?_l!;/Glossary from Understanding Directory Services1SAMS Publishing and Systems Research Corporation1Understanding Directory Services ISBN=0672323052Zsecondarygraphicvisual displaydDZ secondaryconsoleA glossary of directory services terminologyZsecondarydefined @Z secondarylistdZmainmainZ secondaryinstructd  /&;)z4U|CONTEXTi|CTXOMAP7|FONT5|KWBTREE >|KWDATA7|KWMAP=|SYSTEM|TOPICC|TTLBTREE:v|bm0|bm1{|bm2|bm3|bm4|bm5.. ~M1JW(`>console',`console');CW(`main');CW(`instruct');JI(`>console',`console2')C @ P4!logo,PI(`',`logo')11`-/-+ & ";1^1^E-H `dEF(`http://www.amazon.com/exec/obidos/ISBN=0672323052/ref=nosim/sysresearchcomA/',`',3,`ExecError')tCv!TOC,JI(`>List',`TOC1');CW(`instruct');CW(`define')Cv!Glossary,JI(`>console',`TermList');CW(`instruct');CW(`define')Cv!References,JI(`>List',`References');CW(`instruct');CW(`define')6EF(`http://www.samspublishing.com/',`',5,`ExecError')"*EF(`http://www.src.nu/',`',5,`ExecError')"@JI(`>console',`console2');CW(`define');CW(`List');CW(`console')"Understanding Directory Services N^91n9Y Alphabetical Listing of Terms $Y  ȋJbCv!all,JI(`>List',`JumpList');CW(`instruct')\Cv![,JI(`>List',`bracket');CW(`instruct')^Cv!A,JI(`>List',`eLetterA');CW(`instruct')^Cv!B,JI(`>List',`eLetterB');CW(`instruct')^Cv!C,JI(`>List',`eLetterC');CW(`instruct')^Cv!D,JI(`>List',`eLetterD');CW(`instruct')^Cv!E,JI(`>List',`eLetterE');CW(`instruct')^Cv!F,JI(`>List',`eLetterF');CW(`instruct')^Cv!G,JI(`>List',`eLetterG');CW(`instruct')^Cv!H,JI(`>List',`eLetterH');CW(`instruct')^Cv!I,JI(`>List',`eLetterI');CW(`instruct')^Cv!J,JI(`>List',`eLetterJ');CW(`instruct')^Cv!K,JI(`>List',`eLetterK');CW(`instruct')^Cv!L,JI(`>List',`eLetterL');CW(`instruct')^Cv!M,JI(`>List',`eLetterM');CW(`instruct')^Cv!N,JI(`>List',`eLetterN');CW(`instruct')^Cv!O,JI(`>List',`eLetterO');CW(`instruct')^Cv!P,JI(`>List',`eLetterP');CW(`instruct')^Cv!Q,JI(`>List',`eLetterQ');CW(`instruct')^Cv!R,JI(`>List',`eLetterR');CW(`instruct')^Cv!S,JI(`>List',`eLetterS');CW(`instruct')^Cv!T,JI(`>List',`eLetterT');CW(`instruct')^Cv!U,JI(`>List',`eLetterU');CW(`instruct')^Cv!V,JI(`>List',`eLetterV');CW(`instruct')^Cv!W,JI(`>List',`eLetterW');CW(`instruct')^Cv!X,JI(`>List',`eLetterX');CW(`instruct')^Cv!Y,JI(`>List',`eLetterY');CW(`instruct')^Cv!Z,JI(`>List',`eLetterZ');CW(`instruct')2JI(`>console',`console2');CW(`define');CW(`List')" 19 1g 6Y " (Error in execution1 1U  $  " J _ 1_ Alphabetical Element List5  ) "Xwg[root] 1_ 1$ @ p +8^A5',U€WGȭӉig9onOrabstract classes Abstract Syntax Notation One (ASN.1) access control Access Control Decision Function (ACDF) Access Control Entry (ACE) Access Control Information (ACI) Access Control Inner Administrative Area (ACIA) Access Control Lists (ACL) Access Control Service Element (ACSE) Access Control Specific Administrative Area (ACSA) Access Control Specific Point (ACSP) r  ⅽFⳗ&b:,<wdX.<։鉂_-։<$a>l$=ډ?xgNW͉ACI items Active Directory Active Directory Services Interface (ADSI) Address (A) record Administrative and Operational Information Model administrative point alias ASN1 ID asymmetric cryptography asynchronous attribute attribute access attribute access permissions attribute definition attribute syntax attributed name @M h9h&/~Oʼn@ cE٢dSRbauthentication Authentication Server (AS) authoritative authoritative name server Autonomous Administrative Areas (AAA) auxiliary class 1@1]@!B,@!Bb ŝ(߀Jklj5#Ήk^[_a(牂Ⲹ剂ɹbacklink Backup Domain Controller (BDC) Basic Access Control (BAC) Berkeley Internet Name Domain (BIND) bindery bindery context bindery services boot file bridgehead server 1@RB1T RBuE l!B_D ژM{(iǦe?&⿒$③]d;r+⢺|ۉN^euAⓣ⁛։ێcache file caching only name server canonical name catalog centralized directory certificate Certificate Authority (CA) chaining changelog class class definition CN (common name) CNAME record collective attribute collective attribute specific area complete replication Connectionless LDAP (CLDAP) ConsoleOne RBuEi [J%l؉eg͉⪉c' &]Q^1XD=x2consumer consumer reference container object Content Rule context controls convergence country code create-time inheritance cross references 1_DE1w EMuEG ؀)؀`4kɉ!2n⸣IZ]rxdƉ6"~ʰG⤻41tbdatabase layer delegation dereferencing DIB fragment digital signature digitalme directory Directory Access Control Domain (DACD) Directory Access Markup Language (DAML) Directory Access Protocol (DAP) Directory Administrative and Operational Information Model Directory Administrative Authority Directory Distribution Model Directory Enabled Networking (DEN) EIp -؀zV]MD뉂ɉF≂,R̠  *rDirectory Functional Model Directory Information Base (DIB) Directory Information Model (DIM) Directory Information Shadowing Protocol (DISP) Directory Information Tree (DIT) Directory Interoperability Forum (DIF) Directory Management Domain (DMD) directory object directory operational attribute Directory Operational Binding Management Protocol (DOP) directory service GK 4⎾扂*扂%ΧVN,Fi%ĉOvCsМ޹>L6Directory Service Markup Language (DSML) Directory System Agent (DSA) Directory System Protocol (DSP) Directory User Agent (DUA) DirX DirXmetahub DirXML Distinguished Name (DN) distributed directory Distributed Reference Link (DRL) DIT Domain DNS domain namespace domain domain component (dc) Domain Controller (DC) domain directory partition IM y(њ~J|]É%l^ J%1-[/L>L AhDomain Local Groups Domain Management Organization (DMO) Domain Name System (DNS) Domain Naming Master domain subtree Domain Tree domain trust DSA Information Model DSA Information Tree DSA Specific Entry (DSE) DSA-shared operational attribute DSAPI dynamic directory entry Dynamic DNS (DDNS) Dynamic Host Configuration Protocol (DHCP) 1KN1 N RM ؀KmH~2ɉl⚶‹>>)09&~͉Bˀ‰i>c;@CDQeDirectory effective class effective rights entry entry access entry access permissions eTrust Directory extensibility eXtensible Directory Access Protocol (XDAP) eXtensible Markup Language (XML) Extensible Storage Engine (ESE) eXtensible Stylesheet Language (XSL) extension external reference N M1N=1 =^ p tƉŅFѸ@⑳X\@lj⯨̒槼y`97މԉfederated naming filter flat namespace floating master Floating Single Master Operation (FSMO) forest forest root forwarder full replica Fully Distinguished Name (FDN) Fully Qualified Domain Name (FQDN) 1=́1 ́M h-N-Pى@[a zЉS\ЉGeneric Security Service API (GSSAPI) Global Catalog (GC) global group Globally Unique IDentifier (GUID) granularity group policy 1́1x'G'0 0.)L/hierarchy host 1X1X's ؀-6؎ @IJ@&ⰥmI˾S>‰u:beelWREin.addr.arpa incremental replication incremental zone transfer Infrastructure Master inheritance inherited ACL inherited rights Inherited Rights Filter(IRF) Inner Administrative Areas(IAA) Inner Administrative Point (IAP) instance International Standards Organization (ISO) International Telecommunications Union (ITU) Internet Assigned Numbers Authority (IANA) GXM h⏺;_W8⟰Ɖ&r!:Internet Corporation for Assigned Names and Numbers (ICANN) Internet Engineering Task Force (IETF) Internetwork Packet eXchange (IPX) iPlanet Directory Server iPlanet Directory Server Integration Edition iterative name resolution 1s1DY0D) "`⽱ϟJava Naming and Directory Interface (JNDI) 1u1u!nD!> Lyڀ[Jq@ɉΰKerberos Key Distribution Center (KDC) Knowledge Consistency Checker (KCC) knowledge references 1uR1R"!p EIJQO҉⾀y:Ysu _>4Jot ANsV>lame delegation latency LDAP C API LDAP Data Interchange Format (LDIF) LDAP URL (Uniform Resource Locator) leaf object Lightweight Directory Access Protocol (LDAP) location service location-independence logical naming model loosely-consistent replication 1R1Ë)Ë ؀SchgG'ky牂2I;eI)p:%]Hz0^)qx䏉mandatory attribute master master DSA master name server master replica matching rules meta-directory Microsoft Management Console (MMC) Microsoft Meta-Directory Services mixed environment mixed mode multicasting multimaster replication multivalued RDN 11C lË #kZ tt#J~ t 5Ӊ+ jb6䞉ȃ扂扂=򳉂+ˆ%R !;z<݉gⷤ(name form name query name resolution name server namespace naming attribute naming context naming model Native Mode NetBIOS NetSync NetWare Administrator NetWare Name Services (NNS) Nexor Directory non-effective class Non-specific Subordinate Reference (NSSR) non-writeable replica Novell Directory Services BC) "2}+Novell LDAP (NLDAP) 1t1^t-Cb rm'[ꉂ&bu‰kG⚰.Sc~fv+object Object IDentifier (OID) Open Systems Interconnect (OSI) OpenLDAP operational attributes operational extensions operations master optional attributes originating write 1tҏ1'ҏc (;K 8ҏⰥE>!t/ȱӅ[.QXz@/joL U"ZIpartial replica partition partition root Passport PDC Emulator permissions permutability physical naming model Primary Domain Controller (PDC) Primary name server primary shadowing Private Communications Technology (PCT) propagation property Property Version Numbers (PVN) Public Key Infrastructure (PKI) 1ҏ1xLGL) "<YpQuality of Service (QoS) 1}1}pL "BxSJ5uX9ۉh꾉⃰6͉YJPZFɉ∊ [ |*0N$2/ΉRadiantOne VDS read/write replica recursive query referral Relative Distinguished Name (RDN) relative domain names Relative ID (RID) Master Relative Identifier (RID) Remote Operation Service Element (ROSE) replica replica ring replica server replication replication agreement replication consumer replication supplier O}p +xv\鉂B⠘i牂0Sug//iQΉx (`8:&Request For Comments (RFC) resolver resource record (RR) reverse lookup reverse lookup file root context root domain root DSE root knowledge reference root name server runtime inheritance 11v Sf!6Nz+"Hag퉂Eˉ`Jn?:al[2'%_m:7-s⾂I"S/KEY schema Schema Master second-level domain secondary name server secondary shadowing Secure Sockets Layer (SSL) SecureWay Directory Security Accounts Manager (SAM) Security Authority security context security descriptor security equivalence Security IDentifier (SID) security model security policy security principal  ؀Y&k <t{8X5E07Z:6)i XvF)Q0+%<Security Support Provider Interface (SSPI) Service Advertising Protocol (SAP) service control Service Location Protocol (SLP) Service Principal Name (SPN) shadow shadow DSA Simple Authentication and Security Layer (SASL) Simple Mail Transport Protocol (SMTP) Simplified Access Control single master replication Single Sign-On (SSO) site site link w& ▊C؀OD⹟.Icڡt≂I:JN.ChNΔk5t9?(g։site link bridge slave slave name server Specific Administrative Areas (SAA) Specific Administrative Point (SAP) SRV record Standalone LDAP Daemon (SLAPD) Standalone LDAP Update Replication Daemon (SLURPD) Start Of Authority (SOA) store strong authentication structural class structure rules stub resolver subclass subdomain  ؀/>(mFMWT4qˉ?JYz=DҥL2ԒZӭVQٛA.S..躊py/\0J⪼b‰Qa1ԉ96ԉtarget object ticket Ticket Granting Server (TGS) tightly consistent time server Time-To-Live (TTL) tombstone top-level domain (tld) transitive synchronization transitive trust transitive vector Transport Control Protocol/Internet Protocol (TCP/IP) Transport Layer Security (TLS) tree-walking trust trust link trust path f/u7 >^-NnCtrustee typed names typeless naming 11t ui [L}.y@ -wHe'_bsߵaj"f]-6Uniform Resource Locator (URL) unit of replication Universal Group Universal Naming Convention (UNC) up-to-date vector Update Sequence Number (USN) useful attribute sets user attributes User Information Model User Principal Name (UPN) 1K1KN%) "J Virtual Directory Service (VDS) 1K1RQR7 >;J<'u a$cWindows 2000 Windows Internet Naming Service (WINS) writeable replica 11 AR E Za`5g$ˀ‰6d۷X.500 XDS XML XMLDAP XSL Transformations (XSLT) 1:1r:{A {" >No terms defined for Letter Y1:1 %y;{%> Lv$3fsS?Jzone zone delegation zone file zone transfer 1V1U!Vz$%z" 7V1ډ"B[root]czB. , [root] [root] is the traditional eDirectory reference for the root of the directory tree. A1M#abstract classes_B. ,  abstract classes Abstract classes are used as templates to define other classes. U$e1X$ehAbstract Syntax Notation One (ASN.1)h/ ,  Abstract Syntax Notation One (ASN.1) An OSI standard defining the syntax used for storing information that will be exchanged between different systems, storing data in a series of type-value pairs. ?e1<% access controlh / ,  access control Access control mechanisms provide differential levels of access to directory objects. The specifics of access control mechanisms vary between directory service implementations. X' 1X&  Access Control Decision Function (ACDF)  / ,  Access Control Decision Function (ACDF) An algorithm defined in the X.500 standards to determine access control permissions by examining the contents of the ACI items of both the object and DUA. K G 1V^'G R Access Control Entry (ACE)  R / ,  Access Control Entry (ACE) A single security-related directory entry linked to a specific object. An ACE can grant or deny a particular user (or group) a specific set of access rights to directory object. Q G  1D"(  Access Control Information (ACI)R  / ,  Access Control Information (ACI) ACI is stored with each protected item in the directory and is used to determine which users are granted access, and what kind of access is granted. `/  1/^) Access Control Inner Administrative Area (ACIA) / ,A  Access Control Inner Administrative Area (ACIA) A permeable security boundary used by X.500 to allow delegation of access control administration. K 1/"* @Access Control Lists (ACL) @/ ,k  Access Control Lists (ACL) An ACL contains security information concerning a directory object, such as who can access the object and what operations they can perform.  @V%b@1dр+b@bAAccess Control Service Element (ACSE) @bA/ ,  Access Control Service Element (ACSE) X.500 uses ACSE to create and tear down associations between directory agents, essentially managing the bind (connection) and unbind (disconnect) processes. c2b@A1 L,AnBAccess Control Specific Administrative Area (ACSA){bAnB. ,  Access Control Specific Administrative Area (ACSA) AN ACSA defines an autonomous area of security in X.500. U$AB1р;-BICAccess Control Specific Point (ACSP)XnBIC. ,  Access Control Specific Point (ACSP) The administrative point of an ACSA. : BC1.CIDACI itemsICID/ ,/  ACI items Access Control Information (ACI) items are the operational attributes that control access to protected items in the directory. ACD1yL/DIActive DirectoryIDG2 2  Active Directory Active Directory (AD) is Microsoft's network directory service, first released as part of Windows 2000. Active Directory is one of the more technologically inventive networking directory service implementations in the industry. In looking at Active Directory, you can see Microsoft's comprehensive integration of key directory service technologies with their Windows 2000 networking platform.In Active Directory, Microsoft has blended the support for NetBIOS, DNS, and LDAP namespaces, and integrated Windows 2000 domain security. AD provides for hierarchical structuring of the namespace, stores the DIB in distributed and replicated database, and uses DNS for location services.;DI$ / The architecture of Active Directory integrates Windows 2000 networking and domain security with a native LDAP directory, framed in the DNS domain namespace and using DNS location services. Because Active Directory natively uses LDAP, it incorporates significant aspects of the X.500 models and general methodologies. However, the need to integrate support for NT domains and Microsoft's decision to leverage DNS as the fundamental namespace have led to some divergences from "classic X.500" -- and an interesting finished product. [*GJ1W;0JKActive Directory Services Interface (ADSI)IK/ ,  Active Directory Services Interface (ADSI) Microsoft's proprietary API, which is used for Active Directory, as well as to support accessing directory objects residing in multiple namespaces. CJ\K1I1\KbLAddress (A) recordKbL/ ,  Address (A) record An Address (A) resource record is used in DNS zone files to specify the linkage between a host (computer) name and its corresponding IP address (also commonly called a host record). a0\KL1cO2LMAdministrative and Operational Information ModelbLM/ ,  Administrative and Operational Information Model This X.500 model describes the directory from the perspective of the network administrator, viewing all the directory information in a unified DIT. EL N1p3 N5Oadministrative point+M5O/ ,  administrative point The administrative point is the root node of an X.500 administrative area. There are two major categories of administrative points: Specific (SAP) and Inner (IAP), which correspond to the root nodes of SAAs and IAAs. 6 NkO14kO'alias5O'/ ,  alias A secondary logical representation of an existing object that functions as a pointekO'5Or to the original object. 8kO_15_ASN1 ID'/ ,  ASN1 ID A globally unique number assigned by Novell when schema extensions are registered with them (such as the X.500 OID). H_a1 6a#asymmetric cryptography#/ ,'  asymmetric cryptography Asymmetric cryptography uses pairs of keys (public/private) to encrypt information (also called public key). = a`17`:asynchronous#:/ ,W  asynchronous Asynchronous communications allow multiple client requests to be sent to a DSA without requiring prior return of results from earlier requests. : `t1 j8tDattribute:D/ ,C  attribute An individual value of a directory object, such as name or password. Attributes hold the information associated with directory objects. At1WQ9attribute accessD/ ,  attribute access Attribute access refers to when a user or application attempts to access information held within an object (such as a telephone number), as opposed to the object itself (browsing the directory tree). M17j :҆attribute access permissions҆/ ,w  attribute access permissions The sets of permissions that can be set on attribute access. These permissions commonly include actions such as read, compare, add, and remove. E1Q;attribute definition҆/ ,7  attribute definition The schema definition of an attribute, which includes the attribute syntax and any constraints placed on the attribute. A"1<"attribute syntaxk. ,  attribute syntax The attribute syntax defines the acceptable data structure of an attribute. @"1 =attributed name/ ,  attributed name The X.500 style where a naming attribute (cn) and a name (shelly) combine to form the object name. (cn=shelly). ?1>ՊauthenticationՊ/ ,_  authentication The mechanism that verifies that the individual user is who they claim to be, usually by association with a shared-secret password or public key. K 1? ՋAuthentication Server (AS)ՊՋ/ ,   Authentication Server (AS) An Authentication Server (AS) provides the user authentication portion of Kerberos security. > 1J@authoritativeuՋ. ,  authoritative In general, authoritative is used to describe the controlling source of the information. J1-Aauthoritative name server/ ,i  authoritative name server An authoritative name server (as defined in DNS) contains current resource records for a specified zone and is designated via a SOA record. V%91pOdB9SAutonomous Administrative Areas (AAA)S/ ,  Autonomous Administrative Areas (AAA) In the X.500 model, an AAA denotes a directory subtree that is managed by an independent organization. Each organization is completely responsible for its portion of the global DIT. @91JCauxiliary classS/ ,  auxiliary class An auxiliary class is like an absStract class in that it defines a set of attributes and object characteristics. Auxiliary classes are used to support an additional derivation of an existing object. 91D}backlinkd}. ,  backlink eDirectory uses backlinks to keep track of external references to an object. O1EwBackup Domain Controller (BDC)}}w. ,  Backup Domain Controller (BDC) A Windows NT domain controller that holds a read-only copy of the SAM database. K1d F0Basic Access Control (BAC)n?w0/ ,  Basic Access Control (BAC) The X.500 security model that defines entry access and attribute access permissions, and the use of these permissions to control categories of directory operations (such as Add, Read, and so on). Application of permissions is segregated via access control administrative areas. U$1GGwBerkeley Internet Name Domain (BIND)0w/ ,  Berkeley Internet Name Domain (BIND) A Unix-based vendor-specific version of DNS that (among other distinctions) notably specifies the use of a boot file for startup functionality. 