Skip to Content
ReferenceGlossary

Glossary

Terms and definitions used throughout AD Unlock documentation.

A

Active Directory (AD)

Microsoft’s directory service for Windows domain networks. Stores information about users, groups, computers, and other objects.

Allowed OUs

Organizational Units in AD whose members are permitted to use self-service operations.

B

Base DN

Distinguished Name that defines the starting point for LDAP searches.

C

Connector

The lightweight executable deployed in customer networks that executes AD operations.

CN (Common Name)

Part of an X.509 certificate that identifies the entity. Connector certificates use CN to encode tenant and connector IDs.

D

Denied Groups

AD groups whose members are blocked from using self-service (e.g., Domain Admins).

Distinguished Name (DN)

The unique identifier for an object in LDAP/AD. Example: CN=John Doe,OU=Users,DC=company,DC=local

G

Gateway

The WebSocket server that maintains connections with all connectors and routes jobs.

H

Heartbeat

Regular message sent by connector to indicate it’s alive and connected.

I

Intent Classification

The process of determining what action a user wants (unlock, reset password, help).

L

LDAPS

LDAP over SSL. Encrypted LDAP connection using port 636.

LLM

Large Language Model. AD Unlock uses Claude for intent classification.

M

mTLS (Mutual TLS)

TLS where both client and server authenticate with certificates.

O

OTP (One-Time Password)

6-digit verification code sent to user’s email.

OU (Organizational Unit)

Container in AD that holds users, groups, and other objects.

P

Policy

Rules that define who can use self-service, what actions are allowed, and when approval is required.

R

Risk Score

Numerical value (0-100) calculated based on various factors to assess request risk.

RLS (Row Level Security)

PostgreSQL feature that enforces data isolation between tenants.

S

Service Account

AD account used by the connector to perform LDAP operations.

StartTLS

Method to upgrade an LDAP connection to TLS on port 389.

T

Tenant

An organization using AD Unlock. Each tenant has isolated data and configuration.

W

Webhook

HTTP callback that delivers real-time notifications (e.g., WhatsApp messages).

Z

Z-API

Third-party service used for WhatsApp integration.

Last updated on
Error CodesHow to Diagnose