Skip Navigation Links | |
Exit Print View | |
Oracle Directory Server Enterprise Edition Reference 11 g Release 1 (11.1.1.5.0) |
1. Directory Server Enterprise Edition File Reference
Software Layout for Directory Server Enterprise Edition
Directory Server Instance Default Layout
Directory Proxy Server Instance Default Layout
Part I Directory Server Reference
4. Directory Server LDIF and Search Filters
6. Directory Server Monitoring
7. Directory Server Replication
8. Directory Server Data Caching
11. Directory Server Groups and Roles
12. Directory Server Class of Service
14. Directory Server Internationalization Support
Part II Directory Proxy Server Reference
15. Directory Proxy Server Overview
16. Directory Proxy Server Load Balancing and Client Affinity
17. Directory Proxy Server Distribution
18. Directory Proxy Server Virtualization
19. Connections Between Directory Proxy Server and Backend LDAP Servers
20. Connections Between Clients and Directory Proxy Server
21. Directory Proxy Server Client Authentication
Password Encryption and Verification
Certificate-Based Authentication
Configuring Certificates in Directory Proxy Server
Directory Proxy Server Client Listeners
22. Security in Directory Proxy Server
23. Directory Proxy Server Logging
Client authentication determines how a client identifies itself to Directory Proxy Server.
From a protocol perspective, client authentication can occur at two levels:
LDAP level. Authentication occurs in the LDAP bind operation.
Connection level. Authentication occurs in the network connection established between the client and Directory Proxy Server.
Directory Proxy Server can also be configured to accept client requests without authentication.
The following list summarizes the supported authentication options. These options are discussed in more detail in the remainder of this chapter.
Simple bind authentication. Simple bind authentication occurs at the bind level. When the client binds, it provides a unique name (bind DN) and password to Directory Proxy Server. Directory Proxy Server forwards these credentials, along with the bind request, to a backend LDAP server.
Simple bind authentication can also be made over a secure connection. However, the server still identifies the client from its bind DN.
Certificate-based authentication Certificate-based authentication occurs at the connection level when the connection is secure. When authentication occurs at the connection level, the client connects over an encrypted (SSL) connection and provides a certificate. Directory Proxy Server checks the validity of the client certificate and maps the certificate to an LDAP DN.
No authentication. If the client does not provide a certificate, or a bind DN and password, no authentication occurs. In this case, the client connects to Directory Proxy Server anonymously. This is known as anonymous access.