81Hbinderyw/ ,]  bindery A single server directory used by NetWare 2.x-3.x. The bindery is a flat namespace, with entries corresponding to users and physical network resources. @1"Ibindery context/ ,#  bindery context A collection of eDirectory container objects that are represented as a flat namespace for NetWare bindery clients. A1̈́Jbindery services/ ,W  bindery services eDirectory's bindery service supports down-level clients and provides them with a bindery style view of a subset of the directory contents. : 1"NKboot file/ ,  boot file A text file used by DNS to specify configuration commands to be executed at startup of the DNS services. B1$̈́Lbridgehead server/ ,g  bridgehead server A bridgehead server is used to manage Active Directory replication between sites, and across slower communications links, such as WAN connections. ; 1NmMcache filel. ,  cache file A DNS file containing host address resource records for the root DNS name servers. I1Ncaching only name server/ ,  caching only name server A DNS name server that is not linked to any specific zones, and does not contain its own zone files. ?1+mOcanonical name/ ,{  canonical name In general, a canonical name is an alias to a directory object. In DNS, a canonical name is an alias to a hostname and is specified in a CNAME resource record. 81DPcatalog/ ,  catalog Catalogs contain a subset or an index of the directory contents to provide a fast method of locating network resources. F13Q centralized directory / ,}  centralized directory A centralized directory holds the entire directory namespace on a single server. Copies of the directory information may be stored on additional servers.  < H1QDeRHMcertificate M/ ,  certificate An X.509 certificate is a collection of data that associates the public keys of network users with their DN in the directory, and is stored within the directory as user object attributes. KH1 FSVCertificate Authority (CA)MV/ ,  Certificate Authority (CA) A Certificate Authority creates and manages X.509 certificates for the users, servers, and other CAs. 91TuchainingVu/ ,o  chaining Chaining is defined by X.500 as a process where a DSA passes a query to other DSAs, collects results, and compiles them before they are returned to the client. : 1JeUchangelogu/ ,  changelog A changelog contains a record of all the changes that have been made to the directory. Using this method, when a replication process is initiated, the supplier "replays" the changelog to the consumer. 61SVclass/ ,  class A schematic definition of a type of object allowed within the directory. A class is a possible object, not an actual object, that is, the User object for Brynna (CN=Brynna) is an instance of the User class definition. AS1pWSclass definition// ,  class definition An object class definition specifies the information that is required to create an instance of a particular type of object. Class definitions also determine how objects work in relationship to other objects in the directory. AS1 FXLCN (common name)[L. ,  CN (common name) The most frequently used naming attribute for leaf objects. = 1Y\ CNAME recordL\ / ,I  CNAME record A Canonical NAME (CNAME) resource record is used within a DNS zone file to specify an alias for a host name (similar to an X.500 alias). E 12Z  collective attribute\  / ,}  collective attribute An attribute that is stored in a single location and referred to by multiple objects; used for data that is common to many objects (such as a fax number). S"  1%[  collective attribute specific area}  . ,  collective attribute specific area An X.500 administrative area that has collective attributes assigned to it. E  1\  complete replication  / ,'  complete replication Complete replication sends a copy of the entire directory database to each server with every directory update. L  11]  Connectionless LDAP (CLDAP)y  . ,  Connectionless LDAP (CLDAP) CLDAP provides the functionality of LDAP over a connectionless protocol (UDP). ;  1^ nConsoleOne n. ,  ConsoleOne A Java-based administrative console for eDirectory. It is available in both Windows and web versions. 9 1% _,consumerWn,. ,  consumer In replication, a consumer is the replica receiving the update. Co1M`op@consumer reference,p@/ ,  consumer reference An X.500 DSA uses a consumer reference to identify a replication cop@,onsumer (that is, a shadow). This information is the reciprocal of that in the Supplier Reference. Ao@1 a@oAcontainer objectp@oA/ ,  container object Container objects are used to provide structure and organization for the directory tree and hold other objects. = @A11)bA7BContent Rule]oA7B. ,  Content Rule Content rules define what attributes each object class contains. 8AoB1!coBXCcontext7BXC/ ,u  context An object's place in the directory tree is its context, which is referenced by the string of object names between it and the tree root. Also called context prefix. 9oBC10dCJDcontrolsXCJD/ ,  controls Controls specify extended handling information used for a LDAP single query (analogous to X.500 service controls). < CD1eDEconvergenceSJDE. ,  convergence When all replicas of a partition contain the same data. = DDE10 fDEEcountry codeEE/ ,  country code A two-letter designator for each country, such as UK, DE, or US, assigned by the ISO 3166 Maintenance Agency. HDEDF1DكgDF@Gcreate-time inheritanceE@G/ ,  create-time inheritance Create-time inheritance (used by Active Directory) is where effective permissions are determined and written (to the object's ACL) at the point of creation or change. ADFG1 whGNHcross references@GNH/ ,=  cross references Cross references are used to point to a naming context that is neither superior nor subordinate to the current naming context. ?GH1ك!iHfIdatabase layerNHfI/ ,U  database layer The database layer in Active Directory that abstracts the DIB management operations, isolating the DSA from the storage subsystem (the ESE). ; HI1wjI[JdelegationfI[J/ ,  delegation In directory services, delegation is the assignment of administrative control over directory subtrees or objects. > IJ1!kJDKdereferencing}[JDK. ,  dereferencing The process where the directory determines the underlying object to which an alias is referring. = JK1OlKKDIB fragment~PDKK. ,  DIB fragment The portion of the DIB that is held by a single DSA. BKAL1mALLdigital signatureKL/ ,  digital signature A summary of the data produced by a one-way hash function encrypted with the sender's public key. : AL,M1yn,MNdigitalmeLN/ ,Q  digitalme an eDirectory-based technology that acts as a personal information management system for individuals to use in managing their online identity. : ,M=N1ýo=NdirectoryV%N1 0K  directory A directory service provides a way to securely store, organize, and access information and commonly operates within a network to facilitate user access to information and resources and to ease network administration and usage. In technical documentation, 'directory' may be used synonymously with the term 'directory service'. The term 'directory' may be referring to the direc=NNtory as the container of information (such as 'the directory contains...'), or as a provider of services (such as 'the directory provides...'). W&=N1pDirectory Access Control Domain (DACD)/ ,  Directory Access Control Domain (DACD) A DACD is a filtered subset of an X.500-defined access control area (ACSA or ACIA). X'1ACqDirectory Access Markup Language (DAML)/ ,u  Directory Access Markup Language (DAML) A directory markup language that uses a set of XML elements and attributes to represent LDAP directory operations in XML documents. P?1r?܃Directory Access Protocol (DAP)o܃. ,  Directory Access Protocol (DAP) The X.500 protocol that provides client access to the directory. k:?G1sGDirectory Administrative and Operational Information Modela2܃/ ,e  Directory Administrative and Operational Information Model In X.500, this model describes the directory as the administrator sees it -- with the additional operational attributes that contain information used internally by the directory to keep track of modifications and subtree properties. S"G1vCtDirectory Administrative Authority#/ ,  Directory Administrative Authority This X.500 model assumes different people or organizations will administer different parts of the DIT, and provides a way for the DIT to be divided into subtrees that can be delegated as needed. Mk1 huk*Directory Distribution Model*/ ,!  Directory Distribution Model The X.500 Directory Distribution Model defines how directory information is shared by multiple DSAs. S"k}1u[v}Directory Enabled Networking (DEN)"*/ ,  Directory Enabled Networking (DEN) A collaboration between network infrastructure device vendors and directory service vendors seeking to enable directory-based control over infrastructure devices (such as routers and switches). K}17hw֊Directory Functional Model֊/ ,{  Directory Functional Model The X.500 Directory Functional Model defines the directory as one or more DSAs that collectively provide DUAs with access to directory information. Q '1[[x'1Directory Information Base (DIB) ֊1/ ,  Directory Information Base (DIB) The DIB (an X.500 term) contains all the information in the directory, and is commonly distributed, partitioned, and replicated to enhance availability and responsiveness. R!'1gyDirectory Information Model (DIM)1/ ,  Directory Information Model (DIM) The original 1988 X.500 specification defined only the Directory Information Model, which deals with the most basic view of directory -- the one which a typical directory user sees. `/1TzDirectory Information Shadowing Protocol (DISP)/ ,  Directory Information Shadowing Protocol (DISP) The X.500 DISP is used by a DSA to replicate a partition to another DSA, and to transmit information during replica update operations. Q =1{=Directory Information Tree (DIT)I/ ,5  Directory Information Tree (DIT) A directory tree is a hierarchical arrangement of container objects within a contiguous namespace. The= directory tree is used to represent a logical hierarchy, as well as to visually display the arrangement of objects within the tree. W&=1S̀|Directory Interoperability Forum (DIF)/ ,  Directory Interoperability Forum (DIF) DIF is a group of vendors who have joined efforts to support the development of directory-enabled application development and open directory standards. R!71}7fDirectory Management Domain (DMD)/f/ ,  Directory Management Domain (DMD) A X.500 DMD consists of a set of DSAs and DUAs administered by a specific organization. DMD policies apply to DSA operations and can be used to limit the operations and services provided by one or more DSAs. A71~$directory object}Of$. ,  directory object An instance of the underlying class definition. Pt1#́stGdirectory operational attribute$G/ ,I  directory operational attribute Directory operational attributes are used for operational parameters that apply to every DSA, such as access control. h7t1J̀ODirectory Operational Binding Management Protocol (DOP)G/ ,g  Directory Operational Binding Management Protocol (DOP) An X.500 protocol used by a pair of DSAs to establish a binding agreement for use in distributed operations. B1v}directory service-4 6  directory service In its most general definition, a directory service provides the means to hierarchically organize and manage information, and to retrieve the information by name association. Directory services provide an information management technology that can be applied to a wide range of business operations. Networking-focused directory services, for example, are oriented toward the management of network information and resources.A directory service is implemented as a network service to simplify access and ease administration by providing a unified organization of network resources. The directory contains a set of information about resources and services on the network, including users, workstations, servers, and services. $  Other type of common directory services include general-purpose directory services, application-based directories (such as email and instant messaging), as well as specific-purpose or limited-use directories (such as DNS). Y(`1$`+Directory Service Markup Language (DSML)+/ ,9  Directory Service Markup Language (DSML) An XML language representing directory information in a standard format to facilitate data exchange. M`x1tOxDirectory System Agent (DSA)'+/ ,  Directory System Agent (DSA) The X.500 term for the server component of a directory service. Each DSA handles a portion of the DIT and multiple DSAs interoperate as a system to provide transparent access to the distributed directory. Px1Directory System Protocol (DSP)/ ,9  Directory System Protocol (DSP) An X.500 protocol that supports the interaction between DSAs necessary for distributed directory operations. K1Directory User Agent (DUA)g. ,  Directory User Agent (DUA) The client application of an X.500 defined directory service. 51BCDirXh:C. ,t  C DirX An X.500 directory product by Siemens. < 1BDirXmetahubpBC. ,  DirXmetahub A meta-directory solution from Siemens. 7&1&DirXML/ ,A  DirXML A Novell meta-directory technology integrating eDirectory with other directories or datastores via an XML-based directory markup language. H&=1=Distinguished Name (DN)/ ,7  Distinguished Name (DN) A fully qualified X.500 object name that unambiguously identifies and positions an object within the directory tree. F=M1sMdistributed directory{L/ ,  distributed directory A distributed directory subdivides the directory namespace it holds, and multiple copies of the subsets of directory information are spread throughout the network, but are logically linked into one directory. X.500 directory services are designed to extend this distribution to the entire world. Q M16Distributed Reference Link (DRL)/ ,   Distributed Reference Link (DRL) A DRL contains a list of all the external references created for an eDirectory object. ;  1p)U >DIT Domain5>/ ,   DIT Domain In X.500 a DIT Domain is the section of the global DIT managed by a specific Domain Management Organization (DMO). A DIT Domain consists of one or more Autonomous Administrative Area (AAAs), which may be disjoint (that is, unconnected). E 1ODNS domain namespace`>. ,  DNS domain namespace DNS domain namespace defines a hierarchical tree of domains. 7H1S}Hd domaind / ,  domain A DNS domain is a logical organizing structure for naming and location services. Windows NT 4 organizes resources into NT domains that enforce security boundaries, and usually represent a subdivision of the company. FH 1 u m domain component (dc)d m / ,)  domain component (dc) LDAP domain components are used to map to DNS domains, providing an integration of the DNS and LDAP namespaces. G  1- ! Domain Controller (DC)m?m ! . ,~  Domain Controller (DC) The Active Directory DSA. K l 12%l S domain directory partition! S / ,q  domain directory partition In Active Directory, a domain directory partition contains all objects within the domain, and is only replicated to DCs for a specific domain. Dl  1-6  Domain Local GroupsS  / ,u  Domain Local Groups Domain Local Groups are new in Active Directory, and are used to grant access to resources within a single domain, to any user or group in the forest. U$  1 -o Domain Management Organization (DMO) / ,  Domain Management Organization (DMO) A specific administrative authority that manages a portion of the global X.500 DIT. I 1i DDomain Name System (DNS)gzA2 2  Domain Name System (DNS) DNS performs name-to-IP address resolution for domain and host names on IP networks including the Internet. The Domain Name System (DNS) is the service used to locate network servers on the Internet and many czAorporate networks. DNS servers provide lookup services for DNS clients. They perform name resolution for requested DNS domain names and supply IP addresses for the servers within the specified domains. A DNS server translates the "friendly name" of a network server (for example, www.mythical.org ) into its corresponding IP address (for example, 192.168.111.90). i D&  DNS implements a hierarchical naming strategy to associate a logical DNS host and/or domain name to a corresponding IP address. The DNS namespace is organized in a logical tree structure, arranging network servers within a hierarchical tree of domain nodes. DNS operates by storing (and providing) domain name information in a distributed database contained on DNS name servers located within the TCP/IP network. The name servers store their portion of this distributed database in DNS zone files. Each DNS zone file stores the domain name information (for the pertinent DNS zone) in DNS resource records (RRs). EzAND10oND9EDomain Naming Master D9E/ ,y  Domain Naming Master The Domain Naming Master controls the additions and deletions of domains within an Active Directory forest, ensuring the uniqueness of the domain names ?NDxE1uxEFdomain subtreeo9EF. ,  domain subtree The contiguous directory subtree contained with a single Active Directory domain. < xEQF1iшQFFDomain Tree{FF. ,  Domain Tree Active Directory uses a tree of domains, which collectively comprise a contiguous DNS namespace. = QF7G1%47GHdomain trustO FH/ ,A  domain trust A process where a relationship is formed between domains to support an exchange of security credentials, allowing users in one domain to gain access to resources in the trusting domain. Active Directory uses automatic two-way transitive trusts between domains. F7GH1DHIDSA Information ModelHI/ ,  DSA Information Model The information contained in this X.500 model locates a DSA in relationship to other DSAs and describes how various DSAs interact to control shared directory information. EHJ1/JJDSA Information TreeIJ/ ,'  DSA Information Tree A DSA Information Tree is comprised of the complete set of names (and associated DSEs) known by a specific DSA. IJK1KKDSA Specific Entry (DSE)VJK. ,  DSA Specific Entry (DSE) An entry in the DIT as held by a specific DSA. Q KK1KU/KLDSA-shared operational attributeKL/ ,  DSA-shared operational attribute The information used between DSAs to perform replication, containing information that applies to a single DSA, such as the time of the last replica update. 6KM1MMDSAPILM/ ,  DSAPI The traditional method of programming eDirectory, providing all the functionally of the XDS APIs from X.500. HMN1NNdynamic directory entryMN/ ,;  dynamic directory entry Non-persistent directory objects that disappear from the directory after a designated length of time if not refreshed. CN'O1%'ODynamic DNS (DDNS)N/ ,g  Dynamic DNS (DDNS) DDNS provides a mechanism for DNS resource records to be dynamically updated to reflect changing server and client availability and IP add'ONresses. [*'Op15ш pJDynamic Host Configuration Protocol (DHCP)J/ ,W  Dynamic Host Configuration Protocol (DHCP) DHCP is commonly used to manage a pool of IP addresses and dynamically supply those addresses to network clients. ; p14$%eDirectoryoJ%1 0  eDirectory Novell's eDirectory, originally named Novell Directory Services (NDS), was first designed to manage distributed NetWare networks, and is now a general-purpose, cross-platform directory service. eDirectory is based in X.500 architecture, using both proprietary protocols and native LDAP. eDirectory supports management of not only basic network resources but also a broad range of applications, services, and other information concerning the network. Novell has ported eDirectory to most major NOS platforms including Windows NT/2000, Sun Solaris, Linux and others. Between Novell's enhancements to eDirectory, the linkage of other NetWare network management tools (such as BorderManager and ZENworks), and third-party development, eDirectory now provides a central point for administering not only the network, but many aspects of the business as well.@e1eeffective classi%. ,  effective class The class of object that can be instanced (created) in the directory tree. Ae=1-@=)effective rights)/ ,{  effective rights The set of access rights that result when all security factors are combined and assessed, effective rights denote which operations can actually be performed. 