10
{
Obtain the access rights to the LDAP server.
{
Check the validity of user information.
•
The search operation constructs search conditions and obtains the directory resource information of
the LDAP server.
In LDAP authentication, the client completes the following tasks:
1.
Uses the LDAP server administrator DN to bind with the LDAP server. After the binding is created,
the client establishes a connection to the server and obtains the right to search.
2.
Constructs search conditions by using the username in the authentication information of a user. The
specified root directory of the server is searched and a user DN list is generated.
3.
Binds with the LDAP server by using each user DN and password. If a binding is created, the user
is considered legal.
In LDAP authorization, the client performs the same tasks as in LDAP authentication. When the client
constructs search conditions, it obtains both authorization information and the user DN list.
•
If the authorization information meets the authorization requirements, the authorization process
ends.
•
If the authorization information does not meet the authorization requirements, the client sends an
administrator bind request to the LDAP server. This operation obtains the right to search for
authorization information about users on the user DN list.
Basic LDAP packet exchange process
The following example illustrates the basic packet exchange process during LDAP authentication and
authorization for a Telnet user.
Figure 7
Basic packet exchange process for LDAP authentication of a Telnet user
The basic packet exchange process is as follows:
1.
A Telnet user initiates a connection request and sends the username and password to the LDAP
client.