Table of Contents
Advertisement
How the Directory Server Identifies Clients
•
Simple Authentication and Security Layer (SASL) is described in RFC 2222,
which you can find at
SASL provides the means to use mechanisms other than simple
authentication and SSL to authenticate to the Directory Server.
How the Directory Server Identifies Clients
The server keeps track of the identity of the LDAP client through the
SLAPI_CONN_DN
During an LDAP
DN and authenticated method in the
parameters.
When an authenticated client requests the server to perform an LDAP operation,
the server checks the DN in the
client has the appropriate access rights.
How the Authentication Process Works
When the Directory Server receives an LDAP
processes the request in the following steps:
The server parses the LDAP
1.
information:
If the method of authentication is
server also retrieves the name of the SASL mechanism used from the LDAP
bind
The server normalizes the DN retrieved from the request. (See the
2.
slapi_dn_normalize()
The server retrieves any LDAPv3 controls included with the LDAP
3.
request.
102
Netscape Directory Server Plug-in Programmer's Guide • October 2004
http://www.ietf.org/rfc/rfc2222.txt
and
SLAPI_CONN_AUTHTYPE
operation, the server authenticates the user and puts the
bind
The DN as which the client is attempting to authenticate.
The method of authentication used.
Any credentials (such as a password) included in the request.
request.
parameters.
SLAPI_CONN_DN
parameter to determine if the
SLAPI_CONN_DN
bind
request and retrieves the following
bind
LDAP_AUTH_SASL
function for more information on normalized DNs.)
and
SLAPI_CONN_AUTHTYPE
request from a client, it
(SASL authentication), the
bind
Advertisement
Table of Contents
