Directory Proxy Server Configured for Proxy Authorization and the Client Request Does Not Contain a Proxy Authorization (Sun Java System Directory Server Enterprise Edition 6.0 Reference)

Sun Java System Directory Server Enterprise Edition 6.0 Reference

Previous: Connections When Directory Proxy Server Is Configured for Proxy Authorization
Next: Directory Proxy Server Configured for Proxy Authorization and the Client Request Does Contain a Proxy Authorization

Directory Proxy Server Configured for Proxy Authorization and the Client Request Does Not Contain a Proxy Authorization

Figure 24–3 shows the flow of information when Directory Proxy Server is configured for proxy authorization. The client in Figure 24–2 makes, and Directory Proxy Server adds a proxy authorization control.

Figure 24–3 Information Flow When Proxy Authorization Control Is Added by Directory Proxy Server

Figure shows the flow of information when a client request
does not contain a proxy authorization control.

The client sends a SEARCH request SEARCH 1, that does not contain a proxy authorization control. The request is targeted at LDAP server 1.
Directory Proxy Server adds a proxy authorization control to the request and forwards the SEARCH operation to LDAP server 1, reusing connection 2.

The SEARCH operation is performed with the authorization of the user specified in the proxy authorization control. That authorization is defined in the RW ACIs on the LDAP server for the user specified in the proxy authorization control.
The client sends a second SEARCH request, SEARCH 2, that does not contain a proxy authorization control. The request is targeted at LDAP server 2.
The Directory Proxy Server forwards the SEARCH operation to LDAP server 2, reusing connection 3.

Notice that it is not necessary for the client to bind to LDAP server 2 before the request can be processed, and it is not necessary for the LDAP server to contain an entry for the client.