Red Hat DIRECTORY SERVER 7.1 - ADMINISTRATOR Administrator's Manual page 514

How Directory Server Uses PTA
The user directory in this example acts as the PTA directory server, the server that
passes through bind requests to another directory server. The configuration
directory acts as the authenticating directory, the server that contains the entry and
verifies the bind credentials of the requesting client.
You will also see the term pass-through subtree used in this chapter. The
pass-through subtree is the subtree not present on the PTA directory. When a
user's bind DN contains this subtree, the user's credentials are passed on to the
authenticating directory.
NOTE
Here's how pass-through authentication works:
You install the configuration directory server (authenticating directory) on
1.
machine A.
H
H
You install the user directory server (PTA directory) on machine B.
2.
H
H
During the installation of the user directory on machine B, you are prompted
3.
to provide an LDAP URL. This URL points to the configuration directory on
machine A.
The installation program adds an entry to the
4.
directory that enables the PTA Plug-in.
This entry contains the LDAP URL you provided. For example:
514 Red Hat Directory Server Administrator's Guide • May 2005
The PTA Plug-in is not listed in Directory Server Console when you
use the same server for your user directory and your configuration
directory.
Server name:
configdir.example.com
Suffix:
o=NetscapeRoot
Server name:
userdir.example.com
Suffix:
dc=example,dc=com
dn: cn=Pass Through Authentication,cn=plugins,cn=config
objectClass: top
objectClass: nsSlapdPlugin
objectClass: extensibleObject
cn: Pass Through Authentication
nsslapd-pluginPath:
/opt/redhat-ds/servers/lib/passthru-plugin.so
nsslapd-pluginInitfunc: passthruauth_init
nsslapd-pluginType: preoperation
file on the user
dse.ldif