Sun Directory Server Enterprise Edition 7.0 Developer's Guide

Bind Processing in Directory Server

Before Directory Server calls a preoperation bind plug-in, Directory Server completes authentication for anonymous binds, binds by the Directory Manager, and binds by replication users before calling preoperation bind functions. Thus, the server completes the bind without calling the plug-in.


Note –

For SASL authentication mechanisms, preoperation and postoperation bind functions can be called several times during processing of a single authentication request.

In fact, multiple LDAP bind operations can be used to implement the authentication mechanism, as is the case for DIGEST-MD5, for example.


How Directory Server Processes the Bind

    To process the bind, Directory Server, does the following:

  1. Parses the bind request

  2. Determines the authentication method

  3. Determines whether the bind DN is handled locally

  4. Adds request information to the parameter block

  5. Determines whether to handle the bind in the front end or to call preoperation bind plug-in functions

  6. Performs the bind or not, using information about the bind DN entry from the server back end

Following is a description of each action: