Ldap - HP 6125XLG Configuration Manual

9. The user enters the password.
10. After receiving the login password, the HWTACACS client sends the HWTACACS server a
continue-authentication packet that includes the login password.
11. If the authentication succeeds, the HWTACACS server sends back an authentication response to
indicate that the user has passed authentication.
12. The HWTACACS client sends a user authorization request packet to the HWTACACS server.
13. If the authorization succeeds, the HWTACACS server sends back an authorization response,
indicating that the user is now authorized.
14. Knowing that the user is now authorized, the HWTACACS client pushes its CLI to the user and
permits the user to log in.
15. The HWTACACS client sends a start-accounting request to the HWTACACS server.
16. The HWTACACS server sends back an accounting response, indicating that it has received the
start-accounting request.
17. The user logs off.
18. The HWTACACS client sends a stop-accounting request to the HWTACACS server.
19. The HWTACACS server sends back a stop-accounting response, indicating that the
stop-accounting request has been received.

LDAP

The Lightweight Directory Access Protocol (LDAP) provides standard multi-platform directory service. It is
developed on the basis of the X.500 protocol, and improves the read/write interactive access, browse,
and search functions of X.500. It is suitable for storing data that does not often change.
LDAP is typically used to store user information. For example, LDAP server software Active Directory
Server is used in Microsoft Windows operating systems to store the user information and user group
information for user login authentication and authorization.
LDAP directory service
LDAP uses directories to maintain the organization information, personnel information, and resource
information. The directories are organized in a tree structure and comprise entries. An entry is a set of
attributes with distinguished names (DNs). The attributes are used to store information such as usernames,
passwords, emails, computer names, and phone numbers.
LDAP uses a client/server model, and all directory information is stored in the LDAP server. Commonly
used LDAP server products include Microsoft Active Directory Server, IBM Tivoli Directory Server, and Sun
ONE Directory Server.
LDAP authentication and authorization
AAA can use LDAP to provide user authentication and authorization services. LDAP defines a set of
operations to implement its functions. The main operations for authentication and authorization are the
bind operation and search operation:
The bind operation allows an LDAP client to establish a connection with the LDAP server, obtain the
•
access rights to the LDAP server, and check the validity of user information.
• The search operation constructs search conditions and obtains the directory resource information of
the LDAP server.
The basic LDAP authentication process is as follows:
9