Client authentication determines how a client identifies itself to Directory Proxy Server.
From a protocol perspective, client authentication can occur at two levels:
LDAP level. Authentication occurs in the LDAP bind operation.
Connection level. Authentication occurs in the network connection established between the client and Directory Proxy Server.
Directory Proxy Server can also be configured to accept client requests without authentication.
The following list summarizes the supported authentication options. These options are discussed in more detail in the remainder of this chapter.
Simple bind authentication. Simple bind authentication occurs at the bind level. When the client binds, it provides a unique name (bind DN) and password to Directory Proxy Server. Directory Proxy Server forwards these credentials, along with the bind request, to a backend LDAP server.
Simple bind authentication can also be made over a secure connection. However, the server still identifies the client from its bind DN.
Certificate-based authentication Certificate-based authentication occurs at the connection level when the connection is secure. When authentication occurs at the connection level, the client connects over an encrypted (SSL) connection and provides a certificate. Directory Proxy Server checks the validity of the client certificate and maps the certificate to an LDAP DN.
No authentication. If the client does not provide a certificate, or a bind DN and password, no authentication occurs. In this case, the client connects to Directory Proxy Server anonymously. This is known as anonymous access.