Symas Glossary
Discover a comprehensive glossary of terms related to Symas, providing you with a clear understanding of key concepts and terminology associated with this topic.
Updated at October 31st, 2024
This is a auto-generated Article of all your definitions within the glossary.
Glossary
This is a auto-generated Article of all your definitions within the glossary.
-
ACL
OpenLDAP Access Control Lists (ACLs) are settings that control who can access information stored in an OpenLDAP directory. What they do: ACLs define the privileges required for users to access information in an OpenLDAP directory Where they are stored: ACLs are stored in the slapd configuration file (slapd.conf) or the configuration database (cn=config) How they are defined: ACLs can be defined globally or database-specifically How they are evaluated: ACLs are evaluated in the order they appear in the configuration, with database-specific ACLs taking precedence How they are structured: The basic format of an ACL is "to
by " -
CA Certificate
This certificate file provides the verified identity of the certificate authority used to issue certificates for the server.
-
core dump
Linux core dumps are files produced by the Linux operating system that dump out all of the memory of a process at a point in time.
-
Directories
One of the most common database structures; they are lists of things with their various attributes.
-
DIT
A Directory Information Tree. This is another term for an LDAP directory/database.
-
FQDN
A fully qualified domain name (FQDN) is the complete address of a computer or internet host, specifying its precise location within the domain name system (DNS). FQDNs are made up of the hostname, domain name, and top-level domain (TLD).
-
mdb_stat
A command-line utility for the LMDB (Lightning Memory-Mapped Database) that displays statistics and information about an LMDB environment. It provides details about the database's pages, tree structure, and overall size, helping users understand its layout and performance characteristics.
-
Multi-Master Replication
(MMR) is a critical component in deploying highly available OpenLDAP services. MMR works for clusters containing many servers acting as "masters", taking updates from client applications.
-
PAM
Pluggable Authentication Module, meant to decouple authentication from the application, by delegating it to third party modules.
-
replication
is a technique that distributes data across multiple servers to improve performance, reliability, and availability. It can be especially useful for larger companies or organizations that are spread across multiple locations.
-
SELinux
SELinux is a security enhancement to Linux which allows users and administrators more control over access control. Access can be constrained on such variables as which users and applications can access which resources. These resources may take the form of files. Standard Linux access controls, such as file modes (-rwxr-xr-x) are modifiable by the user and the applications which the user runs. Conversely, SELinux access controls are determined by a policy loaded on the system which may not be changed by careless users or misbehaving applications. SELinux also adds finer granularity to access controls. Instead of only being able to specify who can read, write or execute a file, for example, SELinux lets you specify who can unlink, append only, move a file and so on. SELinux allows you to specify access to many resources other than files as well, such as network resources and interprocess communication (IPC).
-
Server Certificate
An X.509 certificate issued by the Certificate Authority. The certificate contains information about the identity of the server, the certificate authority and the public encryption key used by LDAP clients to establish encrypted communications.
-
Server Certificate Key
The server certificate key file contains a private encryption key that can only be used to decrypt data that's been encrypted by the public encryption key.
-
SSL
Secure Sockets Layer (SSL) is a communication protocol that encrypts data sent between devices or applications on a network. It's a standard technology that prevents hackers from stealing or seeing data transferred between a website and a browser, or between two servers. SSL provides privacy, authentication, and integrity to internet communications.
-
SSSD
A system daemon that "provides access to identity and authentication remote resources through a common framework that can provide caching and offline support to the system." It offers the following features: * Offline authentication: Allows login even when the machine can't connect to the remote LDAP server. * Server load reduction: Opens a single connection to the LDAP server. * Multiple domain support: Supports more than one remote source of identity. SSSD acts as a single point of configuration, simplifying the management of authentication systems.
-
TLS
Transport Layer Security. TLS uses X.509 security certificates that provide the identity of the server to the client. When the client verifies the authenticity of the server's certificate, the client and server can begin encrypted communications.
-
Virtual Directories
A virtual directory is one with not only LDAP data sources but also sources from other database types. OpenLDAP “has” several “back-ends” supporting this use case. OpenLDAP's performance is so much faster than most other non-LDAP data stores that virtual directories are generally only used where high performance is required.