Alias Entries and Authentication

To perform certain operations on the directory, users need to be authenticated. This is the case for modifications of directory content, or for reading the userPassword attribute of an entry. The level of access permitted is established during the bind process. For details, refer to "Binding to the Directory".

The DN supplied in a bind request can be the DN of an alias entry. With alias dereferencing, the user binds with the DN contained in the aliasedObjectName of the alias entry, and is granted the access rights defined for the entry with that DN.

Alias dereferencing during a bind operation is a configuration choice that needs to be made for the LDAP server. If aliases are not being dereferenced and the user binds with the DN of an alias entry, access is denied because the password attribute is not present. This also means that if you allow alias dereferencing, you allow users to bind without a password.

For information on specifying alias dereferencing for Sun Directory Services, refer to "Configuring LDAP Parameters".