data, a Directory Service with an LDAP Directory Service Interface. Unlike Active Directory, however, multiple ADAM instances can be run on the same server, with each instance having its own unique data store, service name, and description. The data store in ADAM is divided into logical partitions: * Configuration Partition - This partition holds configuration information about the particular ADAM instance. * Schema Partition - This partition holds the definitions for the type of data that can be held by the data store. This is helpful in maintaining data consistency. * Application Partition - This partition hold data that is stored and required by applications making use of ADAM directory service. |
| Microsoft SQL (MSQL) |
Microsoft SQL Server is a relational database management system (RDBMS) produced by Microsoft. Its primary query language is Transact-SQL, an implementation of the ANSI/ISO standard Structured Query Language (SQL) used by both Microsoft and Sybase. |
| Microsoft SQL Server |
Microsoft SQL Server is a relational database management system (RDBMS) produced by Microsoft. Its primary query language is Transact-SQL, an implementation of the ANSI/ISO standard Structured Query Language (SQL) used by both Microsoft and Sybase. |
| MobileKey attribute |
The attribute that stores the user’s mobile key. |
| Naming attribute |
One attribute, the naming attribute (a.k.a RDN) is used to uniquely identify each entry in the DIT. |
| Naming context |
a.k.a namingContext or DIT defines a unique name space starting from (and including) the root DN. |
| Native Client |
NordicEdge Client that uses the One Time Password APIs to
communicate with the OTP Server. |
| NordicEdge |
NordicEdge® develops powerful Applications that enable Organizations to protect, manage and distribute business critical information. By offering our Customers our products, we contribute to an improved result and decreased costs that in turn leads to an increased competitiveness. |
| NordicEdge On-Demand security for Salesforce.com |
NordicEdge On-Demand is a one-time password solution that provides added security when logging on to salesforce.com. Use the NordicEdge On-Demand Security solution to add an extra layer of security to your Salesforce accounts by adding one time password tokens sent via user’s mobile phones. |
| NordicEdge OTP Mobile ™ |
This is a mobile application for mobile phones that supports Java J2ME.
The feature is a complement to the OTP delivery via SMS. The OTP
Mobile application is evolved from customers that have expressed the
need for a way to ensure strong authentication without relying only on
mobile coverage.
This product is an add-on to the standard OTP Server. |
| NordicEdge OTP On-Demand ™ |
This is a hosted service that enables our customers to use strong
authentication without the need to install the product in their own
environment. The NordicEdge OTP On-Demand ™ is accessed via Web
Services. |
| NordicEdge SMS Gateway |
NordicEdge hosted SMS gateway. The NordicEdge SMS Gateway support automatic fail-over for service and SMS operator delivery, usage statistics, SMS status control and easy setup. |
| Novell eDirectory |
Novell eDirectory (formerly called Novell Directory Services, NDS) is an X.500 compatible directory service software product released in 1993 by Novell, Inc. for centrally managing access to resources on multiple servers and computers within a given network. |
| Object (Entry) |
The name given to a stored object in a LDAP enabled directory. Each entry has one parent entry (object) and zero or more child entries (objects). The data content of an entry consist of one or more attributes one (or more) of which is (are) used as the naming attribute (more correctly the RDN) to uniquely identify this object in the DIT. |
| objectClass |
An object class is a formal definition of a specific kind of objects that can be stored in the directory. An object class is a distinct, named set of attributes that represents something concrete, such as a user, a computer, or an application. |
| ODBC |
Open Database Connectivity (ODBC) is an open standard application
programming interface (API) for accessing a database. |
| Operational attribute |
An operation attribute is an attribute implemented internally by a particular directory implementation. Operational attributes do not appear in the schema and must be requested explicitly. Operational Attributes occurred originally in the X.500 specifications for a directory service and have been carried over into the LDAP version 3 specifications (RFC 2251 http://www.ietf.org/rfc/rfc2251.txt). |
| Organizational Unit |
OrganizationalUnit (ou) defines an arbitrary organisational unit and can be used at multiple levels in the hierarchy. Its value will typically be relevant in the context in which it is used. Thus in the context of defining an ITU format root name (ou,c format) it will likely be the name of the company or organisation (or even organization), in the context of a lower level in the hierarchy it may be 'people' or or 'manufacturing' or 'usa' or 'usa-manufacturing' or anything else that makes sense and requires the attributes defined by the object. |
| OTP Attribute |
The attribute that stores the users mobile phone number or mail address, for example mobile or mail. |
| OTP Client |
NordicEdge Client that uses the One Time Password APIs to
communicate with the OTP Server. |
| OTP Server |
NordicEdge One Time Password Server ™ |
| Outlook Web Access |
Outlook Web Access (OWA) is a webmail service of Microsoft Exchange Server 5.0 and later, originally called Exchange Web Connect (EWC). The web interface of Outlook Web Access resembles the interface in Microsoft Outlook. Outlook Web Access comes as a part of Microsoft Exchange Server 2007 and previous versions of Exchange. |
| Pin Code |
Pin Code will add another layer of security. With Pin Code enabled, the user must enter both their known pin code and the onetime password combined during login. For example, if the pin code is 1234 and the onetime password is 334455, the user must enter: 1234334455 to login successfully.
