LDAP Connection Establishment, Authentication, and Requests

UDR is responsible for establishing the LDAP connection from its Ud client to the off-board database. This is performed as outlined in section 5.2 of 3GPP TS 29.335, User Data Repository Access Protocol over the Ud Interface, Release 12, with UDR functioning in the role of the FE. A TCP connection is initiated, which can be secured by leveraging IPSec. UDR supports multiple simultaneous connections, in order to increase overall throughput.

The LDAP session is initiated with an LDAP BindRequest message, as outlined in IETF RFC4513, LDAP Authentication Methods and Security Mechanisms, June 2006 and 3GPP TS 29.335, User Data Repository Access Protocol over the Ud Interface, Release 12. Either the unauthenticated authentication mechanism of a simple bind or the name/password authentication mechanism of a simple bind is supported to authenticate the request, as specified in IETF RFC4513, LDAP Authentication Methods and Security Mechanisms, June 2006. UDR provides a configuration interface that allows username/password credentials to be managed and stored, which is used when it initiates an LDAP connection with the off-board database.

Once the LDAP connection has been authenticated, UDR can generate a request for subscriber data, as outlined in section 6 of 3GPP TS 29.335, User Data Repository Access Protocol over the Ud Interface, Release 12. This includes the ability to query subscriber records using LDAP messages. UDR translates the subscriber data that is received from the off-board database to its internal XML format, as described in section 4.1.1. The ability to create, update, and delete subscriber data in the off-board database is outside the scope of this feature.

When it comes time to remove the connection, then an LDAP UnbindRequest message is processed (assuming a BindRequest was used to initiate the connection), as outlined in section 5.3 of 3GPP TS 29.335, User Data Repository Access Protocol over the Ud Interface, Release 12.