Netscape DIRECTORY SERVER 6.2 - ADMINISTRATOR Administrator's Manual page 482

How Directory Server Uses PTA
PTA is required in this case because the
o=NetscapeRoot
the user directory as
to transmit the credentials to the configuration directory which verifies them.
The user directory then allows the
The user directory in this example acts as the PTA directory, that is, the server that
passes through bind requests to another directory server. The configuration
directory acts as the authenticating directory, that is, the server that contains the
entry and verifies the bind credentials of the requesting client.
You will also see the term pass-through subtree used in this chapter. The
pass-through subtree is the subtree not present on the PTA directory. When a user's
bind DN contains this subtree, the user's credentials are passed on to the
authenticating directory.
NOTE
Here's how pass-through authenticationworks:
You install the configuration directory server (authenticating directory) on
1.
Machine A.
You install the user directory server (PTA directory) on Machine B.
2.
During the installation of the user directory on Machine B, you are prompted
3.
to provide an LDAP URL. This URL points to the configuration directory on
Machine A.
The installation program adds an entry to the
4.
directory that enables the PTA plug-in.
This entry contains the LDAP URL you provided. For example:
482 Netscape Directory Server Administrator's Guide • December 2003
in the configuration directory. Therefore, attempts to bind to
would normally fail. PTA allows the user directory
admin
The PTA plug-in is not listed in Directory Server Console when
you use the same server for your user directory and your
configuration directory.
Server Name:
configdir.example.com
Suffix:
o=NetscapeRoot
Server Name:
userdir.example.com
Suffix:
dc=example,dc=com
user entry is stored under
admin
user to bind.
admin
dse.ldif
file on the user