bind operation - Sun OpenDS Standard Edition 2.2 Glossary of LDAP and Directory Terminology

Exit Print View
Sun OpenDS Standard Edition 2.2 Glossary of LDAP and Directory Terminology

Previous

Next

Document Information

abandon operation

abstract object class

Abstract Syntax Notation One

access control instruction (ACI)

access control rule

account expiration

account lockout

account status notification

account usability control

AND search filter

ANONYMOUS SASL mechanism

approximate index

approximate search filter

assertion value

attribute description

attribute option

attribute syntax

attribute usage

attribute value

attribute value assertion

authentication ID

authentication password syntax

authorization ID

authorization identity control

auxiliary object class

base64 encoding

Basic Encoding Rules

Berkeley DB Java Edition

cancel extended operation

certificate mapper

cn=Directory Manager

collective attribute

Common Development and Distribution License

compare operation

connection handler

CRAM-MD5 SASL mechanism

crypt algorithm

delete operation

deprecated password storage scheme

dereference policy

DIGEST-MD5 SASL mechanism

directory information tree

directory manager

directory server

directory server agent

Directory Services Markup Language

distinguished name

DIT content rule

DIT structure rule

DSA-specific entry

entry change notification control

equality search filter

extended operation

extensible match index

extensible match search filter

EXTERNAL SASL mechanism

failover algorithm

generalized time

get effective rights control

global index catalog

greater than or equal to search filter

GSSAPI SASL mechanism

id2entry database

identity mapper

idle account lockout

in-core restart

index entry limit

intermediate response

Java Management Extensions

key manager provider

last login time

lastmod plug-in

LDAP assertion control

ldapcompare tool

LDAP Data Interchange Format

ldapdelete tool

LDAP false filter

LDAP intermediate response

LDAP modify DN operation

LDAP modify operation

ldapmodify Tool

LDAP no-op control

LDAP post-read control

LDAP pre-read control

LDAP search filter

ldapsearch tool

less than or equal to search filter

lexico algorithm

Lightweight Directory Access Protocol

lookthrough limit

manage DSA IT control

matched values control

matching rule use

modification type

modify DN operation

modify operation

normalized value

notice of disconnection unsolicited notification

NOT search filter

numeric algorithm

object class type

object identifier

operational attribute

OR search filter

password expiration

password generator

Password Modify extended operation

password policy

password policy control

password storage scheme

password validator

persistent search control

PLAIN SASL mechanism

presence search filter

proportional algorithm

protocol data unit

proxied authorization control

quality of protection

QuickSetup installer

real attributes only control

referential integrity

relative distinguished name

replication repair control

request for comments

saturation algorithm

saturation alert

saturation threshold

schema checking

search attributes

search operation

search result done

search result entry

search result reference

Secure Hash Algorithm

Secure Sockets Layer

server-side sort control

simple authentication

Simple Authentication and Security Layer

simple paged results control

StartTLS extended operation

structural object class

subschema subentry

substring assertion

substring index

substring search filter

subtree delete control

supported control

supported extension

supported feature

synchronization

Transport Security Layer

trust manager provider

unbind operation

unindexed search

UNIX crypt algorithm

unsolicited notification

virtual attribute

virtual attributes only control

virtual directory

virtual list view control

virtual static group

"Who Am I?" extended operation

workflow element

writability mode

bind operation

The LDAP bind operation can be used to authenticate to the Directory Server. There are two basic types of bind operations:

A simple bind operation, which uses simple authentication involving a bind DN and password to authenticate to the server.
A SASL bind operation, which uses the Simple Authentication and Security Layer to authenticate the client, which can use a variety of types of credentials based on the selected SASL mechanism.

The bind request protocol op is defined as follows:

BindRequest ::= [APPLICATION 0] SEQUENCE {
     version                 INTEGER (1 ..  127),
     name                    LDAPDN,
     authentication          AuthenticationChoice } 

AuthenticationChoice ::= CHOICE {
     simple                  [0] OCTET STRING,
                                 -- 1 and 2 reserved
     sasl                    [3] SaslCredentials,
     ...  }

SaslCredentials ::= SEQUENCE {
     mechanism               LDAPString,
     credentials             OCTET STRING OPTIONAL }

The elements of the request include:

The LDAP protocol version. Allowed values are 2 and 3, although LDAPv2 has been classified as a historical protocol and is no longer recommended for use.
The bind DN. This is always used for simple authentication (although it may be a zero-length string for anonymous simple authentication), and is generally not used for SASL authentication.
The credentials. The type of credentials provided vary based on the authentication type.
- For simple authentication, the credentials should be the password for the target bind DN, or an empty string for anonymous simple authentication.
- For SASL authentication, the credentials should include the name of the SASL mechanism to use, and may optionally include encoded credential information appropriate for the SASL mechanism.

The response to an LDAP bind operation is defined as follows:

BindResponse ::= [APPLICATION 1] SEQUENCE {
     COMPONENTS OF LDAPResult,
     serverSaslCreds    [7] OCTET STRING OPTIONAL }

This indicates that the bind response will include the elements in the LDAP result object and may also include a set of server SASL credentials if appropriate for the authentication type.

Legal Copyright 1994-2009 Sun Microsystems, Inc.

Previous

Next