If the configured LDAP directory requires clients to authenticate to it,
you must select the appropriate authentication method in the
Authentication Type field. When the Enterprise Gateway connects
to the LDAP directory, it will be authenticated using the selected
method. The Enterprise Gateway can authenticate to an LDAP directory using the
following methods:
It is important to note that if any of the following methods are to
connect to the LDAP server over SSL, then that server's SSL certificate
must be imported into the
Oracle Trusted Certificate Store.
None:
No authentication credentials need be submitted to the LDAP server for
this method. In other words, the client connects anonymously to the
server. Typically a client is only allowed to perform "read" operations
when connected anonymously to the LDAP server. It is not necessary to
enter any details for this authentication method.
Simple:
Simple authentication involves sending a user name
and corresponding password in clear-text to the LDAP server. Since the
password is passed in clear-text to the LDAP server, it is recommended
to connect to the server over an encrypted channel, for example, over SSL.
It is not necessary to specify a Realm for the
Simple authentication method. The realm is only
used when a hash of the password is supplied (i.e. for Digest-MD5).
However, in cases where the LDAP server contains multiple realms, and
the specified user name is present in more than one of these realms, then
it is at the discretion of the specific LDAP server as to which user
name will actually bind to it.
Click the SSL Enabled checkbox to force the Enterprise Gateway to
connect to the LDAP directory over SSL. In order to successfully
establish SSL connections with the LDAP directory, the directory's
certificate must be imported into the Enterprise Gateway's certificate store.
Digest-MD5:
With Digest-MD5 authentication, the server generates
some data and sends it to the client. The client encrypts this data with
its password according to the MD5 algorithm. The LDAP server then uses
the client's stored password to decrypt the data and hence authenticate
the user.
The Realm field is optional here, but may be necessary
in cases where the LDAP server contains multiple realms. If a realm is
specified here, the LDAP server will attempt to authenticate the user
for the specified realm only.
|