The pin code is a selected attribute in the LDAP directory or an SQL query for SQL based databases. |
| Policy API |
The policy API allows “on-the-fly” editing of NordicEdge Identity Manager policies. |
| Policy Manager |
The NordicEdge Policy Manager is a control to configure policies. It is used and started in different way depending on local mode or directory mode. |
| Proxy Server |
A proxy server is a server (a computer system or an application program) which services the requests of its clients by forwarding requests to other servers. A client connects to the proxy server, requesting some service, such as a file, connection, web page, or other resource, available from a different server. The proxy server provides the resource by connecting to the specified server and requesting the service on behalf of the client. A proxy server may optionally alter the client's request or the server's response, and sometimes it may serve the request without contacting the specified server. In this case, it would 'cache' the first request to the remote server, so it could save the information for later, and make everything as fast as possible.
A proxy server that passes all requests and replies unmodified is usually called a gateway or sometimes tunneling proxy.
A proxy server can be placed in the user's local computer or at specific key points between the user and the destination servers or the Internet. |
| Public Key Cryptography |
A cryptographic technique that uses two keys: the first key is always kept secret by an entity, and the second key, which is uniquely linked to the first one, is made public. Messages created with the first key can be uniquely verified with the second key. |
| Public Key Infrastructure (PKI) |
The set of standards and services that facilitate the use of public-key cryptography in a networked environment. |
| Raw Editor |
Instead of using the TAB Concept, Raw Edit shows the information straight from the Directory information Tree (DIT). It will displays all available attribute information about an object the administrator has right to see. It will allow skilled administrators to manage information in LDAP based directory services that support LDAP version 3. |
| RDN Relative Distinguished Name |
An RDN identifies an entry among the children of its parent entry. For example, 'cn=JSmith'.
A multivalued RDN is made up of more than one attribute-value pair. In multivalued RDNs, the attribute-value pairs are separated by plus signs (+). For example, "cn=JSmith + mail=jsmith@company.com". |
| Root DSE |
Conceptually the topmost entry in a LDAP hierarchy - think of it as a super root and normally invisible i.e. not accessed in normal operations. Sometimes confused with root or base or suffix. DSE stands for DSA Specific Entry and DSA in turn stands for Directory System Agent (any directory enabled service providing DAP or LDAP access). Information about the rootDSE may be obtained in OpenLDAP by querying the OpenLDAProoDSE classobject and will provide information about protocol versions supported, services supported and the naming-context(s) or DIT(s) supported. |
| Schema |
An LDAP schema defines a set or rules that specifies the types of objects that a directory may contain and the required and optional attributes that entries of different types should have. It may also specify the structure of the namespace and the relationship between different types of objects. |
| Scope |
Used in two senses:
1. search scope: may be base in which case only the supplied DN is used, one in which case the search descends one level from the supplied DN or sub in which case descends the hierarchy from the DN to the lowest level in the tree (DIT).
2. name scope:
|
| Search |
An LDAP search is carried out by defining a base DN, a scope and a search filter. |
| Search filter API |
The search filter API allows customers to modify the search result before it is presented to the user. |
| Search Scope |
BASE, search on only the Search Base DN object itself
ONE, search from the Search Base DN object and one level below
SUB, search from the Search Base DN and all levels below. |
| slapd |
slapd is one of two daemons that run the OpenLDAP service (the other being slurpd). slapd provides the local LDAP service and is configured using the slapd.conf file. |
| slurp |
slurp is one of two daemons that run the OpenLDAP service (the other being slapd). slurpd provides the LDAP replication service if required and is configured using the slurpd.conf file. |
| SMS On-Demand |
This is a hosted service that enables our customers to use SMS distribution without the need to install the product in their own environment. The NordicEdge SMS On-Demand is accessed via Web Services. |
| SMTP |
Simple Mail Transfer Protocol (SMTP) is the de facto standard for e-mail transmissions across the Internet. Formally SMTP is defined in RFC 821 (STD 10) as amended by RFC 1123 (STD 3) chapter 5. The protocol used today is also known as ESMTP and defined in RFC 2821. |
| Softricity |
Microsoft Application Virtualization (formerly Microsoft SoftGrid)[1] is an application virtualization and application streaming solution from Microsoft. It was acquired by Microsoft during the acquisition of Boston, Massachusetts-based Softricity on July 17, 2006.[2] Softgrid represents Microsoft's entry to a new avenue of virtualization product, alongside their existing Hyper-V package, Microsoft Virtual Server, Microsoft Virtual PC, and other products newly announced in 2006, such as System Center Virtual Machine Manager, the latter of which is designed for "Datacenter Virtualization".[3] |
| Standalone Client |
The standalone client needs to be installed on the workstation. Apart from doing administration of the objects in the different data sources, the standalone client is also used to set up security polices, forms and themes. So, the standalone client is used to do some of the Identity Manager system administration. |
| SUBSTR |
SUBSTR defines the comparison rule of an attribute when used in a search filter which contains wildcards. When the whole string is used the EQUALITY rule is used. Attribute definition. |
| Substring |
substring refers to any string values used in a search filter which contains wildcards. The form of the comparison e.g. case sensitive or case insensitive is defined by the SUBSTR rule in the attribute definition. |
| Sun Directory Server |
The Sun Java System Directory Server is Sun Microsystems' scalable LDAP directory server and a component of Java Enterprise System. |
| Sun Java System Directory Server |
The Sun Java System Directory Server is Sun Microsystems' scalable LDAP directory server and a component of Java Enterprise System. |
| Sun ONE |
Sun ONE is a brand that Sun Microsystems used to market server software products. Sun ONE stands for Sun Open Net Environment.
The Sun ONE brand was primarily used for products that resulted from Sun's alliance with Netscape Communications Corporation. The name was also applied to other Sun software products such as Sun ONE Studio 8 and Sun ONE Active Server Pages 4.0.
Sun ONE was introduced on April 15, 2002 to supersede the iPlanet brand name, following the end of the Sun-Netscape alliance. Sun ONE itself was superseded on September 16, 2003 by the Sun Java System brand. |
| SYSTEM LOOK AND FEEL |
The System Look and feel, can be one the following:
default (The operating systems default look and feel)
metal (Java metal look and feel)
motif (Sun Motif look and feeel) |
| Tab Concept |
The Tab Editor is by all means a core concept of the NordicEdge® Identity
Manager in that it provides an organization with a tool that enables administrators
and users to manage a directory service in a user-friendly, secure and flexible
way.
http://www.nordicedge.se/docs/manuals/Identity_Manager_-_Administrators_Manual_3.00.htm#_Toc115446618 |
| Tab templates |
A Template Tab can be used to create a tab that defines common controls and the look and feel like background colors, pictures etc. All changes in a Template Tab effects all the Tabs that use it as a Template. |
| Theme Editior |
The Theme Editor is a component of NordicEdge® Identity Manager that provides the organization a means to modify the appearance, or “theme”, of the NordicEdge® Identity Manager in order to fit the directory service used by the organization in appearance.
The Theme Editor enables the administrator to create and/or load and assign an icon to represent an object class or filterin the NordicEdge® Identity Manager. Thus giving the NordicEdge® Identity Manager the desired appearance. Different themes can be created for different users in order to fit their respective needs. |
| Toolbar/Smart Icons |
A toolbar is added containing Icons that represents different functions and a dropdown list where one can select the configured Predefined searches. |
| User Database Group |
A User Database Group is a group of LDAP and/or JDBC user databases. This feature can be used when to search for a user in more than one database. The OTP Server will search for the user in database groups in the order that the databases are listed starting from top to down.
If a user with a matching username and password is found in one of the databases, that database will be used for that specific user. Before creating a user database group, two or more LDAP and/or JDBC user databases must already exist. |
| VPN |
A virtual private network (VPN) is a communications network tunneled through another network, and dedicated for a specific network. One common application is secure communications through the public Internet, but a VPN need not have explicit security features, such as authentication or content encryption. VPNs, for example, can be used to separate the traffic of different user communities over an underlying network with strong security features. |
| Web Based Client |
The NordicEdge web based client is a JAVA servlet that runs on a servlet engine or an application server, like Jakarta Tomcat, BEA WebLogic, etc.
All the database connectivity is done from the engine where the JAVA servlet is installed.
A proxy user can be used when connecting to the directory service. Identity Manager will authenticate the user and read the users security polices, but when operations like read/write are performed, the proxy user account will be used. When using a proxy account the directory ACL rights assigned to the proxy account will be used to read and write data. This will remove the need to set ACL rights to all administrators, IM will act as security layer and control what rights the administrator has. The use of proxy account can be turned off, and then the ACL of the administrator will be used instead.
The administrators and users connect to the Identity Manager using a web browser. |
Search the Knowledgebase
Browse by Category