6=_1q_entry_1). ,b  entry Another term for an object. = _15@:entry access/ ,  entry access When a user accesses an object as a named entity in the directory (browsing the directory tree), rather than information held within an object (such as a telephone number). I<1bq<Uentry access permissionsU/ ,  entry access permissions Entry access permissions are the set of permissions that can be granted or denied when accessing named objects. These permissions typically include read, browse, add, remove, modify, and rename. A<1:BeTrust Directory~UB. ,  eTrust Directory An X.500 directory service from Computer Associates (the product was formerly Open Directory). > 1:GextensibilityBG/ ,1  extensibility The ability to extend the directory in some way; commonly extended areas include schema, operations, and interconnectivity. \+1<$eXtensible Directory Access Protocol (XDAP)G/ ,c  eXtensible Directory Access Protocol (XDAP) A markup language designed as a transport neutral framework to support search and retrieval operations on directories. Q ԍ1:ԍ/eXtensible Markup Language (XML)[,// ,Y  eXtensible Markup Language (XML) A generic markup language supporting the creation of custom vocabularies for manipulating information, transforming data from one format to another, and representing information in a generic form accessible by a wide range of applications and services. Pԍ1-Extensible Storage Engine (ESE)G// ,1  Extensible Storage Engine (ESE) Active Directory uses the ESE as its /data storage layer. The ESE works with the database layer to provide the DIB functionality for Active Directory. The ESE is an enhanced version of Jet, an indexed database engine used by Exchange. U$'1"'eXtensible Stylesheet Language (XSL)/ ,=  eXtensible Stylesheet Language (XSL) A stylesheet technology for formatting data, providing flexible control over the presentation of the data. : '.1΁.extension_0/ ,a  extension Extensions allow the use of arguments to support new directory operations and enhanced functionality. Extensions rely on a pre-arranged agreement between the communicating directory components on the set of new operations, along with the methods used to invoke the functionality. C.1"~external reference/ ,a  external reference A temporary pointer to an object created by eDirectory when a server needs to reference an object that it is not contained in a local replica. A17΁Efederated naming/ ,  federated naming The ability to perform name resolution across different namespaces (also called federation), a process that is at the core of the interoperability between directories. 71~filterj. ,  filter A constraint applied to a directory query that restricts the information returned. ?1E3flat namespace/ ,   flat namespace A namespace in which all objects are held below a single superior object, as if in a common container. @1"floating master/ ,g  floating master A server that has been temporarily assigned the role of a master for a particular directory operation, such as replication or schema modifications. X'!12 !Floating Single Master Operation (FSMO)/ ,W  Floating Single Master Operation (FSMO) An operation that requires the election of a single master. Microsoft calls this a flexible single master operation. 7!2132forestq. ,  forest An Active Directory namespace containing one or more disjoint (noncontiguous) Domain Trees. < 2 1{ forest rooty. ,  forest root In Active Directory, the first domain of the first tree in the forest defines the forest root. : 1forwarder/ ,7  forwarder A list of DNS name servers that are to be contacted prior to forwarding queries to the root name servers, used to control traffic. = 1{full replicaj. ,  full replica In Active Directory, a replica containing the information for a single domain. O1PRFully Distinguished Name (FDN)/ ,  Fully Distinguished Name (FDN) A FDN is an eDirectory name that is treated as complete and resolved from the tree root. A FDN is a DN preceded by a period "." (for example, .meggan.mythical.org). S"01y0OFully Qualified Domain Name (FQDN)O/ ,  Fully Qualified Domain Name (FQDN) A FQDN is a DNS domain name specified with the complete set of required values and with the terminating root deli0Omiter "." as the rightmost value (for example, host.domain.tld.). V%01aRGeneric Security Service API (GSSAPI) O/ ,  Generic Security Service API (GSSAPI) GSSAPI defines an interoperable security system for use on the Internet. GSSAPI provides a protocol and mechanism independent interface to underlying security methods. D1t$Global Catalog (GC)0$/ ,  Global Catalog (GC) A Global Catalog (GC) server contains an index to all Active Directory objects in the forest, providing a efficient means for applications and users to query the directory for objects based on one or more known attributes. = a1=Baaglobal group$a/ ,  global group Active Directory Global groups are equivalent to NT 4 Global groups, and can be used to grant access to any resources in the forest to members of its domain and other Global groups. R!a1vGlobally Unique IDentifier (GUID)av/ ,)  Globally Unique IDentifier (GUID) A unique 128-bit number generated for each Active Directory object at the point that it is created. < 1pGgranularity4v/ ,   granularity Granularity refers to the ability to control operations such as replication and access control to a fine degree, usually meaning down to the attribute level. This provides extremely flexible security and minimizes replication traffic. = #1B#group policyu. ,  group policy A set of policies enforced on a group of computers or users within the Active Directory. : #1?G hierarchy / ,  hierarchy A hierarchy in a directory service refers to the parent-child structure of the nodes of the directory tree. A parent object is immediately above its child object in the directory hierarchy. 5: 1p:  host\.  . ,\  host The DNS term for a server. = :  1 X in.addr.arpaW X . ,  in.addr.arpa A reserved domain name suffix used for DNS reverse lookups. H  1 ] incremental replicationX ] / ,  incremental replication Incremental replication sends only a subset of the DIB, containing only the data that has been changed. J  1SE  incremental zone transfer ]  / ,  incremental zone transfer An incremental zone transfer allows the master name server to send only the resource record information that has changed since the last zone transfer with that secondary server. F  1;r  Infrastructure Master  / ,  Infrastructure Master In Active Directory, a single Infrastructure Master role enforces object consistency for operations that span domains, and synchronizes group-to-user references. < '1'inheritance / ,   inheritance The mechanism by which permissions that are granted to objects high in the tree flow to objects below them. > '1E @inherited ACL @/ ,  inherited ACL Each eDirectory partition root has an inherited ACL, which contains the effective rights for that partition.  @AM@1M@@inherited rightsr @@. ,  inherited rights Rights that are granted to an object and flow down to objects beneath in the tree. MM@:A1:AAInherited Rights Filter(IRF)t@A. ,  Inherited Rights Filter(IRF) An IRF blocks the inheritance of access rights from higher in the tree. P:A,B1Jr,B&CInner Administrative Areas(IAA)A&C/ ,  Inner Administrative Areas(IAA) X.500 defines IAAs as a type of administrative division within a directory designating an area with delegated administrative tasks or collective attributes. Q ,BwC1vwCDInner Administrative Point (IAP)n&CD. ,  Inner Administrative Point (IAP) An administrative point for the IAA. See administrative point. 9wCLD1LDDinstanceWDD. ,  instance A specific occurrence of an object based on a class definition. [*LD,E1K7,EFInternational Standards Organization (ISO)DF/ ,  International Standards Organization (ISO) As its name suggests, an international standards body which manages standards processes for communications and networking technologies. ],,EyF15vyFQGInternational Telecommunications Union (ITU)FQG/ ,S  International Telecommunications Union (ITU) An international telecommunications standards body that developed the X.500 specifications (and many others). [*yFG17dG_HInternet Assigned Numbers Authority (IANA)QG_H/ ,   Internet Assigned Numbers Authority (IANA) An Internet standards body responsible for the assignment of IP addresses. l;GH1HHJInternet Corporation for Assigned Names and Numbers (ICANN)}N_HHJ/ ,  Internet Corporation for Assigned Names and Numbers (ICANN) ICANN is a nonprofit corporation formed to manage critical Internet infrastructure administration functions formerly performed by the IANA. ICANN is responsible for IP address allocation, DNS system management, including control of the root DNS name servers. W&HJ1dJLInternet Engineering Task Force (IETF)sDHJL/ ,  Internet Engineering Task Force (IETF) An organization of internetworking engineers, vendors, researchers, and others who form working groups to work on an area of Internet development. IETF has two LDAP related working groups LDUP (LDAP Duplication/Replication/Update Protocols) and LDAPExt (LDAP Extension). S"JeL1 eL MInternetwork Packet eXchange (IPX)zL M. ,  Internetwork Packet eXchange (IPX) The network protocol used for NetWare, and thus earlier versions of NDS. IeLVM1VMNiPlanet Directory Server MN/ ,/  iPlanet Directory Server LDAP directory service from the Sun|Netscape alliance, commonly deployed in Internet and intranet environments. ],VMyN1pyN2OiPlanet Directory Server Integration EditionN2O/ ,  iPlanet Directory Server Integration Edition A Sun|Netscape meta-directory product leveraging its iPlanet Directory Server. JyN|O1 |Oiterative name resolution/2O/ ,  iterative name resolution Iterative name resolution is a DNS process (si|O2Omilar to the X.500 referral process) where the name server receiving the name query either answers the query authoritatively or refers the client to another name server. [*|O1' ށJava Naming and Directory Interface (JNDI)ށ/ ,;  Java Naming and Directory Interface (JNDI) Sun's proprietary API that provides access to LDAP, NIS+, eDirectory, and other directory services. 91  Kerberos\ށ/ ,  Kerberos Kerberos is a security protocol developed for secure communication across an unsecure network, and operates by authenticating clients and issuing tickets for authentication of the client to a network service. The client and service then encrypt all communications, providing a means to operate securely over a public medium. N1"  ĄKey Distribution Center (KDC)Ą/ ,K  Key Distribution Center (KDC) The collective reference to an Authentication Server (AS) and a Ticket Granting Server (TGS), used by Kerberos security. T#1f  *Knowledge Consistency Checker (KCC)Ą*/ ,  Knowledge Consistency Checker (KCC) Active Directory uses the KCC process to create the replication topology, and determines replication routes between DCs in a site based on the quality of available connections. Eo1  o=knowledge references*=/ ,?  knowledge references References to remote DIB partitions maintained by DSAs as a means of piecing together the DIT for searches and replication. @o}1$  }alame delegation=a/ ,k  lame delegation This is when a DNS name server is delegated as authoritative for a specific DNS zone, yet does not respond to name queries with authoritative results. 8}1W   latencya/ ,  latency The delay between a directory query and the DSA response is referred to as latency (or query latency). Latency is also used to refer to the delay in updates between all directory replicas, described as update latency. ; 1 u ҊLDAP C APIҊ/ ,a  LDAP C API The LDAP C API is a low-level programming interface supporting all DAP operations, and used in the development of directory applications written in C. T#&1E 7 &LDAP Data Interchange Format (LDIF)Ҋ/ ,  LDAP Data Interchange Format (LDIF) LDIF has been defined as a means of describing LDAP entries in a standardized text format to facilitate the exchange of directory information. T#&k1"u  k9LDAP URL (Uniform Resource Locator)9/ ,?  LDAP URL (Uniform Resource Locator) An LDAP URL provides a means of locating directory servers using DNS and then completing the query via LDAP. < ku1@ uyleaf object9y/ ,  leaf object A leaf object in a directory represents a manageable object -- in network directories leaf objects commonly represent network entities (users, servers, and so on), applications, and services. ],u֎17 | ֎uLightweight Directory Access Protocol (LDAP)byu1 0  Lightweight Directory Access Protocol (LDAP) A dedicated client access protocol for communicating with a directory and viewing or manipulating the objects contained within it. LDAP was designed as a simplified subset of the X.500 Direct֎uyory Access Protocol (DAP) to provide basic access to X.500-based directories. LDAP defines a standard method for a client to access and modify directory information. LDAP can be implemented as a protocol to access X.500 directories or as a standalone server. The specifications for LDAP are contained within a series of Request for Comments (RFC) documents. A֎1  elocation serviceue/ ,  location service A network service providing name to address resolution for clients. Also called lookup services. F1  plocation-independenceep/ ,-  location-independence Refers to forms of naming in which the name of a network object is not dependent on its location in the network. E1 jlogical naming modelpj/ ,   logical naming model A logical naming model uses symbolic names that are transparently mapped to physical device names. O1 ς loosely-consistent replicationb3j/ ,g  loosely-consistent replication With loosely-consistent replication, the data on all directory servers does not have to be exactly the same at any given time. Changes to the DIB are replicated more slowly and network servers gradually "catch up" to the changes made on other directory servers. D_1 = _mandatory attributen. ,  mandatory attribute Attributes that must have values at all times during an object's lifetime. 7_21ς ۃ 2master/ ,=  master A writeable replica that is responsible for supplying data updates to other replicas; sometimes refers to the DSA holding that replica. ; 2:1= v :master DSA/ ,7  master DSA In X.500, a master DSA is the DSA that holds the master copy of each directory entry -- the copy of the object that is writeable. C:G1ۃ Gmaster name server}. ,  master name server A master name server is the source of the DNS zone resource records during a zone transfer. ?G11xv 1jmaster replica9 j/ ,  master replica Master replicas are fully functional, allowing all directory operations. Everything in the directory, objects, tree design, the schema, and so on, is updateable via a master replica. At least one master replica must exist per partition. ?11 i Cmatching rulesljC. ,  matching rules The rules that determine if a directory entry meets the criteria for a search. ?1 meta-directoryBC/ ,'  meta-directory A meta-directory does some form of integration or integrated management of multiple directory services. This may take the form of a top-layer directory, synchronization tools, or as a transitional management tool during a long migration process. S"1 YMicrosoft Management Console (MMC)BY/ ,'  Microsoft Management Console (MMC) A console interface that provides the framework for the Active Directory administration tools, hosting programs constructed as snap-ins. The MMC provides the mechanism to add, remove, and manipulate modular snap-in programs. R!1| k ?Microsoft Meta-Directory ServicesZY?. ,  Microsoft Meta-Directory Servic?Yes A meta-directory solution from Microsoft. B1ii mixed environment'?/ ,  mixed environment In Active Directory, a mixed environment refers to having Active Directory in native mode (that is, all DCs are running Windows 2000) yet still having network servers and clients that are not Active Directory-aware. ; 1g  mixed mode,/ ,  mixed mode Mixed mode is the Active Directory default operating mode, and provides the maximum compatibility with down-level servers and clients. Mixed mode supports NT 4 replication methods as well as Active Directory domain replication. = L1 a Lmulticastingl. ,  multicasting Multicasting occurs when a DUA sends a request to multiple DSAs simultaneously. HL.1q [ .Wmultimaster replication)W/ ,  multimaster replication Multimaster replication is where more than one replica can accept changes. Use of multimaster replication ensures that nonavailability of a given replica will not impede the use or administration of the network. @.1a  8multivalued RDNsW8. ,  multivalued RDN A multivalued RDN is where an object has more than one naming attribute designated. : r1[ x rKname form8K/ ,U  name form Defines the allowable RDN values for a structural object class, and contains at least one attribute whose value is used to form the entry's RDN. ; r1  3name queryK3. ,  name query A query sent by the client to a name server requesting the IP address of a particular DNS host name. @s1x x s# name resolution3# / ,  name resolution The process by which name queries are resolved (varies between directory service implementations). < s_ 1  _  name serverl#  . ,  name server In DNS, name servers resolve host and domain names to corresponding IP addresses. : _ 3 1x } 3  namespace  / ,3  namespace A namespace is a collection of objects that reside within a common logical container and follow the same naming convention. A namespace is defined by the set of logical rules that determine structural characteristics of the directory (hierarchical or flat), and determines how objects are named. Objects that conform to the naming convention can be said to exist within that namespace.A3 < 1  <  naming attributes  . ,  naming attribute The attribute designated within a class definition to name instances of that class. ?<  1U}   2naming context 2/ ,  naming context In X.500, a naming context is a subdivision of the directory information that is stored on a specific DSA and managed by a common administrative authority. A naming context is analogous to a partition. =  o1 y o2naming model22/ ,)  naming model The structure that determines how objects within a directory are named. Also called naming format, or naming convention. < on1 n@Native Mode 2@/ ,  Native Mode Native mode provides operational enhancements to Active Directory, includin@2ng new types of groups, nested groups, and multimaster replication between DCs, thus removing support for NT 4 BDCs. 8n@1k @ANetBIOS@A/ ,i  NetBIOS Stands for Network Basic Input Output System, and is a network technology that early Windows networks were based on (later versions have shifted to TCP/IP). 8@A1 ! AqBNetSyncmAqB. ,  NetSync NetSync is used by eDirectory to administering a mixed NetWare 3.x[nd]4.x environment. FAB1 BMCNetWare AdministratorhqBMC. ,  NetWare Administrator NetWare Administrator is the legacy NDS/eDirectory management tool. LBC1 !  CYDNetWare Name Services (NNS)MCYD/ ,#  NetWare Name Services (NNS) NNS was as an add-on to NetWare 3 designed to synchronize the binderies of a group of NetWare servers. @CD1 ؂ D&ENexor Directory_YD&E. ,  Nexor Directory An X.500 directory product by Nexor focused on secure messaging. DDjE1 jEEnon-effective class_&EE. ,  non-effective class A class of object that cannot be instanced in the directory. Z)jEQF1F QF=GNon-specific Subordinate Reference (NSSR)E=G/ ,{  Non-specific Subordinate Reference (NSSR) A special type of subordinate reference containing the name of a DSA holding a child naming context but not the RDN of that context. FQFG1y GHnon-writeable replicaj=GH. ,  non-writeable replica A replica that cannot accept changes; it may be read-only or catalog. JGeH1؂ T eHHNovell Directory ServicesUHH. ,  Novell Directory Services Earlier name for eDirectory, see eDirectory. DeH,I1 ) ,IINovell LDAP (NLDAP)n@HI. ,  Novell LDAP (NLDAP) eDirectory's version of LDAP. 7,II1 IJobjectIJ/ ,+  object A data structure with a specified set of attributes and syntax, and which represents a network entity or other information set. HIJ1T ( JKObject IDentifier (OID)JK/ ,!  Object IDentifier (OID) The OID uniquely identifies each schema element and is assigned by ANSI, IETF, or similar a organization. PJK1(  KLOpen Systems Interconnect (OSI)oKL. ,  Open Systems Interconnect (OSI) A standard defining a related hierarchy of networking protocols. 9KL1) LHMOpenLDAPXLHM. ,  OpenLDAP An open source LDAP directory product from the Open Foundation. GLM1 MNoperational attributes: HMN/ ,  operational attributes Operational attributes contain information that is used internally by the directory to keep track of directory modifications and subtree properties. Used to manage the directory, these attributes are not usually visible to users. GMO1( O operational extensionsN / ,e  operational extensions Operational extensions allow the use of predefined syntaxes and methods to support operations not included in the basic LDAP specifications. O NBON1K NToperations master T/ ,  operations master An Active Directory domain controller that has been assigned a flexible single master operations role (that is, Domain Naming, Schema, Relative ID, Infrastructure, and PDC Emulator). DN1 8 'optional attributesaT'. ,  optional attributes Optional attributes do not require values for object creation. Bi15  i\originating write'\/ ,  originating write A successful write updating a property on the DSA performing the update is called an originating write. Replication updates are not considered originating writes. @i18 y Gpartial replica}\G. ,  partial replica A copy of a directory partition that contains only a subset of the contents of that partition. : 1  9partitionG9/ ,  partition A subdivision of the DIB or directory information. A copy of a partition is called a replica (master or shadow). ?x1y  x"partition root|9". ,  partition root The container object at the root of the directory partition which usually names the partition. 