HP FlexNetwork 10500 Series Security Configuration Manual page 24

1. Uses the LDAP server administrator DN to bind with the LDAP server. After the binding is
created, the client establishes a connection to the server and obtains the right to search.
2. Constructs search conditions by using the username in the authentication information of a user.
The specified root directory of the server is searched and a user DN list is generated.
3. Binds with the LDAP server by using each user DN and password. If a binding is created, the
user is considered legal.
In LDAP authorization, the client performs the same operations as in LDAP authentication. When the
client constructs search conditions, it obtains both authorization information and the user DN list.
•
If the authorization information meets the authorization requirements, the authorization process
ends.
•
If the authorization information does not meet the authorization requirements, the client sends
an administrator bind request to the LDAP server. This operation obtains the right to search for
authorization information about users on the user DN list.
Basic LDAP packet exchange process
The following example illustrates the basic packet exchange process during LDAP authentication
and authorization for a Telnet user.
Figure 7 Basic packet exchange process for LDAP authentication of a Telnet user
The basic packet exchange process is as follows:
1. A Telnet user initiates a connection request and sends the username and password to the
LDAP client.
2. After receiving the request, the LDAP client establishes a TCP connection with the LDAP
server.
3. To obtain the right to search, the LDAP client uses the administrator DN and password to send
an administrator bind request to the LDAP server.
4. The LDAP server processes the request. If the bind operation is successful, the LDAP server
sends an acknowledgment to the LDAP client.
5. The LDAP client sends a user DN search request with the username of the Telnet user to the
LDAP server.
10