Specifications
LDAP Technical Specifications
LDAP Authentication Process
Simple Bind Authentication Process
LDAP Server SentryClient
Initiate Sentry
session
Authentication
request with
Usename/
Password
Successful
Bind?
Username
found?
Successful
Bind?
Attribute
match?
Username
found?
Attribute name
compared to
Group
Membership
Attribute
Subtree search
starting from
User Search Base
DN with User
Search Filter
Prompt for login
credentials
Simple Bind using
User FQDN and
login password
Simple bind using
Search Bind
DN & Password
Subtree search
starting from
User Search Base
DN with User
Search Filter
MD5 Bind Authentication Process
SentryLDAP ServerClient
Access Granted
Username groups
access rights
compared against
Sentry LDAP
groups
Initiate Sentry
session
Prompt for login
credentials
106 Advanced Operations
Installation and Operations Manual
LDAPS (LDAP-over-TLS/SSL) Client Specifications
Secure Sockets Layer (SSL) version 3
Transport Layer Security (TLS) version 1 (RFC 2246)
x.509 version 3 Server Certificates (RFC 2459) with RSA key sizes up to 4096 bits
Symmetric Cryptography Ciphers:
TLS_RSA_WITH_3DES_EDE_CBC_SHA (168-bit)
TLS_RSA_WITH_DEX_CBC_SHA (56-bit)
TLS_RSA_WITH_AES_128_CBC_SHA (128-bit)
TLS_RSA_WITH_AES_256_CBC_SHA (256-bit)
Server certificates are accepted and used on –the-fly
A NULL client certificate is sent to the server if a client certificate is requested
Access Denied
Username groups
access rights
compared against
Sentry LDAP
groups
Group
match?
SASL Digest-MD5
bind using
uppercase
username &
entered password
Authentication
re
quest with
Usename/
Password
Subtree search
starting from
User Search Base
DN with User
Search Filter
Successful
Bin
d?
Attribute name
compared to
Group
Membership
Attribute
Username
f
ound?
Access Denied
Attribute
match?
Group
match?
Access Granted