9x[1 D [Passport"/ ,  Passport A Microsoft Web service that provides single sign-on to Web sites belonging to Microsoft and selected partners. = [N1i ~ NzPDC Emulator,z/ ,  PDC Emulator In Active Directory, the PDC Emulator supplies compatibility with down-level clients and NT 4 BDCs, handling NT 4 client authentication and replication. Only one DC in each domain can be used to perform the PDC Emulator role. < N1c  ݉permissions'z݉/ ,  permissions In general, permissions are a security mechanism to enforce access control. In X.500, security models define entry access and attribute access permissions, and the use of these permissions to control directory operations. > 1<  permutability݉/ ,  permutability A property of some asymmetric encryption methods, where either key in the pair can be used to encrypt the message contents, and the other key can be used to decrypt the contents. F_1 ^ _physical naming model{. ,  physical naming model A physical naming model uses actual network device names to locate attached resources. P_X1~  X'Primary Domain Controller (PDC)'/ ,A  Primary Domain Controller (PDC) The Primary Domain Controller is a Windows NT server that contains the master copy of the user accounts database. DXk1D  kPrimary name serverz'. ,  Primary name server In DNS, the Primary name server for a given zone holds the master copy of the DNS data. BkU1 Uprimary shadowing/ ,  primary shadowing In X.500, primary shadowing is where the shadow consumer gets data directly from the Master DSA. X'U^1 ^*Private Communications Technology (PCT)*/ ,#  Private Communications Technology (PCT) A channel security protocol used on the Internet and supported^* in many directory services. < ^f1^ ~ fpropagation~*. ,  propagation The process where a server sends directory updates to other servers containing partition replicas. 9fK1 Ȃ Kpropertyk=. ,z  property Another term for directory attribute. OK19 v Property Version Numbers (PVN)/ ,w  Property Version Numbers (PVN) Property-based replication values directly associated with an object property, which Active Directory uses to manage replication collisions. P?1 ?Public Key Infrastructure (PKI)/ ,  Public Key Infrastructure (PKI) PKI refers to the security infrastructure using the public-key cryptographic technologies. I?@1v { @Quality of Service (QoS)|. ,  Quality of Service (QoS) QoS allows the provision of guaranteed bandwidth on network devices such as routers. ?@)1 !)RadiantOne VDS{M. ,  RadiantOne VDS A virtual directory service from Radiant Logic. C)1~ n "read/write replica/ ,M  read/write replica A replica that allows directory updates, yet lacks some functionality of a master replica, such as the ability to modify the schema. @1<Ȃ ; #recursive query/ ,  recursive query A DNS recursive query is similar to the X.500 chaining process, in which query resolution is pursued on the server-side and only complete results are returned to the client. 911n $1referral/ ,  referral The process by which a DSA sends a DUA the names of other DSAs to contact to fulfill a submitted query. R!121{ { %2Relative Distinguished Name (RDN)_0/ ,a  Relative Distinguished Name (RDN) The term RDN is used to refer to two different names: In X.500, an RDN is the name of an object paired with the appropriate name type attribute, such as CN=Brynna. In eDirectory, a RDN is a DN relative to the location of the object that is referencing it. F21; &relative domain names/ ,!  relative domain names DNS domain names not ending in a trailing '.' referred to as relative domain names such as:www.mythical.org I1  'Relative ID (RID) Master/ ,/  Relative ID (RID) Master In Active Directory, a RID Master is responsible for supplying the RID sequences to all DCs within the forest. J1K{ (Relative Identifier (RID)/ ,  Relative Identifier (RID) An identifier used with an Active Directory domain identifier to construct the SIDs for security principals within domains, and is assigned by a single DC in the forest. X'H1E  )H5Remote Operation Service Element (ROSE)5/ ,}  Remote Operation Service Element (ROSE) ROSE provides support (on an application sublayer of the OSI model) for the request/reply style of interaction between X.500 protocols. 8Hm1 *mBreplica5B/ ,5  replica A copy of a single partition of the DIB; replicas vary in functionality with somB5me types allowing writes and others being read-only. = m1 l +replica ringlB. ,  replica ring The collection of eDirectory servers holding replicas of a particular partition. ?X1 ,X replica server / ,  replica server eDirectory's term for a DSA -- a server that is running eDirectory is described as a replica server. < XE1l O -Ereplicationa . ,  replication The process of copying the contents of a DIB partition to another DSA. FE1Q + .%replication agreement %/ ,  replication agreement A replication agreement specifies the parameters that will govern the replication process. This includes factors such as role of each server, dataset to be replicated, and scheduling. Ej1O z /jreplication consumer}O%. ,  replication consumer The DSA receiving updates to the directory. Ej,1+ ` 0,replication supplierxJ. ,  replication supplier The DSA sending the directory updates. K,1 1Request For Comments (RFC)/ ,9  Request For Comments (RFC) A technical document published as a proposed standard at the end of the public review process managed by the IETF. 91z  2resolver~. ,  resolver Analogous to an X.500 DUA, the client-side software component in DNS is referred to as a DNS resolver. E1^`  3resource record (RR)/ ,  resource record (RR) A single entry in the DNS database, roughly analogous to a directory object. A resource record consists of a series of fields identifying the record type and network host associated with the record. ?< 1 ! 4<  reverse lookupY . ,  reverse lookup The DNS process of finding a host name based on IP address. D<  1   5  reverse lookup file  / ,5  reverse lookup file A special zone file referenced when a DNS name server is searching the in-addr.arpa domain to perform a reverse lookup. =   1 > 6  root context  / ,  root context A logical construct referring to the entries immediately subordinate to the root of the directory tree. <  1 O 7  root domainj  . ,  root domain The theoretical root of the DNS namespace, delimited by the terminating period. 9  1!  8  root DSE  / ,O  root DSE The directory entry that effectively represents the root of the directory tree, the root DSE stores information on the capabilities of the DSA. I  1#>  9 root knowledge reference / ,W  root knowledge reference The root knowledge references are the partitions at the root of the Directory Information Tree (DIT), used to locate the tree root. A 1O k :root name serverq. ,  root name server The root name servers in DNS are the authoritative servers for top-level domains. D @1 k ; @@runtime inheritance @@/ ,Q  runtime inheritance When using runtime inheritance, the directory dynamically gathers the relevant ACLs and calculates permissions at the time of access. 6 @A1( <A BS/KEY@ B/ ,  S/KEY The S/KEY One-Time Password system was designed to prevent intruders from obtaining user passwords via packet sniffers, and so on, and is designed to counter a replay attack. 7ABB1k b =BBBschema BB/ ,   schema The directory schema is the core information structure that defines the directory objects and their properties. > BB4C1 5 >4CCSchema MasterrBC. ,  Schema Master Used by Active Directory to control all changes to the schema for the entire forest. D4CD1)k  ?DDsecond-level domainCD/ ,m  second-level domain In DNS, a second-level domain is a domain immediately subordinate to the top-level domains, which are assigned to specific organizations or people. FDCE1b @CEEsecondary name serverDE/ ,  secondary name server A backup server for a DNS zone providing redundancy for load balancing and fault tolerance. DCE6F1  A6FGsecondary shadowingEG/ ,;  secondary shadowing In X.500 replication, secondary shadowing is where a shadow consumer becomes a shadow supplier for other shadow consumers. K6FMG1) BMG+HSecure Sockets Layer (SSL)G+H/ ,_  Secure Sockets Layer (SSL) The authentication process of Secure Sockets Layer (SSL) combines the simple password authentication method with a secure connection. DMGoH15 * CoHHSecureWay DirectorytF+HH. ,  SecureWay Directory An LDAP directory product from IBM. PoH3I1 D3IISecurity Accounts Manager (SAM)xHI. ,  Security Accounts Manager (SAM) The Windows NT subsystem responsible for handling of security principals. C3IJ1* ' EJJSecurity Authority|IJ. ,  Security Authority X.500 defines the Security Authority as the specific administrative authority for an ACSA. AJK1\ FK"Lsecurity contextJ"L/ ,  security context In Active Directory, a security context for access control is comprised of the user account data (including SID, groups, and privileges), and is assessed when a user attempts to access a protected object. DKfL1 GfL Msecurity descriptorw"L M. ,  security descriptor In Active Directory, an ACL is stored in a binary form called a security descriptor. EfLPM1 HPM%Nsecurity equivalence M%N/ ,M  security equivalence eDirectory allows the assignment of security permissions based on the security status of another user or another directory object. JPMoN1 IoN%OSecurity IDentifier (SID)%N%O/ ,  Security IDentifier (SID) area SID is defined by the NT security subsystem, and is used to identify security principals. ?oNdO1 JdO7security model%O7/ ,1  security model A conceptual model that combines a set of security technologies and operations todO7%O control access to directory information. @dOw1 g Kw security policyg7 . ,  security policy A security policy is a group of ACI items that are implemented as a set. CwO1 . LOsecurity principal / ,  security principal A network entity (such as a user or group) that can be granted permissions to access resources. [*OZ16'  MZ5Security Support Provider Interface (SSPI)5/ ,Y  Security Support Provider Interface (SSPI) Active Directory's interface for security providers, supporting Kerberos, SSL/PCT and X.509 security technologies. S"Z1 $ NQService Advertising Protocol (SAP)5Q/ ,5  Service Advertising Protocol (SAP) SAP may be used by eDirectory to support advertising and discovery of directory servers on IPX networks. @1eg D Oservice control%Q/ ,  service control LDAP service controls are used to specify preferred modes of functionality or restrictions on how the DSA handles a particular request and provides a method of specifying constraining information for a single query. P1   PService Location Protocol (SLP)/ ,  Service Location Protocol (SLP) SLP is used for advertising and location services by eDirectory running on TCP/IP networks. M 1$  Q чService Principal Name (SPN)ч/ ,-  Service Principal Name (SPN) A SPN is a unique name used to identify and register a specific instance of a service in Active Directory. 7 1.  Rshadow]ч. ,  shadow In X.500, a non-master replica of a partition is described as a shadow. ; Έ1D  SΈsshadow DSAws. ,  shadow DSA An X.500 DSA holding a shadow copy of an object is considered the shadow DSA for that object. `/ΈӉ1{  TӉSimple Authentication and Security Layer (SASL)s/ ,  Simple Authentication and Security Layer (SASL) SASL allows for the use of different security providers by supplying a way for connection-oriented protocols to specify an authentication method and optional security layer. V%ӉD1  UDSimple Mail Transport Protocol (SMTP)|. ,  Simple Mail Transport Protocol (SMTP) An industry standard protocol for email services delivered over TCP/IP. JD81 [ V8Simplified Access Control/ ,5  Simplified Access Control Functionally a subset of the X.500 basic access control scheme, simplified access control does not support ACIAs. J8K1 WKsingle master replicationpA/ ,  single master replication In single master replication, data can only be modified on one server -- although there are usually copies of the DIB on other servers. The directory server holding the master replica is also responsible for updating all other replicas whenever there is a change to the directory. EK1 X Single Sign-On (SSO) / ,C  Single Sign-On (SSO) A technology providing a method for securely storing and retrieving passwords used by applications other than the directory.  5A1 YAsite / ,S  site A site is an Active Directory term denoting a set of TCP/IP subnets with good connectivity, that is subnets that are interconnected at 10mbs or more. : AS1c ZS|site link)|/ ,  site link Site links represent the connections between networks. Site links contain the information Active Directory uses to manage the network connections for replication, defining frequency, cost, and availability for each site link. AS1 [Dsite link bridgeY|D. ,  site link bridge Combined sets of overlapping Active Directory site links. 6z1 \zFslaveDF/ ,;  slave A mode of DNS name server operations, where it is configured to send DNS queries only to name servers specified in the forwarders entry. Bz1 c ]slave name serveryKF. ,  slave name server A DNS name server operating in slave mode. T#U1E[ ^UFSpecific Administrative Areas (SAA)F/ ,  Specific Administrative Areas (SAA) SAA are defined by X.500 as subtrees of autonomous administrative areas in which entries are viewed from a specific administrative perspective. T#U1e _Specific Administrative Point (SAP)F/ ,  Specific Administrative Point (SAP) The node at the root of a specific administrative area. By attaching subentries to the specific administrative point, different types of administrative control may be defined. ; 1b ` SRV record' / ,  SRV record The Service resource record (SRV) is a DNS record type used to specify the location of named services. The SRV record maps the name of a network service to the IP address of the server providing the service (such as LDAP). O\1 a\Standalone LDAP Daemon (SLAPD)x . ,  Standalone LDAP Daemon (SLAPD) The first LDAP server, developed by a group at the University of Michigan. c2\e1E beGStandalone LDAP Update Replication Daemon (SLURPD)G/ ,g  Standalone LDAP Update Replication Daemon (SLURPD) SLURPD provides synchronization for SLAPD servers by writing a changelog file and replaying it to shadow servers. Ie10 cwStart Of Authority (SOA)Gw/ ,q  Start Of Authority (SOA) The SOA record is the first entry within a DNS zone file, and refers to the DNS name server that is authoritative for the specified DNS domain. 61 և dNstoreswN. ,  store Active Directory defines the physical storage of the directory replica as the directory store. F1ac ˆ estrong authenticationN/ ,  strong authentication Strong authentication uses public key cryptography to produce security credentials, providing controlled access to the directory, and is considered far more secure for transmission of sensitive data. A1և N fstructural class/ ,  structural class In a directory schema, structural (or effective) classes are those that are used to form the directory tree. @ 1ˆ g structure rules / ,q  structure rules In a directory schema, structure rules define the logical tree structure of the directory and determine where objects can reside and how they are named. > 11N ch1 stub resolver / ,W  stub resolver A DNS resolver component that provides a minimum functionality and relies on recursive operations for name resolution and address translation. 91D1iD(subclass (/ ,k  subclass An object is a subclass of all the objects from which it is derived. In X.500, a subclass attribute in the schema is used to denote an object's superclasses. : Db1cjbsubdomain(/ ,  subdomain Used within DNS to specify organizational subdivisions and are appended to the second level domain name. 9bK13kKsubentry/ ,5  subentry Used to select a sub-portion of the directory and to define specific properties that should be applied to that portion of the DIT. PKd11ldEsubordinate knowledge referenceE/ ,e  subordinate knowledge reference Subordinate knowledge references indicate a DIB partition directly below the current partition, and are used to walk down the tree. : d13JmsubschemaeE. ,  subschema A schema that applies to only a portion of the directory, usually a subtree. HZ1nZsubschema specific areaq. ,  subschema specific area This defines the particular directory subtree associated with a subschema. 8Z11Jo1 subtree[, / ,Y  subtree A directory subtree starts at a container object and extends downward until another subtree definition is encountered. The subtree description can also be filtered by object type so that, for example, a subtree could consist of only the user objects within a directory subtree. ; 1 1[p i superclasst i . ,  superclass Those classes from which a class definition inherits some attributes and characteristics. M  1X7q  superior knowledge reference i  / ,  superior knowledge reference A superior knowledge reference is information used by a DSA holding a naming context to locate the naming context immediately above it to form the complete directory namespace. ?  1[r  superior rules  / ,c  superior rules In a directory schema, superior rules are used in an object class definition to delimit which container objects can hold a particular object class. 9  17Bs  supplierZ  . ,  supplier The DSA that provides the data during the synchronization process. C  1t supplier reference / ,-  supplier reference A supplier reference contains information used in replication to identify the DSA that will be providing the update. G 1B usymmetric cryptography/ ,O  symmetric cryptography With symmetric (also called shared-secret or private key) cryptography, the sender and receiver share the same user-provided key. @@1v@@synchroni@zation@/ ,_  synchronization Directory synchronization is the process by which changes made to one replica of a partition are propagated to other replicas of that partition. G@7A1> ww7A.Bsynchronous operations@.B/ ,  synchronous operations Directory operations that return the actual results of the operation to the client (as opposed to asynchronous operations that return the operation's message ID). 77AeB1xeB0Csyntax.B0C/ ,9  syntax The attribute syntax determines syntactical constraints of the attribute and matching rules, defining the range of acceptable content. > eBnC1wrynCCtarget object_0CC. ,  target object The object to which an alias points, that is,, the aliased object. 7nC2D1ez2DDticketj<CD. ,x  ticket A ticket is a Kerberos security token. M2DD13 q{DETicket Granting Server (TGS)DE/ ,o  Ticket Granting Server (TGS) A TGS is part of the Key Distribution Center functionality provided by Kerberos, and supplies the tickets used in authentication processes. CDF1rۃ|FFtightly consistentvEF. ,  tightly consistent Directories whose data is kept fully synchronized are considered tightly consistent. < FF1e}FGtime serverFG/ ,-  time server Time servers provide standardized network time to directory servers and clients that rely on timestamps for data integrity. CFG1~GHTime-To-Live (TTL)GH/ ,W  Time-To-Live (TTL) The length of time a dynamic object or attribute should exist. If the information is not refreshed before the TTL expires, it is deleted. : GI1TۃI(JtombstoneH(J/ ,  tombstone When a directory object is deleted, a tombstone is created in its place in case the object needs to be re-created. If the object is not re-created after a designated time the tombstone is automatically deleted. GIoJ1'oJOKtop-level domain (tld)(JOK/ ,c  top-level domain (tld) In DNS, a top-level domain is one of the reserved domain names (.com, .org, .net and others) used to group domains by type of organization. KoJK1AKLtransitive synchronizationOKL/ ,  transitive synchronization Used by eDirectory to synchronize replicas on servers using different protocols, by employing an intermediary eDirectory server that supports both protocols. AKL1gvLMtransitive trust&LM/ ,  transitive trust Active Directory defines a transitive trust as where a trust relationship with one domain is extended automatically to any other domain trusted by the trusted domain (If C trusts B, and B trusts A, then C trusts A). BL9N19NNtransitive vectorMN/ ,  transitive vector Used by eDirectory to store information relating to current synchronization status of a replica server. f59NVO1CqVO?Transport Control Protocol/Internet Protocol (TCP/IP)N?