NetWare Directory Services
2-23
Understanding NetWare Directory Services
Context and Names
where CN is the common name of the leaf object, OU is the Organizational
Unit name, O is the Organization name, and C is the Country.
In most cases, you do not need to use name types.
Any time you move from one container object to another, you change
context. Whenever you change contexts, you might need to indicate the
Distinguished Name of the object you are changing context to.
If you are referring to an object in the same container as your User object,
you need only refer to the object by its common name.
NOTE: All Distinguished Names should be unique within a Directory tree. In addition, all
object names should be unique within a container. The NDS database recognizes
only one occurrence of the same name within each container.
Logging In and Authentication
The location of an object within the Directory tree, or name context, is also
important when logging in. When a user logs in to the network, an available
server begins a process called authentication.
Based on the current context and the login name provided, authentication
identifies the User object to other servers in the tree and verifies that the
object has rights to use network resources.
Authentication allows a user who has logged in to the network to access any
servers, volumes, printers, etc., in the network that the user has rights to.
Conversely, if the users lacks rights, access is denied.
Authentication checks a user’s rights to both NDS and file-system resources.
This is one way you, as a network supervisor, can regulate security.
Authentication works in combination with the Access Control List to
provide network security. See “Property Rights” in this chapter for more
information.
Also see “Name Context” and “Authentication” in Concepts for more
information.