LDAP Technical Specifications
Simple Bind Authentication Process
Client | LDAP Server | Sentry |
Initiate Sentry |
| Prompt for login |
session |
| credentials |
Authentication |
| Simple bind using |
request with |
| |
| Search Bind | |
Usename/ |
| |
| DN & Password | |
Password |
| |
|
| |
|
| Subtree search |
| Successful | starting from |
| User Search Base | |
| Bind? | |
| DN with User | |
|
| |
|
| Search Filter |
| Username | Simple Bind using |
| User FQDN and | |
| found? | |
| login password | |
|
| |
|
| Subtree search |
| Successful | starting from |
| User Search Base | |
| Bind? | |
| DN with User | |
|
| |
|
| Search Filter |
Access Denied |
|
|
|
| Attribute name |
| Username | compared to |
| Group | |
| found? | |
| Membership | |
|
| |
|
| Attribute |
|
| Username groups |
| Attribute | access rights |
| compared against | |
| match? | |
| Sentry LDAP | |
|
| |
|
| groups |
| Group |
|
| match? |
|
Access Granted |
|
|
MD5 Bind Authentication Process
Client | LDAP Server | Sentry |
Initiate Sentry |
| Prompt for login |
session |
| credentials |
Authentication |
| SASL |
| bind using | |
request with |
| |
| uppercase | |
Usename/ |
| |
| username & | |
Password |
| |
| entered password | |
|
| |
|
| Subtree search |
| Successful | starting from |
| User Search Base | |
| Bind? | |
| DN with User | |
|
| |
|
| Search Filter |
|
| Attribute name |
| Username | compared to |
| Group | |
| found? | |
| Membership | |
|
| |
|
| Attribute |
Access Denied |
|
|
|
| Username groups |
| Attribute | access rights |
| compared against | |
| match? | |
| Sentry LDAP | |
|
| |
|
| groups |
| Group |
|
| match? |
|
Access Granted |
|
|
62 • Advanced Operations | Sentry PT22 |
| Installation and Operations Manual |