/ ,]  Transport Control Protocol/Internet Protocol (TCP/IP) The network protocol used for communication on the InterVO?Nnet and also employed in most corporate networks. OVO1_Transport Layer Security (TLS)?/ ,  Transport Layer Security (TLS) A secure authentication process that uses password authentication over a secure connection, and requires that both the client and server have public key certificates. = ΁1vc΁tree-walking/ ,  tree-walking The process of following a series of knowledge references from partition to partition to locate a directory object. 6΁‚1<‚ȃtrustȃ/ ,  trust In Windows NT, a trust relationship defines a common security framework between domains. In Active Directory, trust relationships are transitive (automatic) for all domains with the domain tree. ; ‚1˄trust linkȃ˄/ ,3  trust link In Active Directory, a trust link is a relationship established between DCs to pass authentication information between domains. ; 1}:gHtrust pathB˄H/ ,'  trust path A trust path is defined in Active Directory as the set of trust links between domains, used for passing authentication requests -- essentially the route between the DC for a server receiving a request and the DC in the domain of the requesting user. 81c:0trusteeH0/ ,  trustee An entity that has been granted access to an eDirectory resource is considered a trustee of that resource. < l1HDlxtyped names 0x/ ,  typed names If the abbreviation corresponding to the object's naming attribute is used when forming its name, it is considered typed (for example, cn=jody). This style of naming is also known as attributed. @l1g<ltypeless namingxl/ ,   typeless naming Typeless naming does not use the naming attribute abbreviation in the object name (for example, jody). O1\Uniform Resource Locator (URL)sl\. ,  Uniform Resource Locator (URL) The common method of referencing Web sites, such as www.mythical.org. D1D*unit of replication\\*. ,  unit of replication The information set that is sent with a directory update. @j1 2j3Universal Group*3/ ,5  Universal Group In Active Directory, Universal groups can be used to provide users within the forest access to any resources in the forest. R!j1 BUniversal Naming Convention (UNC)3B/ ,  Universal Naming Convention (UNC) The naming convention used on Windows networks, UNC names take the form of \serveror \merlin. B1<up-to-date vector|MB/ ,  up-to-date vector A set of server-USN pairs maintained by every replica server in Active Directory listing all other replicas for that site, and containing the highest USN received from each. During replication, a server sends its up-to-date vector to the initiating server, which uses it to filter propagated changes. MM12MUpdate Sequence Number (USN)X)/ ,S  Update Sequence Number (USN) A USN is a unique 64-bit value used by Active Directory synchronization. When an object (oMr property) is updated, the version number is incremented and stored in the object with a new USN. USNs are compared during replication to ensure data consistency. FM1=Ȁuseful attribute sets/ ,  useful attribute sets In X.500, useful attribute sets provide a way of quickly adding a logical collection of attributes to support a specific functionality, such as postal addressing. @.1Sw.Auser attributesA/ ,  user attributes X.500 defines user attributes as those that represent the information a directory client would normally see; names, telephone numbers, and so on. User attributes do not include administrative data. G.1d User Information ModelA/ ,  User Information Model The X.500 User Information Model describes the directory, as a typical directory user would see it. The entire directory appears as one large tree with no boundaries and contains only user attributes. J1:User Principal Name (UPN)K:/ ,9  User Principal Name (UPN) A UPN is an attribute of the Active Directory user object, and must be unique across the tree. UPNs have two parts: the UPN prefix which is the user logon name, and the UPN suffix which is the DNS name of the domain containing the user object. P17nqVirtual Directory Service (VDS):q/ ,q  Virtual Directory Service (VDS) A meta-directory service that does not store any data but rather acts as a front end that redirects queries to the connected directories. = 1YWindows 2000}qY. ,  Windows 2000 The first version of Microsoft's Windows network operating system that includes Active Directory. W&1nمkWindows Internet Naming Service (WINS)Yk/ ,  Windows Internet Naming Service (WINS) WINS supplies NetBIOS name to IP address translation services for Windows NT networks. B1Ȁ=writeable replicabk=. ,  writeable replica A replica that accepts updates, usually a master or a read/write. 6s1MsX.500\*=2 2U  X.500 A set of ISO/ITU specifications that define a distributed, network-independent directory service. Information, administrative, and security models as well as distributed operation methods, client and server protocols, and APIs are described in detail. The X.500 standards collectively specify the design for a distributed directory service for managing information. These standards define a global directory service that contains and manages a logical set of information which is distributed within an array of supporting servers. s$ / X.500 directories were initially proposed for an international 'white pages' to support the messaging systems described in the X.400 specifications.418مoXDS/ ,  XDS XDS (open Directory Service) was initially developed by X/Open (now the Open Software Foundation) and the XAPI Association as a programmatic interface to X.500 DSAs, providing DAP functionality. 71ډXMLDAPk. ,  XMLDAP The iPlanet XMLDAP Directory Gateway's XML schema defines the XMLDAP markup language. K1roMXSL Transformations (XSLT)/ ,   XSL Transformations (XSLT) An XML vocabulary designed to support the transformation of XML documents between different formats. 51wzone/ ,  zone A single contiguous portion of the DNS tree, represented by a series of resource records stored in a zone file. @1fzone delegationkf. ,  zone delegation Process by which a DNS name server is given authority for a particular zone. : 11zone filef/ ,  zone file A zone file contains all data regarding a specific portion of the DNS directory -- the specific set of resource records defining hosts, services, and so on, within that zone. > 1ozone transfer1/ ,  zone transfer The process whereby a secondary receives a complete copy of the zone information from an authoritative name server. A zone transfer transmits a copy of the resource records of a specific zone to the receiving (secondary) server. 171x7~G$~# H Empty topic placeholder for Alist171U$~" 114{w ?Xwg8^A5',U€WGȭӉig9onOr[root] abstract classes Abstract Syntax Notation One (ASN.1) access control Access Control Decision Function (ACDF) Access Control Entry (ACE) Access Control Information (ACI) Access Control Inner Administrative Area (ACIA) Access Control Lists (ACL) Access Control Service Element (ACSE) Access Control Specific Administrative Area (ACSA) Access Control Specific Point (ACSP) r  ⅽFⳗ&b:,<wdX.<։鉂_-։<$a>l$=ډ?xgNW͉ACI items Active Directory Active Directory Services Interface (ADSI) Address (A) record Administrative and Operational Information Model administrative point alias ASN1 ID asymmetric cryptography asynchronous attribute attribute access attribute access permissions attribute definition attribute syntax attributed name r$  h&/~OʼncE٢dSRbŝ(߉Jklj5#Ήk^[_a(牂Ⲹ剂ɹژauthentication Authentication Server (AS) authoritative authoritative name server Autonomous Administrative Areas (AAA) auxiliary class backlink Backup Domain Controller (BDC) Basic Access Control (BAC) Berkeley Internet Name Domain (BIND) bindery bindery context bindery services boot file bridgehead server cache file j / M{(iǦe?&⿒$③]d;r+⢺|ۉN^euAⓣ⁛։ێJ%caching only name server canonical name catalog centralized directory certificate Certificate Authority (CA) chaining changelog class class definition CN (common name) CNAME record collective attribute collective attribute specific area complete replication Connectionless LDAP (CLDAP) ConsoleOne consumer f$ B@ l؀eg͉⪉c' &]Q^1XD=x2؉`4kɉ!2n⸣IZ]rxdƉ6consumer reference container object Content Rule context controls convergence country code create-time inheritance cross references database layer delegation dereferencing DIB fragment digital signature digitalme directory Directory Access Control Domain/B@ (DACD) Directory Access Markup Language (DAML) '/iBp o"~ʰG⤻41tb؉zV]MD뉂ɉDirectory Access Protocol (DAP) Directory Administrative and Operational Information Model Directory Administrative Authority Directory Distribution Model Directory Enabled Networking (DEN) Directory Functional Model Directory Information Base (DIB) Directory Information Model (DIM) Directory Information Shadowing Protocol (DISP) Directory Information Tree (DIT) Directory Interoperability Forum (DIF) B@~D ؀!F,R̠  *r4⎾扂*扂%ΧVN,FiDirectory Management Domain (DMD) directory object directory operational attribute Directory Operational Binding Management Protocol (DOP) directory service Directory Service Markup Language (DSML) Directory System Agent (DSA) Directory System Protocol (DSP) Directory User Agent (DUA) DirX DirXmetahub DirXML Distinguished Name (DN) distributed directory |iBF %ĀOvCsМ޹>L6y(њ~J|]É%l^ JDistributed Reference Link (DRL) DIT Domain DNS domain namespace domain domain component (dc) Domain Controller (DC) domain directory partition Domain Local Groups Domain Management Organization (DMO) Domain Name System (DNS) Domain Naming Master domain subtree Domain Tree domain trust DSA Information Model DSA Information Tree ~DH %1-[/L>L AhKmH~2ɉl⚶‹>>)09&~͉Bˀ‰DSA Specific Entry (DSE) DSA-shared operational attribute DSAPI dynamic directory entry Dynamic DNS (DDNS) Dynamic Host Configuration Protocol (DHCP) eDirectory effective class effective rights entry entry access entry access permissions eTrust Directory extensibility eXtensible Directory Access Protocol (XDAP) eXtensible Markup Language (XML) FJ i>c;@CDQtƉŅFѸ@⑳X\@lj⯨̒槼y`97މԉN-Extensible Storage Engine (ESE) eXtensible Stylesheet Language (XSL) extension external reference federated naming filter flat namespace floating master Floating Single Master Operation (FSMO) forest forest root forwarder full replica Fully Distinguished Name (FDN) Fully Qualified Domain Name (FQDN) Generic Security Service API (GSSAPI) ~HL Pـ@[a zЉS\Љ)L/6؎ @IJ@&ⰥmI˾S>‰u:bGlobal Catalog (GC) global group Globally Unique IDentifier (GUID) granularity group policy hierarchy host in.addr.arpa incremental replication incremental zone transfer Infrastructure Master inheritance inherited ACL inherited rights Inherited Rights Filter(IRF) Inner Administrative Areas(IAA) Inner Administrative Point (IAP) 0J Op eelWRE⏺;_W8⟰Ɖ&r!:⽱ϟinstance International Standards Organization (ISO) International Telecommunications Union (ITU) Internet Assigned Numbers Authority (IANA) Internet Corporation for Assigned Names and Numbers (ICANN) Internet Engineering Task Force (IETF) Internetwork Packet eXchange (IPX) iPlanet Directory Server iPlanet Directory Server Integration Edition iterative name resolution Java Naming and Directory Interface (JNDI) L2 yڀ[Jq@ɉΰIJQO҉⾀y:Ysu _>4Jot ANsV>Kerberos Key Distribution Center (KDC) Knowledge Consistency Checker (KCC) knowledge referenc O2es lame delegation latency LDAP C API LDAP Data Interchange Format (LDIF) LDAP URL (Uniform Resource Locator) leaf object Lightweight Directory Access Protocol (LDAP) location service location-independence logical naming model loosely-consistent replication f O9 chgG'ky牂2I;eI)p:%]Hz0^)qx䏉#kZ tt#J~ mandatory attribute master master DSA master name server master replica matching rules meta-directory Microsoft Management Console (MMC) Microsoft Meta-Directory Services mixed environment mixed mode multicasting multimaster replication multivalued RDN name form name query name resolution name server k2> t 5Ӊ+ jb6䞉ȃ扂扂=򳉂+ˆ%R !;z<݉gⷤ(}+rm'[ꉂnamespace naming attribute naming context naming model Native Mode NetBIOS NetSync NetWare Administrator NetWare Name Services (NNS) Nexor Directory non-effective class Non-specific Subordinate Reference (NSSR) non-writeable replica Novell Directory Services Novell LDAP (NLDAP) object Object IDentifier (OID) |9[ &bu‰kG⚰.Sc~fv+(;K 8ⰥE>!t/ȱӅ[.QXz@/jOpen Systems Interconnect (OSI) OpenLDAP operational attributes operational extensions operations master optional attributes originating write partial replica partition partition root Passport PDC Emulator permissions permutability physical naming model Primary Domain Controller (PDC) Primary name server primary shadowing >y %oL U"ZIYp"BxSJ5uX9ۉh꾉⃰6͉YJPrivate Communications Technology (PCT) propagation property Property Version Numbers (PVN) Public Key Infrastructure (PKI) Quality of Service (QoS) RadiantOne VDS read/write replica recursive query referral Relative Distinguished Name (RDN) relative domain names Relative ID (RID) Master Relative Identifier (RID) Remote Operation Service Element (ROSE) d[~ PZFɀ∊ [ |*0N$2/Ή+xv\鉂B⠘i牂0Sug//iQΉx (`8:&replica replica ring replica server replication replication agreement replication consumer replication supplier Request For Comments (RFC) resolver resource record (RR) reverse lookup reverse lookup file root context root domain root DSE root knowledge reference root name server runtime inheritance vy Sf!6Nz+"Hag퉂Eˉ`Jn?:al[2'%_m:7-s⾂I"S/KEY schema Schema Master second-level domain secondary name server secondary shadowing Secure Sockets Layer (SSL) SecureWay Directory Security Accounts Manager (SAM) Security Authority security context security descriptor security equivalence Security IDentifier (SID) security model security policy security principal ~ ؀Y&k <t{8X5E07Z:6)i XvF)Q0+%<Security Support Provider Interface (SSPI) Service Advertising Protocol (SAP) service control Service Location Protocol (SLP) Service Principal Name (SPN) shadow shadow DSA Simple Authentication and Security Layer (SASL) Simple Mail Transport Protocol (SMTP) Simplified Access Control single master replication Single Sign-On (SSO) site site link w ▊C؀OD⹟.Icڡt≂I:JN.ChNΔk5t9?(g։site link bridge slave slave name server Specific Administrative Areas (SAA) Specific Administrative Point (SAP) SRV record Standalone LDAP Daemon (SLAPD) Standalone LDAP Update Replication Daemon (SLURPD) Start Of Authority (SOA) store strong authentication structural class structure rules stub resolver subclass subdomain h >(mFMWT4qˉ?JYz=DҥL2subentry subordinate knowledge reference subschema subschema specific area subtree superclass superior knowledge reference superior rules supplier supplier reference symmetric cryptography synchronization synchronous operations syntax target object ticket Ticket Granting Server (TGS) tightly consistent t ԒZӭVQٛA.S..躊py/\0J⪼b‰Qa1ԉ96ԉ-NnC[Ltime server Time-To-Live (TTL) tombstone top-level domain (tld) transitive synchronization transitive trust transitive vector Transport Control Protocol/Internet Protocol (TCP/IP) Transport Layer Security (TLS) tree-walking trust trust link trust path trustee typed names typeless naming Uniform Resource Locator (URL) r }.y@ -wHe'_bsߵaj"f]-6 ;J<'u a$ca`5g$ˀ‰unit of replication Universal Group Universal Naming Convention (UNC) up-to-date vector Update Sequence Number (USN) useful attribute sets user attributes User Information Model User Principal Name (UPN) Virtual Directory Service (VDS) Windows 2000 Windows Internet Naming Service (WINS) writeable replica X.500 XDS XML c{L h6d۷$3fsS?JXMLDAP XSL Transformations (XSLT) zone zone delegation zone file zone transfer 11U${" 11 - (rDirectory services provide an information management technology that can be applied to a wide range of internal and external business operations, and are becoming integral to network operating systems. Directory services operate within a network to facilitate access to network resources, and to ease network administration and usage. A typical directory provides services that support resource location, user and group management, network security, and distributed application requirements.3 4W⎾*扂Directory services are based in a client/server model, where the Directory System Agents (DSAs) is the server component and the Directory User Agent (DUA) which supplies the client-side functionality.A directory service design also defines software agents that provide directory access by performing the needed lookup and object manipulation tasks. Directory services operate by using a client/server exchange between an agent that accesses the directory and an agent that provides services to the network client. The server agent also provides a means for communication among server software components to allow multiple physical servers to act as one logical directory. % Directory service products are commonly categorized by the types of objects they contain (scope of content) and the types of client and management functionality (range of services) they support.11Q =c V z]rxdrm_-։+=/;The directory contains a set of information about network resources, including users, workstations, servers, and the services they provide.c  A object (or object ) is a data structure with a specified set of attributes and syntax which commonly represents a network entity (user, server, etc.). Every object definition has a specific set of attributes (also called properties) which are either mandatory or optional, and is constrained to a particular type of syntax.Q 7 ~J|It then explores key directory standards and technologies: X.500, LDAP, and DNSNext, directory service products which conform to the X.500 standards are described, followed by a discussion of LDAP-only directory implementations.Subsequently, individual chapters focus on the design and operations of the two leading network directory services.The meta-directory technologies are next described, explaining the underlying approaches to directory integration, and reviewing key meta-directory products.<. - (Markup languages designed for directory services are explored, focusing on the industry standard DSML and detailing Novell's comprehensive DirXML solution.Finally, the book provides a detailed explanation of how to evaluate a directory service for your business. 1w 1W & # 1 ; 1U; _ $ _ " 1; 1R (_  ǻXbc~d#fYg7hi]j3lUnderstanding Directory Services Introduction to Directory Services Evolution of Directory Services Storing Directory Information X.500: A Model for Directory Services LDAP: Lightweight Directory Access Protocol DNS: The Domain Name System X.500 Directory Services LDAP-only Directory Services Novell eDirectory   kɉaɉvJbɉ cɉj0Cv!Buy this book...,EF(`http://www.amazon.com/exec/obidos/ISBN=0735709106/ref=nosim/sysresearchcomA/',`',3,`ExecError');CW(`instruct');CW(`define') Active Directory Meta-Directory Services Directory Markup Languages Evaluating Directory Services Who This Book is For How this Book is Organized About this book 1 1 h d8 F , &qǻWritten by two computer industry veterans, Understanding Directory Services is the most in-depth resource available on directory services theory, architecture, and design. It provides the conceptual framework and critical technical information for IT professionals who are using directory services in their networks or e-business solutions. The 1st edition of this book covered the underlying directory service technologies (X.500, LDAP, DNS), and integrated the information from a networking perspective with a special focus on eDirectory and Active Directory. & ' [The 2nd Edition extends this coverage to the LDAP-Based directories (such as iPlanet and SecureWay) and the X.500-based enterprise directory servF & ices (including eTrust, DirX, and Nexor), and covers the emerging meta-directory technologies and products which are crucial to the integration of the multiple directories in an enterprise networking environment. By explaining the origins and technologies of directory services, and clarifying the integration of key directory technologies into network and e-commerce platforms, Understanding Directory Services gives you the information you need to understand the underlying design and operations involved in all directory services.BF h , (,,:why this book ? 