LDAP Technical Specifications

Simple Bind Authentication Process

Client

LDAP Server

Sentry

Initiate Sentry

 

Prompt for login

session

 

credentials

Authentication

 

Simple bind using

request with

 

 

Search Bind

Usename/

 

 

DN & Password

Password

 

 

 

 

 

Subtree search

 

Successful

starting from

 

User Search Base

 

Bind?

 

DN with User

 

 

 

 

Search Filter

 

Username

Simple Bind using

 

User FQDN and

 

found?

 

login password

 

 

 

 

Subtree search

 

Successful

starting from

 

User Search Base

 

Bind?

 

DN with User

 

 

 

 

Search Filter

Access Denied

 

 

 

 

Attribute name

 

Username

compared to

 

Group

 

found?

 

Membership

 

 

 

 

Attribute

 

 

Username groups

 

Attribute

access rights

 

compared against

 

match?

 

Sentry LDAP

 

 

 

 

groups

 

Group

 

 

match?

 

Access Granted

 

 

MD5 Bind Authentication Process

Client

LDAP Server

Sentry

Initiate Sentry

 

Prompt for login

session

 

credentials

Authentication

 

SASL Digest-MD5

 

bind using

request with

 

 

uppercase

Usename/

 

 

username &

Password

 

 

entered password

 

 

 

 

Subtree search

 

Successful

starting from

 

User Search Base

 

Bind?

 

DN with User

 

 

 

 

Search Filter

 

 

Attribute name

 

Username

compared to

 

Group

 

found?

 

Membership

 

 

 

 

Attribute

Access Denied

 

 

 

 

Username groups

 

Attribute

access rights

 

compared against

 

match?

 

Sentry LDAP

 

 

 

 

groups

 

Group

 

 

match?

 

Access Granted

 

 

62 • Advanced Operations

Sentry PT22

 

Installation and Operations Manual