Basic ldap message exchange process – H3C Technologies H3C WX3000E Series Wireless Switches User Manual
Page 24
10
•
The search operation constructs search conditions and obtains the directory resource information of
the LDAP server.
The basic LDAP authentication process is as follows:
1.
An LDAP client uses the LDAP server administrator DN to bind with the LDAP server, establishes a
connection to the server, and obtains the search rights.
2.
The LDAP client uses the username in the authentication information of a user to construct search
conditions, searches for the user in the specified root directory of the server, and obtains a user DN
list.
3.
The LDAP client uses each user DN in the obtained user DN list and the user's password to bind
with the LDAP server. If a binding succeeds, the user is a legal user.
The LDAP authorization process is similar to the LDAP authentication process. The difference is that the
client checks the authorization information obtained together with the user's DN. If the authorization
information satisfies the authorization need, the authorization process ends. Otherwise, the client uses
the LDAP server administrator DN to bind with the LDAP server again, constructs search conditions by
using the user's DN, and searches for other required authorization information.
Basic LDAP message exchange process
The example describes the basic message exchange process in LDAP authentication and authorization
for a Telnet user.
Figure 7 Basic message exchange process for LDAP authentication of a Telnet user
The basic message exchange process is as follows:
1.
A Telnet user initiates a connection request and sends the username and password to the LDAP
client.
2.
Upon receiving the request, the LDAP client establishes a TCP connection with the LDAP server.
3.
The LDAP client uses the administrator DN and password to send an administrator bind request to
the LDAP server to obtain the search right.
3) Administrator bind request
4) Bind response
5) User DN search request
6) Search response
7) User DN bind request
8) Bind response
Host
LDAP client
LDAP server
9) Authorization
10) The user logs in successfully
1) The user logs in by Telnet
2) Establish a TCP connection
- H3C WX5500E Series Access Controllers H3C WX3500E Series Access Controllers H3C WX2500E Series Access Controllers H3C WX6000 Series Access Controllers H3C WX5000 Series Access Controllers H3C LSWM1WCM10 Access Controller Module H3C LSUM3WCMD0 Access Controller Module H3C LSUM1WCME0 Access Controller Module H3C LSWM1WCM20 Access Controller Module H3C LSQM1WCMB0 Access Controller Module H3C LSRM1WCM2A1 Access Controller Module H3C LSBM1WCM2A0 Access Controller Module H3C WA3600 Series Access Points H3C WA2600 Series WLAN Access Points H3C S10500 Series Switches H3C S5800 Series Switches H3C S5820X Series Switches H3C S12500 Series Switches H3C S9500E Series Switches H3C MSR 5600 H3C MSR 50 H3C MSR 3600 H3C MSR 30 H3C MSR 2600 H3C MSR 20-2X[40] H3C MSR 20-1X H3C MSR 930 H3C MSR 900 H3C SR8800 H3C SR6600-X H3C SR6600 H3C SecPath F5020 H3C SecPath F5040 H3C VMSG VFW1000