1& 1 * h u + $cWhat benefits does a Directory Service Provide ? For most administrators, the decision to implement comprehensive directory services on a network requires a significant change in how the network is organized, managed, and dealt with by network users. Implementation of such a directory service may require new software and hardware, as well as training of users and administrators alike.To justify the cost of the disruption, training, and additional hardware and software, a directory service has to provide substantial benefits. Although cost and risk factors are involved, comprehensive directory services can enhance your enterprise network by providing the following benefits:" * S""3։"""&"b" Facilitates distributed networking Eases network administration Enhances network reliability and performance Unifies access to distributed resources Improves security How are Directory Services Used ? How are Directories Integrated ? 1u [ 17[  *  ) 5How Are Directories Integrated?Directory integration can take on many forms -- from sharing little (or no) information to exchanging security credentials and all directory information. For example, an email directory may (or may not) share its email directory information with other applications. In contrast, a meta-directory program is likely to exchange information with many commercial directories, and unify the information for administrative purposes. A general-purpose directory service might be used to integrate the information of many diverse sources (including other directories), and provide top-down management of distributed information systems.[ % STo control resources in a network environment, many components of the network information structure (services, applications, etc.) maintain discrete directory services and databases, identifying the users of each specific service or resource, as well as other administrative information. A typical corporate network environment includes multiple NOS and application directories that authenticate users and provide access to network resources. Each of these directories is likely to have a different naming convention, proprietary datastore, and set of administrative tools. Each directory implementation has a different schema, further complicating directory interoperability.  '  Although these discrete directories frequently have little in common, what many directories do share is the information contained within them. A single network user will commonly have an entry in each of the multiple directories, often with the same information duplicated.As you might guess, much of the information stored in any given directory is likely to be duplicated within another directory service. Security concerns arise with redundant directory information as each user on your network must have an account within the NOS directory and another account for email (at a minimum), each requiring a unique logon name and password. ]6  ' mAnother issue with separate directory structures is data synchr  * onization between directories. If user information is changed in a specific directory in one location, this data must then be propagated to the other directories that use different storage and synchronization methods, and compatibility issues arise. Directory integration can take multiple forms: The controlling directory can update the external directory while allowing the external directory's native tools to also manage it, or one directory can subsume the other directory totally, and so on.  % An enterprise-wide directory service can be used to integrate discrete physical and logical namespaces into a unified administrative environment. Although migration of a heterogeneous network to a unified directory namespace does involve substantive namespace interoperability factors, they can be addressed at programmatic levels and thus remain transparent to the network client. 1  17  m( F E XQHow Are Directory Services Used? Not surprisingly, the answer to this question depends on whom you ask.The network administrators, applications, and the people who have to use your distributed enterprise network all use the directory for different purposes (and they use different interfaces).People use directory services to find and access network resources and the enterprise information stored there. People commonly interact with the directory via client-side applications, web browsers, and extensions to the NOS user interface.g  2 2Network administrators use directory services to help manage the complex requirements of a distributed network environment. In addition to the client-side interfaces described previously, administrators also use server-side directory management and schema management tools to manage the enterprise network.Distributed applications use directory services to identify and connect to network resources (especially users) and to store application-specific data. Applications use commonly available APIs and protocols to use the directory service operations and to store application-specific configuration data.1F  1S 2 I  Y ) AEases Network Administration One of the issues facing network administrators is the lack of ability to organize enterprise subdivisions and network resources in a unified and hierarchical fashion. The integration of network resource data provided by directory services consolidates the tasks involved in administration of the network and minimizes task complexity with regard to managing services, systems, and user accounts. Directory services provide a greater degree of administrative flexibility and control, including the following:  2 @ N31>%H Single point of administrationFiner degree of control Delegation of administrationDirectory tree hierarchy can reflect business structure 1Y c 1c {S2 ( Single point of administrationDirectory services enable comprehensive network administration from any point within the network. With a unified directory tree and a single point of logon, it's possible to administer the entire network and its resources from any point within the network, instead of having to be at a specific computer.1c  1V >@ # >@ ( Finer degree of controlDirectory services provide the network administrator with far greater control over exactly what information an individual has access to, as well as information relating to the user's ability to change the information. Access rights can be set on individual properties of a directory object, providing enhanced control of information. The increased granularity of access control available in directory services greatly improves the >@ ability to assign discrete administrative tasks.1 o@ 1so@ B B>@ B ( 5Delegation of administration Directory services allow the administration of the network to be delegated as needed, allowing organizational subdivisions to be locally administered by granting network administrators the rights to manage local user and group accounts. Especially with larger enterprise networks, this is an important capability because it enables the administrator to subdivide and delegate network responsibilities and administration tasks along the same organizational subdivisions that exist within the corporation. 1o@ B 1B E B E * "}Directory tree hierarchy can reflect business structureThe directory service hierarchy is implemented as a logical tree that can model the structure of your enterprise, providing operational and administrative boundaries. The hierarchical modeling of your organizational structure facilitates easy delegation of administrative control and administrative tasks.When designing a directory tree, you can use the hierarchical properties of directory objects to reflect your organizational structure, network topology, and operational needs. You can use the inherent properties of the object hierarchy and flow of access rights to help structure and delineate the organization of your directory tree.> B F 1^F (L CW(`define')BE JH @ NHow this Book is Organized If you need to understand what directory services are and how they work, Understanding Directory Services, Second Edition is the book for you. The book covers: * Directory Services Architecture -- What directory services are, how they are designed, and what functionality they provide. * Core directory service technologies-- covering the X.500 standards, LDAP, and DNS in depth. * Network directory services-- comprehensive chapters on eDirectory and Active Directory.F dJ C T * LDAP directory services-- including iPlanet, SecureWay, and OpenLDAP * X.500 directory services-- including eTrust, DirX, and Nexor * Meta-directory services-- background theory and coverage of DirXmetahub, iPlanet Meta-directory, DirXML, RadiantOne VDS, and Microsoft MMS * How to evaluate directory services-- provides evaluation dimensions and criteria for assessing a directory service product, and a review of current directory service products.JH (L $ ADirectory services are a dense topic, filled with as many acronyms and models as any other networking technology. By presenting information in small pieces, starting with the big picture and then focusing on details, we hope to make the topic easier to grasp. Accordingly, this book is designed to be read in a linear fashion, where material in later chapters builds on information presented in earlier chapters. > dJ fL 1fL (N CW(`define')(L (N 1 0#ǻWho This Book is For Understanding Directory Services is designed for IT professionals and anyone studying network or directory service technologies. If you want to understand the subject of directory services, then this is the right book for you.Readers should be familiar with the basics of networking theory and operations, as understanding of network terminology and concepts is assumed.1fL YN 1UYN }N $(N }N " > YN N 1/N CW(`define')1}N V zdEF(`http://www.amazon.com/exec/obidos/ISBN=185032879x/ref=nosim/sysresearchcomA/',`',5,`ExecError')"WEF(`http://www.isi.salford.ac.uk/staff/dwc/Version.Web/Contents.htm',`',5,`ExecError')";EF(`http://www.ietf.org/rfc/rfc1249.txt',`',5,`EN }N xecError')X500 Books X.500 Directory Services Understanding X.500: The Directory X.500-related RFCs1249 'DIXIE Protocol Specification.' T. Howes, M. Smith, and B. Beecher, (August 1991, Informational)N w 3;EF(`http://www.ietf.org/rfc/rfc1274.txt',`',5,`ExecError');EF(`http://www.ietf.org/rfc/rfc1275.txt',`',5,`ExecError');EF(`http://www.ietf.org/rfc/rfc1276.txt',`',5,`ExecError')1274 'The COSINE and Internet X.500.' Schema P. Barker and S. Kille, (November 1991, Proposed standard)1275 'Replication Requirements to Provide an Internet Directory Using X.500.' S.E. Hardcastle-Kille, (November 1991, Informational)1276 'Replication and Distributed Operations Extensions to Provide an Internet Directory Using X.500.' S.E. Hardcastle-Kille, (November 1991, Proposed standard)Pj Dž ;EF(`http://www.ietf.org/rfc/rfc1279.txt',`',5,`ExecError');EF(`http://www.ietf.org/rfc/rfc1308.txt',`',5,`ExecError');EF(`http://www.ietf.org/rfc/rfc1309.txt',`',5,`ExecError')1279 'X.500 and Domains.' S.E. Hardcastle-Kille, (November 1991, Experimental)1308 'Executive Introduction to Directory Services Using the X.500 Protocol.' C. Weider, J. Reynolds, (March 1992, Informational)1309 'Technical Overview of Directory Services Using the X.500 Protocol.' C. Weider, J. Reynolds, and S. Heker, (March 1992, Informational)w ;EF(`http://www.ietf.org/rfc/rfc1330.txt',`',5,`ExecError');EF(`http://www.ietf.org/rfc/rfc1373.txt',`',5,`ExecError');EF(`http://www.ietf.org/rfc/rfc1430.txt',`',5,`ExecError')1330 'Recommendations for the Phase I Deployment of OSI Directory Services (X.500) and OSI Message Handling Services (X.400) Within the ESNET Community.' ESCC X.500/X.400 Task Force, ESnet Site Coordinating Committee (ESCC), (May 1992, Informational)1373 'Portable DUAs.' T. Tignor, (October 1992, Informational)1430 'A Strategic Plan for Deploying an Internet X.500 Directory Service.' S. Hardcastle-Kille, E. Huizer, V. Cerf, R. Hobby, and S. Kent, (February 1993, Informational)^Dž t ;EF(`http://www.ietf.org/rfc/rfc1431.txt',`',5,`ExecError')1431 'DUA Metrics (OSI-DS 33 [v2]).' P. Barker, (February 1993, Informational)X.500 StandardsX.500 Information Technology - Open Systems Interconnection - The Directory: Overview of Concepts, Models, and Services, first published in 1988.X.501 Information Technology - Open Systems Interconnection - The Directory: Models, first published in 1988.X.509 Information Technology - Open Systems Interconnection - The Directory: Authentication Framework, first published in 1988.? 9 + $)X.511 Information Technology - Open Systems Interconnection - The Directory: Abstract Service Definition, first published in 1988.X.518 Information Technology - Open Systems Interconnection - The Directory: Procedures for Distributed Operation, first published in 1988.X.519 Information Technology - Open Systems Interconnection - The Directory: Protocol Specifications, first published in 1988.X.520 Information Technology - Open Systems Interconnection - The Directory: Selected Attribute Types, first published in 1988. ( 7X.521 Information Technology - Open Systems Interconnection - The Directory: Selected Object Classes, first published in 1988.X.525 Information Technology - Open Systems Interconnection - The Directory: Replication, first published in 1993.X.530 Information Technology - Open Systems Interconnection - The Directory: Use of Systems Management for Administration of the Directory, first published in 1997.> 9 : 1: CW(`define')_  _ dEF(`http://www.amazon.com/exec/obidos/ISBN=1578700701/ref=nosim/sysresearchcomA/',`',5,`ExecError')"dEF(`http://www.amazon.com/exec/obidos:  /ISBN=1578700000/ref=nosim/sysresearchcomA/',`',5,`ExecError')";EF(`http://www.ietf.org/rfc/rfc1778.txt',`',5,`ExecError')LDAP Books Understanding and Deploying LDAP Services LDAP: Programming Directory-Enabled Applications with Lightweight Directory Access ProtocolLDAP RFCs1778 'The String Representation of Standard Attribute Syntaxes.' T. Howes, S. Kille, W. Yeong, and C. Robbins, (March 1995, [obsoletes 1488, updated by 2559] Draft standard)*D: . ;EF(`http://www.ietf.org/rfc/rfc1823.txt',`',5,`ExecError');EF(`http://www.ietf.org/rfc/rfc1959.txt',`',5,`ExecError');EF(`http://www.ietf.org/rfc/rfc2164.txt',`',5,`ExecError')1823 'The LDAP Application Program Interface.' T. Howes and M. Smith, (August 1995, Informational)1959 'An LDAP URL Format.' T. Howes and M. Smith, (June 1996, Proposed standard)2164 'Use of an X.500/LDAP Directory to Support MIXER Address Mapping.' S. Kille, (January 1998 [obsoletes 1838], Proposed standard) 7;EF(`http://www.ietf.org/rfc/rfc2247.txt',`',5,`ExecError');EF(`http://www.ietf.org/rfc/rfc2251.txt',`',5,`ExecError');EF(`http://www.ietf.org/rfc/rfc2252.txt',`',5,`ExecError')2247 'Using Domains in LDAP/X.500 Distinguished Names.' S. Kille, M. Wahl, A. Grimstad, R. Huber, and S. Sataluri, (January 1998, Proposed standard)2251 'Lightweight Directory Access Protocol (v3).' M. Wahl, T. Howes, and S. Kille. (December 1997, Proposed standard)2252 'Lightweight Directory Access Protocol (v3).' M. Wahl, A. Coulbeck, T. Howes, and S. Kille, (December 1997, Proposed standard)5O. ;EF(`http://www.ietf.org/rfc/rfc2253.txt',`',5,`ExecError');EF(`http://www.ietf.org/rfc/rfc2254.txt',`',5,`ExecError');EF(`http://www.ietf.org/rfc/rfc2255.txt',`',5,`ExecError')2253 'Lightweight Directory Access Protocol (v3).' M. Wahl, S. Kille, and T. Howes. (December 1997, Proposed standard)2254 'The String Representation of LDAP Search Filters.' T. Howes, (December 1997 [obsoletes 1960], Proposed standard)2255 'The LDAP URL Format.' T. Howes and M. Smith, (December 1997, Proposed standard)m Q ;EF(`http://www.ietf.org/rfc/rfc2256.txt',`',5,`ExecError');EF(`http://www.ietf.org/rfc/rfc2307.txt',`',5,`ExecError');EF(`http://www.ietf.org/rfc/rfc2559.txt',`',5,`ExecError')2256 'A Summary of the X.500(96) User Schema for Use with LDAPv3.' M. Wahl, (December 1997, Proposed standard)2307 'An Approach for Using LDAP as a Network Information Service.' L.Howard, (March 1998, Experimental)2559 'Internet X.509 Public Key Infrastructure Operational Protocols - LDAPv2.' S. Boeyen, T. Howes, and P. Richard, (April 1999 [updates 1778], Proposed standard)q ;EF(`http://www.ietf.org/rfc/rfc2587.txt',`',5,`ExecError');EF(`http://www.ietf.org/rfc/rfc2589.txt',`',5,`ExecError');EF(`http://www.ietf.org/rfc/rfc2596.txt',`',5,`ExecError')2587 'Internet X.509 Public Key Infrastructure LDAPv2 Schema.' S. Boeyen, T. Howes, and P. Richard, (June 1999, Proposed standard)2589 'Lightweight Directory Access Protocol (v3): Extensions for Dynamic -Directory Services.' Y. Yaacovi, M. Wahl, and T. Genovese, (May 1999, Proposed standard)2596 'Use of Language Codes in LDAP.' M. Wahl and T. Howes, (May 1999, Proposed standard)Q  ΁#;EF(`http://www.ietf.org/rfc/rfc2649.txt',`',5,`ExecError');EF(`http://www.ietf.org/rfc/rfc2657.txt',`',5,`ExecError')NEF(`http://www.ietf.org/html.charters/ldapbis-charter.html',`',5,`ExecError')2649 'An LDAP Control and Schema for Holding Operation Signatures.' B. Greenblatt and P. Richard, (August 1999, Experimental)2657 'LDAPv2 Client versus the Index Mesh.' R. Hedberg, (August 1999, Experimental)Other LDAP ResourcesLDAP (v3) Revision (ldapbis)U \NEF(`http ://www.ietf.org/html.charters/ldapext-charter.html',`',5,`ExecError')KEF(`http://www.ietf.org/html.charters/ldup-charter.html',`',5,`ExecError')LDAP Extension (ldapext)LDAP Duplication/Replication/Update Protocols (ldup)> 8 178 CW(`define')u   dEF(`http://www.amazon.com/exec/obidos/ISBN=1565925122/ref=nosim/sysresearchcomA/',`',5,`ExecError')"dEF(`http://www.amazon.com/exec/obidos/ISBN=1562059432/ref=nosim/sysresearchcomA/',`',5,`ExecError')":EF(`http://www.ietf.org/rfc/rfc805.txt',`',5,`ExecError'):EF(`http://www.ietf.org/rfc/rfc811.txt',`',5,`ExecError')DNS Books DNS and BIND Windows NT DNSDNS RFCs805 'Computer Mail Meeting Notes.' J. Postel, (February 1982)811 'Hostnames Server.' K. Harrenstien, V. White, and E. Feinler, (March 1982)78  o:EF(`http://www.ietf.org/rfc/rfc819.txt',`',5,`ExecError'):EF(`http://www.ietf.org/rfc/rfc881.txt',`',5,`ExecError'):EF(`http://www.ietf.org/rfc/rfc897.txt',`',5,`ExecError')819 'The Domain Naming Convention for Internet User Applications.' Z. Su andJ. Postel, (August 1982)881 'The Domain Names Plan and Schedule.' J. Postel, (November 1983 [updated by 897, 921])897 'Domain Name System Implementation Schedule.' J. Postel, (February 1984 [updates 881; updated by 921])v b $ :EF(`http://www.ietf.org/rfc/rfc920.txt',`',5,`ExecError'):EF(`http://www.ietf.org/rfc/rfc921.txt',`',5,`ExecError'):EF(`http://www.ietf.org/rfc/rfc952.txt',`',5,`ExecError');EF(`http://www.ietf.org/rfc/rfc 974.txt',`',5,`ExecError')920 'Domain Requirements.' J. Postel and J. Reynolds, (October 1984)921 'Domain Name System Implementation Schedule.' Revised by J. Postel, (October 1984 [updates 897, 881])952 'DoD Internet Host Table Specification', K. Harrenstien, M. Stahl, E. Feinler, (October 1985)974 'Mail Routing and the Domain System.' Craig Partridge, (January 1986, Standard). I` <EF(`http://www.ietf.org/rfc/rfc 1032.txt',`',5,`ExecError')<EF(`http://www.ietf.org/rfc/rfc 1033.txt',`',5,`ExecError')<EF(`http://www.ietf.org/rfc/rfc 1034.txt',`',5,`ExecError')1032 'Domain Administrators Guide.' M. Stahl, (November 1987). 1033 'Domain Administrators Operations Guide.' M. Lottor, (November 1987 [updated by 1912]). 1034 'Domain Names Concepts and Facilities.' P. Mockapetris, (November 1987 [obsoletes 882, 883, 973; updated by 1101, 1122, 1183, 1706, 1876, 1982, 2181, 2308 2535], Standard). ab <EF(`http://www.ietf.org/rfc/rfc 1035.txt',`',5,`ExecError')<EF(`http://www.ietf.org/rfc/rfc 1101.txt',`',5,`ExecError')1035 'Domain Names Implementation and Specification.' P. Mockapetris, (November 1987 [obsoletes 882, 883, 973; updated by 1101, 1122, 1183, 1706, 1876, 1982, 1995, 1996, 2052, 2136, 2137, 2181, 2308, 2535], Standard). 1101 'DNS Encoding of Network Names and Other Types.' P. Mockapetris, (April 1989 [updates 1034, 1035], Proposed standard). Ne  <EF(`http://www.ietf.org/rfc/rfc 1122.txt',`',5,`ExecError')<EF(`http://www.ietf.org/rfc/rfc 1123.txt',`',5,`ExecError')<EF(`http://www.ietf.org/rfc/rfc 1178.txt',`',5,`ExecError')1122 'Requirements for Internet HostsCommunication Layers.' Edited by R. Braden, (October 1989 [updates 1034, 1035], Standard). 1123 'Requirements for Internet HostsApplication and Support.' Edited by R. Braden, (October 1989 [updated by 2181], Standard). 1178 'Choosing a Name for Your Computer.' D. Libes, (August 1990, Informational). r A <EF(`http://www.ietf.org/rfc/rfc 1183.txt',`',5,`ExecError')<EF(`http://www.ietf.org/rfc/rfc 1464.txt',`',5,`ExecError')<EF(`http://www.ietf.org/rfc/rfc 1480.txt',`',5,`ExecError')1183 'New DNS RR  A Definitions.' C. Everhart, L. Mamakos, and R. Ullmann, and edited by P. Mockapetris, (October 1990 [updates 1034, 1035; updated by 2052], Experimental). 1464 'Using the Domain Name System to Store Arbitrary String Attributes.' R. Rosenbaum, (May 1993, Experimental). 1480 'The US Domain.' A. Cooper and J. Postel, (June 1993 [obsoletes 1386], Informational). k C <EF(`http://www.ietf.org/rfc/rfc 1535.txt',`',5,`ExecError')<EF(`http://www.ietf.org/rfc/rfc 1536.txt',`',5,`ExecError')<EF(`http://www.ietf.org/rfc/rfc 1591.txt',`',5,`ExecError')1535 'A Security Problem and Proposed Correction with Widely Deployed DNS Software.' E. Gavron, (October 1993, Informational). 1536 'Common DNS Implementation Errors and Suggested Fixes.' A. Kumar, J. Postel, C. Neuman, P. Danzig, and S. Miller, (October 1993, Informational). 1591 'Domain Name System Structure and Delegation.' J. Postel, (March 1994, Informational). ;RA %F <EF(`http://www.ietf.org/rfc/rfc 1611.txt',`',5,`ExecError')<EF(`http://www.ietf.org/rfc/rfc 1612.txt',`',5,`ExecError')<EF(`http://www.ietf.org/rfc/rfc 1706.txt',`',5,`ExecError')1611 'DNS Server MIB Extensions.' R. Austein and J. Saperia, (May 1994, Proposed standard). 1612 'DNS Resolver MIB Extensions.' R. Austein and J. Saperia, (May 1994, Proposed standard). 1706 'DNS NSAP Resource Records.' B. Manning and R. Colella, (October 1994 [obsoletes 1348, 1637; updates 1034, 1035], Informational). VmC {H <EF(`http://www.ietf.org/rfc/rfc 1713.txt',`',5,`ExecError')<EF(`http://www.ietf.org/rfc/rfc 1794.txt',`',5,`ExecError')<EF(`http://www.ietf.org/rfc/rfc 1876.txt',`',5,`ExecError')1713 'Tools for DNS Debugging.' A. Romao, (November 1994, Informational). 1794 'DNS Support for Load Balancing.' T. Brisco, (April 1995, Informational). 1876 'A Means for Expressing Location Information in the Domain Name System.' C. Davis, P. Vixie, T. Goodwin, and I. Dickinson, (January 1996 [obsoletes 1712; updates 1034, 1035], Experimental). Of%F J <EF(`http://www.ietf.org/rfc/rfc 1884.txt',`',5,`ExecError')<EF(`http://www.ietf.org/rfc/rfc 1886.txt',`',5,`ExecError')<EF(`http://www.ietf.org/rfc/rfc 1912.txt',`',5,`ExecError')1884 'IP Version 6 Addressing Architecture.' Edited by R. Hinden and S. Deering, (December 1995, Proposed standard). 1886 'DNS Extensions to Support IP Version 6.' S. Thomson and C. Huitema, (December 1995, Proposed standard). 1912 'Common DNS Operational and Configuration Errors.' D. Barr, (February 1996 [obsoletes 1537], Informational). )@{H L <EF(`http://www.ietf.org/rfc/rfc 1956.txt',`',5,`ExecError')<EF(`http://www.ietf.org/rfc/rfc 1982.txt',`',5,`ExecError')<EF(`http://www.ietf.org/rfc/rfc 1995.txt',`',5,`ExecError')1956 'Registration in the MIL Domain.' D. Engebretson and R. Plzak, (June 1996, Informational). 1982 'Serial Number Arithmetic.' R. Elz and R. Bush, (August 1996 [updates 1034, 1035], Proposed standard). 1995 'Incremental Zone Transfer in DNS.' M. Ohta, (August 1996 [updates 1035], Proposed standard). J sO /<EF(`http://www.ietf.org/rfc/rfc 1996.txt',`',5,`ExecError')<EF(`http://www.ietf.org/rfc/rfc 2010.txt',`',5,`ExecError')<EF(`http://www.ietf.org/rfc/rfc 2052.txt',`',5,`ExecError')1996 'Notify: A Mechanism for Prompt Notification of Authority Zone Changes.' P. Vixie, (August 1996 [updates 1035], Proposed standard). 2010 'Operational Criteria for Root Name Servers.' B. Manning and P. Vixie, (October 1996, Informational). 2052 'A DNS RR for Specifying the Location of Services (DNS SRV).' A. Gulbrandsen and P. Vixie, (October 1996 [updates 1035 1183], Experimental). f}L <EF(`http://www.ietf.org/rfc/rfc 2053.txt',`',5,`ExecError')<EF(`http://www.ietf.org/rfc/rfc 2136.sO txt',`',5,`ExecError')<EF(`http://www.ietf.org/rfc/rfc 2137.txt',`',5,`ExecError')2053 'The AM (Armenia) Domain.' E. Der-Danieliantz, (October 1996, Informational). 2136 'Dynamic Updates in the Domain Name System (DNS UPDATE).' P. Vixie (editor), S. Thomson, Y. Rekhter, and J. Bound, (April 1997 [updates 1035], Proposed standard). 2137 'Secure Domain Name System Dynamic Update.' D. Eastlake III (April 1997 [updates 1035], Proposed standard). sO z Y<EF(`http://www.ietf.org/rfc/rfc 2146.txt',`',5,`ExecError')<EF(`http://www.ietf.org/rfc/rfc 2163.txt',`',5,`ExecError')<EF(`http://www.ietf.org/rfc/rfc 2168.txt',`',5,`ExecError')2146 'U.S. Government Internet Domain Names.' Federal Networking Council, (May 1997 [obsoletes 1816], Informational). 2163 'Using the Internet DNS to Distribute MIXER Conformant Global Address Mapping (MCGAM).' C. Allocchio, (January 1998 [obsoletes 1664], Proposed standard). 2168 'Resolution of Uniform Resource Identifiers Using the Domain Name System.' R. Daniel and M. Mealling, (June 1997, Experimental). Vm І <EF(`http://www.ietf.org/rfc/rfc 2181.txt',`',5,`ExecError')<EF(`http://www.ietf.org/rfc/rfc 2182.txt',`',5,`ExecError')<EF(`http://www.ietf.org/rfc/rfc 2219.txt',`',5,`ExecError')2181 'Clarifications to the DNS Specification.' R. Elz and R. Bush, (July 1997 [updates 1034, 1035 1123; updated by 2535], Proposed standard). 2182 'Selection and Operation of Secondary DNS Servers.' R. Elz, R. Bush, S. Bradner, and M. Patton, (July 1997). 2219 'Use of DNS Aliases for Network Services.' M. Hamilton and R. Wright, (October 1997). Mdz  <EF(`http://www.ietf.org/rfc/rfc 2230.txt',`',5,`ExecError')<EF(`http://www.ietf.org/rfc/rfc 2240.txt',`',5,`ExecError')<EF(`http://www.ietf.org/rfc/rfc 2247.txt',`',5,`ExecError')2230 'Key Exchange Delegation Record for the DNS.' R. Atkinson, (November 1997, Informational). 2240 'A Legal Basis for Domain Name Allocation.' O. Vaughan, (November 1997, Informational). 2247 'Using Domains in LDAP/X.500 Distinguished Names.' S. Kille, M. Wahl, A. Grimstad, R. Huber, and S. Sataluri, (January 1998, Proposed standard). (?І E <EF(`http://www.ietf.org/rfc/rfc 2307.txt',`',5,`ExecError')<EF(`http://www.ietf.org/rfc/rfc 2308.txt',`',5,`ExecError')<EF(`http://www.ietf.org/rfc/rfc 2317.txt',`',5,`ExecError')2307 'An Approach for Using LDAP as a Network Information Service.' L. Howard, (March 1998, Experimental). 2308 'Negative Caching of DNS Queries (DNS NCACHE).' M. Andrews, (March 1998 [updates 1034, 1035]). 2317 'Classless IN-ADDR.ARPA Delegation.' H. Eidnes, G. de Groot, and P. Vixie, (March 1998). p <EF(`http://www.ietf.org/rfc/rfc 2345.txt',`',5,`ExecError')<EF(`http://www.ietf.org/rfc/rfc 2373.txt',`',5,`ExecError')<EF(`http://www.ietf.org/rfc/rfc 2377.txt',`',5,`ExecError')2345 'Domain Names and Company Name Retrieval.' J. Klensin, T. Wolf, and G. Oglesby, (May 1998, Experimental). 2373 "IP Version 6 Addressing Architecture." R. Hinden, S. Deering (July 1998 obsoletes RFC 1884 Proposed standard). 2377 'Naming Plan for Internet Directory-Enabled Applications.' A. Grimstad, R. Huber, S. Sataluri, and M. Wahl, (September 1998, Informational). czE $ <EF(`http://www.ietf.org/rfc/rfc 2517.txt',`',5,`ExecError')<EF(`http://www.ietf.org/rfc/rfc 2535.txt',`',5,`ExecError')<EF(`http://www.ietf.org/rfc/rfc 2536.txt',`',5,`ExecError')2517 'Building Directories from DNS: Experiences from WWWSeeker.' R. Moats and R. Huber, (February 1999, Informational). 2535 'Domain Name System Security Extensions.' D. Eastlake, (March 1999 [obsoletes 2065; updates 2181, 1035, 1034], Proposed standard). 2536 'DSA KEYs and SIGs in the Domain Name System (DNS).' D. Eastlake, (March 1999 $ , Proposed standard). Yp } <EF(`http://www.ietf.org/rfc/rfc 2537.txt',`',5,`ExecError')<EF(`http://www.ietf.org/rfc/rfc 2538.txt',`',5,`ExecError')<EF(`http://www.ietf.org/rfc/rfc 2539.txt',`',5,`ExecError')2537 'RSA/MD5 KEYs and SIGs in the Domain Name System (DNS).' D. Eastlake, (March 1999, Proposed standard). 2538 'Storing Certificates in the Domain Name System (DNS).' D. Eastlake and O. Gudmundsson, (March 1999, Proposed standard). 2539 'Storage of Diffie-Hellman Keys in the Domain Name System (DNS).' D. Eastlake, (March 1999, Proposed standard). Ri$ <EF(`http://www.ietf.org/rfc/rfc 2540.txt',`',5,`ExecError')<EF(`http://www.ietf.org/rfc/rfc 2541.txt',`',5,`ExecError')<EF(`http://www.ietf.org/rfc/rfc 2782.txt',`',5,`ExecError')2540 'Detached Domain Name System (DNS) Information.' D. Eastlake, (March 1999, Experimental). 2541 'DNS Security Operational Considerations.' D. Eastlake, (March 1999, Informational). 2782 "A DNS RR for specifying the location of services (DNS SRV).", A. Gulbrandsen, P. Vixie, L. Esibov, (February 2000 obsoletes RFC 2052 Proposed standard). } ' <EF(`http://www.ietf.org/rfc/rfc 2874.txt',`',5,`ExecError')1EF(`http://www.dns.net/dnsrd/',`',5,`ExecError')4EF(`http://www.ietf.org/rfc.html',`',5,`ExecError')@EF(`http://www.rfc-editor.org/rfcsearch.html',`',5,`ExecError')2874 "DNS Extensions to Support IPv6 Address Aggregation and Renumbering." M. Crawford, C. Huitema, (July 2000 Proposed standard)Online DNS ResourcesDNS Resources DirectoryRFCs at IETFSearch RFCs $8GEF(`http://ftpeng.cisco.com/fred/rfc-index/rfc.html',`',5,`ExecError')7EF(`http://www.acmebw.com/askmr.htm',`',5,`ExecError')RFC IndexAsk Mr. DNS> 1N  CW(`define');   WdEF(`http://www.amazon.com/exec/obidos/ISBN=0782118232/ref=nosim/sysresearchcomA/',`',5,`ExecError')"dEF(`http://www.amazon.com/exec/obidos/ISBN=0782126324/ref=nosim/sysresearchcomA/',`',5,`ExecError')"dEF(`http://www.amazon.com/exec/obidos/ISBN=0764545442/ref=nosim/sysresearchcomA/',`',5,`ExecError')"NDS eDirectory Books The Complete Guide to Novell Directory Services Mastering Novell Directory Services Novell's Guide to NetWare 5 Networks  ΃CdEF(`http://www.amazon.com/exec/obidos/ISBN=0764545515/ref=nosim/sysresearchcomA/',`',5,`ExecError')"dEF(`http://www.amazon.com/exec/obidos/ISBN=0764545167/ref=nosim/sysresearchcomA/',`',5,`ExecError')"dEF(`http://www.amazon.com/exec/obidos/ISBN=0764545221/ref=nosim/sysresearchcomA/',`',5,`ExecError')"dEF(`http://www.amazon.com/exec/obidos/ISBN=0764545795/ref=nosim/sysresearchcomA/',`',5,`ExecError')" NDS for NT Novell's Guide to IntranetWare Networks Novell's Four Principles of NDS Design Novell's Guide to Troubleshooting NDSC X ~dEF(`http://www.amazon.com/exec/obidos/ISBN=076454523x/ref=nosim/sysresearchcomA/',`',5,`ExecError')"dEF(`http://www.amazon.com/exec/obidos/ISBN=0764547267/ref=nosim/sysresearchcomA/',`',5,`ExecError')";EF(`http://www.ietf.org/rfc/rfc1634.txt',`',5,`ExecError') Novell's Guide to Integrating IntraNetware and NT Novell's NDS BasicsNDS eDirectory-related RFCs1634 'Novell IPX Over Various WAN Media (IPXWAN).' M. Allen, (May 1994, [Obsoletes RFC1551, RFC1362], Informational)q m ;EF(`http://www.ietf.org/rfc/rfc2165.txt',`',5,`ExecError');EF(`http://www.ietf.org/rfc/rfc2608.txt',`',5,`ExecError');EF(`http://www.ietf.org/rfc/rfc2609.txt',`',5,`ExecError')2165 'Service Location Protocol.' J. V m eizades, E. Guttman, C. Perkins, and S. Kaplan, (June 1997, Standards track)2608 'Service Location Protocol, Version 2.' J. Veizades, E. Guttman, C. Perkins, and M. Day, (June 1999, [Updates 2165], Standards track)2609 'Service Templates and Service: Schemes.' E. Guttman, C. Perkins, and J. Kempf, (June 1999, [Updates 2165], Standards track)V  o ;EF(`http://www.ietf.org/rfc/rfc2241.txt',`',5,`ExecError'):EF(`http://www.novell.com/products/nds',`',5,`ExecError')WEF(`http://www.novell.com/documentation/lg/ndsedir/docui/index.html',`',5,`ExecError')bEF(`http://developer.novell.com/research/devnotes/1999/septembe/02/d990902.pdf',`',5,`ExecError')2241 'DHCP Options for Novell Directory Services.' D. Provan, (November 1997, Standards track)Online NDS eDirectory ResourcesNovell's NDS eDirectory web siteOnline eDirectory documentationNDS eDirectory glossaryXm   0EF(`http://www.digitalme.com',`',5,`ExecError');EF(`http://www.novell.com/products/sso/',`',5,`ExecError')JEF(`http://www.novell.com/products/ZENworks/index.html',`',5,`ExecError')<EF(`http://www.developer.novell.com/nds/',`',5,`ExecError')BEF(`http://www.novell.com/products/nds/DirXML/',`',5,`ExecError')3EF(`http://www.nwconnection.com',`',5,`ExecError')digitalmeSingle Sign-onZENworksNDS developmentDirXMLNovell Connection>   1  c@ CW(`define')' %  /dEF(`http://www.amazon.com/exec/obidos/ISBN=0735700486/ref=nosim/sysresearchcomA/',`',5,`ExecError')"dEF(`http://www.amazon.com/exec/obidos/ISBN=1572318058/ref=nosim/sysresearchcomA/',`',5,`ExecError')"dEF(`http://www.amazon.com/exec/obidos/ISBN=1565926382/ref=nosim/sysresearchcomA/',`',5,`ExecError')"Active Directory Books Planning for Windows 2000 Microsoft Windows 2000 Server Resource Kit Windows 2000 Active Directory, Q  ނOdEF(`http://www.amazon.com/exec/obidos/ISBN=1578702429/ref=nosim/sysresearchcomA/',`',5,`ExecError')"dEF(`http://www.amazon.com/exec/obidos/ISBN=1576104362/ref=nosim/sysresearchcomA/',`',5,`ExecError')"dEF(`http://www.amazon.com/exec/obidos/ISBN=157870023X/ref=nosim/sysresearchcomA/',`',5,`ExecError')" Windows 2000 Active Directory Design and Deployment Windows 2000 Server Architecture and Planning Windows 2000 Server: Planning and Migration % q  ނ7dEF(`http://www.amazon.com/exec/obidos/ISBN=1572317213/ref=nosim/sysresearchcomA/',`',5,`ExecError')"dEF(`http://www.amazon.com/exec/obidos/ISBN=1572318759/ref=nosim/sysresearchcomA/',`',5,`ExecError')"dEF(`http://www.amazon.com/exec/obidos/ISBN=1928994008/ref=nosim/sysresearchcomA/',`',5,`ExecError')" Understanding Active Directory Services Introducing Windows 2000 Server Configuring Cisco Network Services for Active Directory LQ   $C_EF(`http://www.microsoft.com/windows2000/technologies/directory/default.asp',`',5,`ExecError')bEF(`http://www.microsoft.com/windows2000/technologies/directory/AD/default.asp',`',5,`ExecError')QEF(`http://www.microsoft.com/windows2000/techinfo/default.asp',`',5,`ExecError')ZEF(`http://www.microsoft.com/windows2000/techinfo/planning/default.asp',`',5,`ExecError')Online Active Directory ResourcesMicrosoft Directory ServicesActive DirectoryActive Directory technical documentationDeploying Active DirectoryRq c@ H `nEF(`http://www.microsoft.com/windows2000/techinfo/howitworks/activedirectory/adsilinks.asp',`',5,`ExecError')mEF(`http://www.microsoft.com/windows2000/techinfo/howitworks/activedirectory/glossary.asp',`',5,`ExecError')=EF(`http://www.microsoft.com/windows2000/',`',5,`ExecError c@  ')Active Directory Services InterfaceActive Directory glossaryWindows 20001 @ 1@ EA c@ EA ' ####################################################################################################################################> @ A 1_A C CW(`define')!EA C P np4 hڇ l0EF(`http://www.ietf.org/rfc/',`',5,`ExecError')@EF(`http://www.rfc-editor.org/rfcsearch.html',`',5,`ExecError')EEF(`http://www.ietf.org/html.charters/wg-dir.html',`',5,`ExecError')ReferencesX500 ReferencesLDAP ReferencesDNS ReferencesNDS eDirectory ReferencesActive Directory ReferencesRFCs List of RFCsSearch RFCsIETF Working Groups1A C 1C *E UC *E ܀"\S " )m "& "b What is a Directory Service ?excerpts What benefits does a Directory Service Provide ?excerpts How are Directory Services Used ?excerpts How are Directories Integrated ?excerpts 1C [E 1[E G **E G ~ ʀ_\S" )m""""Chapter 1: Introduction to Directory Services The big picture -- explaining directory services in an overview. What is a Directory Service ? What a Directory Service Provides Common Types of Directory Services Directory Service Implementations State of Directory Services1[E 4G 14G H OG H ^ """""Chapter 2: Evolution of Directory ServicesExplores the evolving nature of the information the directory contains, and the factors involved in organizing and managing it. Information Characteristics Organizing Directory Information Storing Directory Information Securing Directory Information Directory Administration14G I 1cI DJ 2H DJ J b"""Chapter 3: Storing Directory InformationMethods of information distribution and storage are discussed, focusing on distributed directory services. The Directory Database Partitioning the Directory Directory Replication1I uJ 1uJ @L EDJ @L ڀ"""""""""Chapter 4: X.500, A Model for Directory ServicesReviews the X.500 standards -- the archetype for directory services. Introduction to X.500 X.500 Models X.500 Directory Objects Directory Information Tree X.500 Naming X.500 Directory Schema Directory Information Base X.500 Operations Security in X.5001uJ qL 18qL xN w@L xN """"""""""Chapter 5: LDAP, Lightweight Directory Access Protocol Describes the LDAP protocol, and its emerging role in directory access and more. Introduction to LDAP LDAP Models LDAP Directory Objects and Schema The Directory Information Tree LDAP Naming The Directory Information Base LDAP Operations LDAP Security LDAP Programming Proposed LDAP Extensions1qL N 1RN NxN ڀ"""""""""Chapter 6: Domain Name SystemExamines DNS from a directory service perspective, noting parallels in structures and operations. Introduction to DNS DNS Models/Views DNS Objects: Resource Records ThN xN e DNS Tree DNS Naming Defining the DNS Schema The Distributed DNS Database DNS Operations Proposed DNS Extensions1N 1 S T v""""Chapter 7: X.500 Directory ServicesExplains the X.500 Directory Services, describing leading X.500-based directory service products. Introduction to X.500 Directory Services Computer Associates' eTrust Directory Siemens DirX Nexor Directory1 > 1y> H T v""""Chapter 8: LDAP-only Directory ServicesExplains the LDAP-only Directory Services, describing leading LDAP-based directory service products. Introduction to LDAP-only directory servers OpenLDAP IBM SecureWay Sun|Netscape iPlanet 51> 1. w ڀ"""""""""Chapter 9: Novell eDirectoryExplains Novell eDirectory based on the latest version (NDS eDirectory 8.5), describing the underlying directory architecture and its foundations in X.500. Introduction to NDS NDS Objects & Schema The NDS Tree Naming in NDS NDS Directory Information Base NDS Operations Security in NDS NDS Administration The Future of NDS1 1    | ƀW""""""""Chapter 10: Active DirectoryExplores how Microsoft has integrated the technologies of NT 4, LDAP, and DNS into an interesting new entry in the directory services arena. Introduction to Active Directory Active Directory Models Active Directory Objects and Schema The Active Directory DIT Naming in Active Directory The Active Directory DIB Active Directory Operations Security in Active Directory{E  6 <"" Active Directory Administration The Future of Active Directory1 1 b | ƀ""""""""Chapter 11: Meta-Directory ServicesExplains the background of meta-directory technologies, and describes leading meta-directory products. Introduction What Is a Meta-Directory? Meta-Directory Design Siemens DirXmetahub Sun|Netscape iPlanet Meta-Directory Microsoft Meta-Directory Services Novell DirXML Radiant Logic RadiantOne VDS1 1 W N W J b"""Chapter 12: Directory Markup LanguagesDescribes the development of markup languages for directories, and explains the efforts to create an industry standard DSML, as well as the robust and flexible DirXML markup language. Introduction to Directory Markup Languages Directory Service Markup Language (DSML) Novell's DirXML1 1  7W  W |w""""Chapter 13: Evaluating Directory ServicesDiscusses how to evaluate a directory service for use in your network environment including business considerations. How to Examine Directory Services Assess Your Network Environment Assess Your Directory Service Needs Key Factors in Directory Services 1 G 1UG k $ k " 1G 1!hTimes_New_RomanCourier NewArial$ $$$$$$    M^"рL;jQ OJd "̈́NmDeF%1 0 كw!)yCh[̀́sOB}OU6u-oi%/4ш@q: $: ΁ ~E3{RBGErv7dp     u 7    ς = ۃ v i |  a [  x  x  }   k !  y ؂ T  ) ( 8  y  ~     D  ^  ~ v { Ȃ n ; {  l O + z  `   !  >  O  k  b 5 *  ' g  . $  D      [ c և ˆ c3J[7Bwreۃqvc:gD<2 Ȁnwمoډ/&N't/8&8;)F24N[root]abstract classesAbstract Syntax Notation One (ASN.1)access control Access Control Decision Function (ACDF)Access Control Entry (ACE)Access Control Information (ACI)Access Control Inner Administrative Area (ACIA)Access Control Lists (ACL) Access Control Service Element (ACSE)$Access Control Specific Administrative Area (ACSA)(Access Control Specific Point (ACSP),ACI items0Active Directory4Active Directory Services Interface (ADSI)8Address (A) record<Administrative and Operational Information Model@administrative pointDaliasHASN1 IDLasymmetric cryptographyPasynchronousTattributeXattribute access\attribute access permissions`attribute definitiondattribute syntaxhattributed namelauthenticationpAuthentication Server (AS)tauthoritativexauthoritative name server|Autonomous Administrative Areas (AAA)auxiliary classbacklinkBackup Domain Controller (BDC)Basic Access Control (BAC)Berkeley Internet Name Domain (BIND)binderybindery contextbindery servicesboot filebridgehead servercache filecaching only name servercanonical namecatalogcentralized directorycertificateCertificate Authority (CA)chainingchangelogclassclass definitionCN (common name)CNAME recordcollective attributecollective attribute specific areacomplete replicationConnectionless LDAP (CLDAP)ConsoleOneconsumerconsumer referencecontainer objectContent Rulecontextcontrolsconvergence country codecreate-time inheritancecross referencesdatabase layerdelegation dereferencing$DIB fragment(digital signature,digitalme0directory4ADirectory Access Control Domain (DACD)8Directory Access Markup Language (DAML)<Directory Access Protocol (DAP)@Directory Administrative and Operational Information ModelDDirectory Administrative AuthorityHDirectory Distribution ModelLDirectory Enabled Networking (DEN)PDirectory Functional ModelTDirectory Information Base (DIB)XDirectory Information Model (DIM)\Directory Information Shadowing Protocol (DISP)`Directory Information Tree (DIT)dDirectory Interoperability Forum (DIF)hDirectory Management Domain (DMD)ldirectory objectpdirectory operational attributetDirectory Operational Binding Management Protocol (DOP)xdirectory service|Directory Service Markup Language (DSML)Directory System Agent (DSA)Directory System Protocol (DSP)Directory User Agent (DUA)DirXDirXmetahubDirXMLDistinguished Name (DN)distributed directoryDistributed Reference Link (DRL)DIT DomainDNS domain namespacedomaindomain component (dc)Domain Controller (DC)domain directory partitionDomain Local GroupsDomain Management Organization (DMO)Domain Name System (DNS)Domain Naming Masterdomain subtreeDomain Treedomain trustDSA Information ModelDSA Information TreeDSA Specific Entry (DSE)DSAPIDSA-shared operational attributedynamic directory entryDynamic DNS (DDNS)Dynamic Host Configuration Protocol (DHCP)eDirectoryeffective classeffective rightsentryentry access entry access permissionserberoseTrust DirectoryextensibilityeXtensible Directory Access Protocol (XDAP) eXtensible Markup Language (XML)$Extensible Storage Engine (ESE)(eXtensible Stylesheet Language (XSL),extension0external reference4ey Distribution Center (KDC)8Hfederated naming<filter@flat namespaceDfloating masterHFloating Single Master Operation (FSMO)LforestPforest rootTforwarderXfull replica\Fully Distinguished Name (FDN)`Fully Qualified Domain Name (FQDN)dGeneric Security Service API (GSSAPI)hGlobal Catalog (GC)lglobal grouppGlobally Unique IDentifier (GUID)tgranularityxgroup policy|hierarchyhostin.addr.arpaincremental replicationincremental zone transferInfrastructure Masterinheritanceinherited ACLinherited rightsInherited Rights Filter(IRF)Inner Administrative Areas(IAA)Inner Administrative Point (IAP)instanceInternational Standards Organization (ISO)International Telecommunications Union (ITU)Internet Assigned Numbers Authority (IANA)Internet Corporation for Assigned Names and Numbers (ICANN)Internet Engineering Task Force (IETF)Internetwork Packet eXchange (IPX)iPlanet Directory ServeriPlanet Directory Server Integration Editioniterative name resolutionJava Naming and Directory Interface (JNDI)knowledge referenceslame delegationlatencyLDAP C APILDAP Data Interchange Format (LDIF)LDAP URL (Uniform Resource Locator)leaf objectLightweight Directory Access Protocol (LDAP)location servicelocation-independencelogical naming modelloosely-consistent replicationmandatory attribute mastermaster DSAmaster name servermaster replicamatching rules meta-directory$Microsoft Management Console (MMC)(Microsoft Meta-Directory Services,mixed environment0mixed mode4multicasting8multimaster replication<multivalued RDN@name formDname queryHname resolutionLname serverPnamespaceTnaming attributeX Center (KDC)8Pnaming context\naming model`Native ModedNetBIOShNetSynclNetWare AdministratorpNetWare Name Services (NNS)tNexor Directoryxnon-effective class|Non-specific Subordinate Reference (NSSR)non-writeable replicaNovell Directory ServicesNovell LDAP (NLDAP)nowledge Consistency Checker (KCC)objectObject IDentifier (OID)Open Systems Interconnect (OSI)OpenLDAPoperational attributesoperational extensionsoperations masteroptional attributesoriginating writepartial replicapartitionpartition rootPassportPDC Emulatorpermissionspermutabilityphysical naming modelPrimary Domain Controller (PDC)Primary name serverprimary shadowingPrivate Communications Technology (PCT)propagationpropertyProperty Version Numbers (PVN)Public Key Infrastructure (PKI)Quality of Service (QoS)RadiantOne VDSread/write replicarecursive queryreferralRelative Distinguished Name (RDN) relative domain namesRelative ID (RID) MasterRelative Identifier (RID)Remote Operation Service Element (ROSE)replica replica ring$replica server(replication,replication agreement0replication consumer4replication supplier8Request For Comments (RFC)<resolver@resource record (RR)Dreverse lookupHreverse lookup fileLroot contextProot domainTroot DSEXroot knowledge reference\root name server`runtime inheritancedS/KEYhschemalSchema Masterpsecondary name servertsecondary shadowingxsecond-level domain|Secure Sockets Layer (SSL)SecureWay DirectorySecurity Accounts Manager (SAM)Security Authoritysecurity contextsecurity descriptorsecurity equivalenceenter (KDC)8MSecurity IDentifier (SID)security modelsecurity policysecurity principalSecurity Support Provider Interface (SSPI)Service Advertising Protocol (SAP)service controlService Location Protocol (SLP)Service Principal Name (SPN)shadowshadow DSASimple Authentication and Security Layer (SASL)Simple Mail Transport Protocol (SMTP)Simplified Access Controlsingle master replicationSingle Sign-On (SSO)sitesite linksite link bridgeslaveslave name serverSpecific Administrative Areas (SAA)Specific Administrative Point (SAP)SRV recordStandalone LDAP Daemon (SLAPD)Standalone LDAP Update Replication Daemon (SLURPD)Start Of Authority (SOA)storestrong authentication structural classstructure rulesstub resolversubclasssubdomain subentry$subordinate knowledge reference(subschema,subschema specific area0subtree4superclass8superior knowledge reference<superior rules@supplierDsupplier referenceHsymmetric cryptographyLsynchronizationPsynchronous operationsTsyntaxXtarget object\ticket`Ticket Granting Server (TGS)dtightly consistenthtime serverlTime-To-Live (TTL)ptombstonettop-level domain (tld)xtransitive synchronization|transitive trusttransitive vectorTransport Control Protocol/Internet Protocol (TCP/IP)Transport Layer Security (TLS)tree-walkingtrusttrust linktrust pathtrusteetyped namestypeless namingUniform Resource Locator (URL)unit of replicationUniversal GroupUniversal Naming Convention (UNC)Update Sequence Number (USN)up-to-date vectoruseful attribute setsuser attributesUser Information Modelenceenter (KDC)8 User Principal Name (UPN)Virtual Directory Service (VDS)Windows 2000Windows Internet Naming Service (WINS)writeable replicaX.500XDSXMLDAPXSL Transformations (XSLT)zonezone delegationzone filezone transfershadow DSASimple Authentication and Security Layer (SASL)Simple Mail Transport Protocol (SMTP)Simplified Access Controlsingle master replicationSingle Sign-On (SSO)sitesite linksite link bridgeslaveslave name serverSpecific Administrative Areas (SAA)Specific Administrative Point (SAP)SRV recordStandalone LDAP Daemon (SLAPD)Standalone LDAP Update Replication Daemon (SLURPD)Start Of Authority (SOA)storestrong authentication structural classstructure rulesstub resolversubclasssubdomain subentry$subordinate knowledge reference(subschema,subschema specific area0subtree4superclass8superior knowledge reference<superior rules@supplierDsupplier referenceHsymmetric cryptographyLsynchronizationPsynchronous operationsTsyntaxXtarget object\ticket`Ticket Granting Server (TGS)dtightly consistenthtime serverlTime-To-Live (TTL)ptombstonettop-level domain (tld)xtransitive synchronization|transitive trusttransitive vectorTransport Control Protocol/Internet Protocol (TCP/IP)Transport Layer Security (TLS)tree-walkingtrusttrust linktrust pathtrusteetyped namestypeless namingUniform Resource Locator (URL)unit of replicationUniversal GroupUniversal Naming Convention (UNC)Update Sequence Number (USN)up-to-date vectoruseful attribute setsuser attributesUser Information Modelenceenter (KDC)8uDirectory Access Control Domain (DACD)federated namingnaming contextSecurity IDentifier (SID)User Principal Name (UPN)/0&0;)LzmPAlphabetical Listing of TermsuAlphabetical Element Listʀ+[d m/:_KM[root]abstract classesAbstract Syntax Notation One (ASN.1)access controlAccess Control Decision Function (ACDF)Access Control Entry (ACE)^Access Control Information (ACI)"Access Control Inner Administrative Area (ACIA)Access Control Lists (ACL)Access Control Service Element (ACSE)рAccess Control Specific Administrative Area (ACSA)LAccess Control Specific Point (ACSP)ACI items;Active DirectoryActive Directory Services Interface (ADSI)Address (A) recordAdministrative and Operational Information Modeladministrative pointaliasASN1 IDasymmetric cryptographyasynchronousattributejattribute accessQattribute access permissions attribute definitionattribute syntaxattributed nameauthenticationOAuthentication Server (AS)authoritativeJauthoritative name serverAutonomous Administrative Areas (AAA)auxiliary classbacklinkdBackup Domain Controller (BDC)Basic Access Control (BAC) Berkeley Internet Name Domain (BIND)binderybindery context"bindery services̈́boot fileNbridgehead servercache filemcaching only name servercanonical namecatalogDcentralized directorycertificateCertificate Authority (CA)echainingchangelogclassclass definitionCN (common name)FCNAME recordcollective attributecollective attribute specific area%complete replicationConnectionless LDAP (CLDAP)1ConsoleOneconsumer consumer referencecontainer objectContent Rulecontextcontrols0convergencecountry code create-time inheritanceكcross referenceswdatabase layer!delegationdereferencing)DIB fragment Gydigital signaturedigitalmedirectoryDirectory Access Control Domain (DACD)Directory Access Markup Language (DAML)CDirectory Access Protocol (DAP)Directory Administrative and Operational Information ModelDirectory Administrative AuthorityDirectory Distribution ModelhDirectory Enabled Networking (DEN)[Directory Functional ModelDirectory Information Base (DIB)Directory Information Model (DIM)Directory Information Shadowing Protocol (DISP)Directory Information Tree (DIT)Directory Interoperability Forum (DIF)̀Directory Management Domain (DMD)́directory objectdirectory operational attributeDirectory Operational Binding Management Protocol (DOP)sdirectory serviceODirectory Service Markup Language (DSML)Directory System Agent (DSA)Directory System Protocol (DSP)Directory User Agent (DUA)DirXDirXmetahubBDirXMLDistinguished Name (DN)}distributed directoryDistributed Reference Link (DRL)ODIT DomainUDNS domain namespacedomaindomain component (dc)6Domain Controller (DC)udomain directory partition-Domain Local GroupsDomain Management Organization (DMO)oDomain Name System (DNS)iDomain Naming Master%domain subtreeDomain Treedomain trust/DSA Information ModelDSA Information TreeDSA Specific Entry (DSE)DSA-shared operational attributeDSAPI4dynamic directory entryшDynamic DNS (DDNS)Dynamic Host Configuration Protocol (DHCP)eDirectoryeffective classeffective rights@entryqentry access:entry access permissions$eTrust Directoryextensibility:eXtensible Directory Access Protocol (XDAP)eXtensible Markup Language (XML) Extensible Storage Engine (ESE)eXtensible Stylesheet Language (XSL)extension΁external reference~federated namingEfilterflat namespace3floating masterFloating Single Master Operation (FSMO)tOforestforest root{forwarderfull replicaFully Distinguished Name (FDN)RFully Qualified Domain Name (FQDN)Generic Security Service API (GSSAPI)Global Catalog (GC)global groupGlobally Unique IDentifier (GUID)BgranularityGgroup policyhierarchyhostin.addr.arpaincremental replicationincremental zone transferInfrastructure MasterEinheritanceinherited ACLinherited rightsrInherited Rights Filter(IRF)Inner Administrative Areas(IAA)Inner Administrative Point (IAP)instancevInternational Standards Organization (ISO)7International Telecommunications Union (ITU)Internet Assigned Numbers Authority (IANA)dInternet Corporation for Assigned Names and Numbers (ICANN)Internet Engineering Task Force (IETF)Internetwork Packet eXchange (IPX)piPlanet Directory ServeriPlanet Directory Server Integration Editioniterative name resolution Java Naming and Directory Interface (JNDI) Kerberos Key Distribution Center (KDC) Knowledge Consistency Checker (KCC) knowledge references  lame delegation latency LDAP C APIu LDAP Data Interchange Format (LDIF)7 LDAP URL (Uniform Resource Locator) leaf object Lightweight Directory Access Protocol (LDAP) location service location-independence logical naming model loosely-consistent replicationς mandatory attribute= masterۃ master DSAv master name server master replica matching rulesi meta-directory| Microsoft Management Console (MMC) Microsoft Meta-Directory Services mixed environment mixed mode multicastinga multimaster replication[ multivalued RDN name formx name query name resolutionx name server namespace} naming attribute naming context naming modelk Native Mode NetBIOS NetSync! NetWare Administrator NetWare Name Services (NNS) Nexor Directoryy non-effective classMO)tS؂ Non-specific Subordinate Reference (NSSR) non-writeable replica Novell Directory ServicesT Novell LDAP (NLDAP) object) Object IDentifier (OID) Open Systems Interconnect (OSI)( OpenLDAP operational attributes operational extensions operations master optional attributes8 originating write partial replicay partition partition root~ Passport PDC Emulator permissions permutability physical naming modelD Primary Domain Controller (PDC) Primary name server^ primary shadowing Private Communications Technology (PCT) propagation~ property Property Version Numbers (PVN)v Public Key Infrastructure (PKI) Quality of Service (QoS){ RadiantOne VDSȂ read/write replican recursive query; referral Relative Distinguished Name (RDN) relative domain names{ Relative ID (RID) Master Relative Identifier (RID) Remote Operation Service Element (ROSE) replica replica ringl replica server replicationO replication agreement+ replication consumerz replication supplier Request For Comments (RFC)` resolver resource record (RR) reverse lookup! reverse lookup file root context> root domain root DSEO root knowledge reference root name serverk runtime inheritance S/KEYk schema Schema Masterb second-level domain secondary name server secondary shadowing5 Secure Sockets Layer (SSL) SecureWay Directory* Security Accounts Manager (SAM) Security Authority security context security descriptor security equivalence' Security IDentifier (SID) security model security policyg security principal Security Support Provider Interface (SSPI) Service Advertising Protocol (SAP). service control$ Service Location Protocol (SLP) Service Principal Name (SPN)D shadow shadow DSA Simple Authentication and Security Layer (SASL) Simple Mail Transport Protocol (SMTP)) Simplified Access Control single master replication[ Single Sign-On (SSO) site site link site link bridge slave slave name server Specific Administrative Areas (SAA) Specific Administrative Point (SAP) SRV record Standalone LDAP Daemon (SLAPD) Standalone LDAP Update Replication Daemon (SLURPD) Start Of Authority (SOA)c storeև strong authenticationˆ structural classN structure rulesstub resolvercsubclasssubdomainsubentry3subordinate knowledge referencesubschemaJsubschema specific areasubtreesuperclass[superior knowledge reference7superior rulessupplierBsupplier referencesymmetric cryptography synchronizationsynchronous operationswsyntaxtarget objectrticketTicket Granting Server (TGS)etightly consistentۃtime serverqTime-To-Live (TTL)tombstonetop-level domain (tld)transitive synchronizationtransitive trustvtransitive vectorTransport Control Protocol/Internet Protocol (TCP/IP)Transport Layer Security (TLS)tree-walkingctrust:trust linktrust pathtrusteegtyped namesDtypeless namingUniform Resource Locator (URL)<unit of replicationUniversal Group2Universal Naming Convention (UNC)up-to-date vector Update Sequence Number (USN)useful attribute setsȀuser attributesUser Information ModelUser Principal Name (UPN)Virtual Directory Service (VDS)nWindows 2000Windows Internet Naming Service (WINS)wwriteable replicaمX.500XDSoXMLDAPډXSL Transformations (XSLT)zonezone delegationzone filezone transferi=beN ؄Q Ѓ?[-\j{m(c e e Mail Transport Protocol (SMTP)y؂  /&;)L4ɹNU€E٢Jchgς >e+ˆ vF) g 躊8^ AhшQD x[ ǻez0 fQ̒ee?> Δև ؄2I; V'% . :J (њBxȂ QٛX.< )m x N-6k ϟ Z: ,Ŕ̠cڡ L4x2كZ=[b_H J DҥNngiǦ#kZ Yp {8$ ⪏Xb-c\~d#fYg7hji]j3l؎_ wH2qa 1#J~ >)0$t~v+8 z=7=! >lQ$jiNB/ڇy-C0J˾r۷ډ%]  Fx׻h t. ژu7 s91S>bu( ˀ]iË%~OOE@ǑJkdq@ɞ PZFɢ amvJb c(`4k!k{~2ɃE q˻6{ NWeg9&~͢# $2/z iQ> \SϕS\GzBO 5} ȭa1:96R_-ָg3֋wCأ l [P$= yڝ X9ۻ |&܂z<؂ 7ހŝ(uu[t∄ F̀̈́技ȃ *洀 i ("yv h bv\` '[) Dg5 ;[J ivU @I66aRbzު1%ȱ W^`8 ^bs ΰ N.C mH6 sМF2,FJmF3W8g$ێ16g7g8gʀ9g:g;gg?g+@g[AgBgCgDgEgd FgGgHgmIgJg/Kg:Lg_MgNgOg0+ ŏ,$3rsG=  !:[l q6u)i ?xgl?dL @2/L>Ӆ[ kl@Sf! OD hNc Qct _NCa`5مa  ЃH 6 c'  p4  -[  8y ;J<n%1I o + Q[ crm / XD= "{ < y " IN^kG CD %< DQ΁ӭVqR|+  x  I"g $%;%J% &:& @&E&D5'M{(m?(c( (O >(^) )  *;r+}+T ,]--@ -S..A.ug// )L/h&/[2 !24O4SJ5n 5 _> i> ‹>:,%@rc;@Ѹ@3euAAB B:EX5E ŅFG"ʰG.I ZIv eI S?JJ(;K ޹>L6[LLB]M*0N+ N OOIJQ  ~Q%R WR7dS.S 0S! U~ %ΧVMWi X ?JY[Y IZԒZۃ@[py/\vX\y ]]Q^0e'_;_dk^[_'u a<$aj"Ha &bu:bjb &b tbh$cw]de]rxd6do]e"fȀc~f XwgMi}@/j^ ߵajj'kۃ Y&k ?:al elv%l%mm' `Jn* g9onрn)4Jo &rpOrL-s ANs :Ysu 3sP>!t~ ttx k5tˆ t u; w+x 槼y{}.y<Xz zb |O ~J|o"~CE T4Jy=glp0@lX!!$'($()$()%()"%& #=CEdnplvx389 '+-27749:4::045 !   s}ᆓ\egV^`T\^`kmä^gi ,69Wdg´Ƥdmo-34cnqeoq`jkS\\!%%%'+35@IJQZ[S\^R[\S\]PXZ8?? $$ FMOU]_  @o Q\_AGH'..esw˙R[\ !>LOi~}ιgtv  .33LSU cuyߢ*./ 3>@pkst,24IPPK[^l~㖦;AB aqt{ "#w  HX\^gh /9@ %**dru 0;=nX`aNWXƽ!! T`a##Xeh| 1;=oX`a!$%MTUٷu M=EGx@FG ,68sW_a akmoyz YabJ5=>]jm煒 )46p^gj;AC"%% jxzY``G +23\ikᒡ4:< (35lx}dmo LZ\|GMMAIUWڸЈ*./&02h}̴278 8FIZos389>"((euxξ޼՛[gi*68j򟯲||⑟378 )79AV[~489>artѼֽ׻շНo{~4:< 4BEkT\^  :EG馶U^`&46:OTg|ELM; JX[мֽ׸Ңy8?@0?Bdy}NUW FX\zꪻEKM*79DY]XnrT\]:%'ͻԻկǂAHJ'69[quMUW  0@COeiw"+-MadZosfoq5?LN̲ʒFOP &48[pt49; L^aPei򄐓 :GJ`tx$-.&(  \hkĮNJ9AB!!FNP *:<]sw㭿)./IQR "Whk9?@ H[_L`cEVY:GJ068 gtvŖGOQ 2<>z;BD ,;>[pt઼)-.{ھؿ| ,46l}񂎏 7FITimWmqYnrws fsvy!"GVY|Zdf =MO_tx*./DOPXbd /68iz}JQR 5CEI^bShlWmqcy}ŎMVYy%-/ cpq[gi -23cmpXbc`jm⅔!!AOQ޳eqs3@B;JNdvzsh~]swo텎&,-K]a(*!"FLNشͣYef ##ܳ̾۳̍գ♨;AB "#Ydfɑvwӕ7<> JSU}L_cFWYcqt|֭Zeg ݽ׼ռַѝؾ֨49: ! ,12QZ[voxzNSU!# HQS}~vӬŇ.341::}fqtaknS]^,12' !&'Vadoo}OYZ!!  $%#$ w !%&3:;'ʉ$Q%Pwdŋ*yӅ+m]ɇS=EĊ &Љ4x:͵Q NcȥlṀ@nP|ɋ0ʇ(ȓ*ڽň-ʅ4aG=ˏoɿU~ˉ¡m3r J_Z6huy\pUZ^F[>ri~Z˯ιHCQ7ʔ ]R!բ8u6FFFFF04ѝ!4vFvF!0|u_wSXXO4SM)u!OM!ҥ)_)uEX SE!0)E0u]<S0= _X)w<Ҿ|vEU0U)|uMM=]=uҞEҞ=4_=vF=wҩU]<vE0<@o Q\_AGH'..esw˙R[\ !>LOi~}ιgtv  .33LSU cuyߢ*./ 3>@pkst,24IPPK[^l~㖦;AB aqt{ "#w  HX\^gh /9@ %**dru 0;=nX`aNWXƽ!! T`a##Xeh| 1;=oX`a!$%MTUٷu M=EGx@FG ,68sW_a akmoyz YabJ5=>]jm煒 )46p^gj;AC"%% jxzY``G +23\ikᒡ4:< (35lx}dmo LZ\|GMMAIUWڸЈ*./&02h}̴278 8FIZos389>"((euxξ޼՛[gi*68j򟯲||⑟378 )79AV[~489>artѼֽ׻շНo{~4:< 4BEkT\^  :EG馶U^`&46:OTg|ELM; JX[мֽ׸Ңy8?@0?Bdy}NUW FX\zꪻEKM*79DY]XnrT\]:%'ͻԻկǂAHJ'69[quMUW  0@COeiw"+-MadZosfoq5?LN̲ʒFOP &48[pt49; L^aPei򄐓 :GJ`tx$-.&(  \hkĮNJ9AB!!FNP *:<]sw㭿)./IQR "Whk9?@ H[_L`cEVY:GJ068 gtvŖGOQ 2<>z;BD ,;>[pt઼)-.{ھؿ| ,46l}񂎏 7FITimWmqYnrws fsvy!"GVY|Zdf =MO_tx*./DOPXbd /68iz}JQR 5CEI^bShlWmqcy}ŎMVYy%-/ cpq[gi -23cmpXbc`jm⅔!!AOQ޳eqs3@B;JNdvzsh~]swo텎&,-K]a(*!"FLNشͣYef ##ܳ̾۳̍գ♨;AB "#Ydfɑvwӕ7<> JSU}L_cFWYcqt|֭Zeg ݽ׼ռַѝؾ֨49: ! ,12QZ[voxzNSU!# HQS}~vӬŇ.341::}fqtaknS]^,12' !&'Vadoo}OYZ!!  $%#$ w !%&3:;