H3C Technologies H3C S12500-X Series Switches User Manual

Page 22

An LDAP client uses the LDAP server administrator DN to bind with the LDAP server, establishes a

connection to the server, and obtains the right to search.

The LDAP client uses the username in the authentication information of a user to construct search
conditions, searches for the user in the specified root directory of the server, and obtains a user DN

list.

The LDAP client uses each user DN in the obtained user DN list and the user's password to bind
with the LDAP server. If a binding succeeds, the user is a legal user.

The LDAP authorization process is similar to the LDAP authentication process, except that the client

obtains the authorization information and the user DN list at step 2 in the work flow.

•

If the authorization information meets the authorization requirements, the authorization process
ends.

•

If the authorization information does not meet the authorization requirements, the client sends an
administrator bind request to the LDAP server to obtain the right to search for authorization

information about users on the user DN list.

346B

Basic LDAP packet exchange process

The following example illustrates the basic packet exchange process during LDAP authentication and

authorization for a Telnet user.

Figure 7 Basic packet exchange process for LDAP authentication of a Telnet user

The basic packet exchange process is as follows:

A Telnet user initiates a connection request and sends the username and password to the LDAP
client.

After receiving the request, the LDAP client establishes a TCP connection with the LDAP server.

To obtain the right to search, the LDAP client uses the administrator DN and password to send an
administrator bind request to the LDAP server.

3) Administrator bind request

4) Bind response

5) User DN search request

6) Search response

7) User DN bind request

8) Bind response

Host

LDAP client

LDAP server

9) Authorization

10) The user logs in successfully

1) The user logs in by Telnet

2) Establish a TCP connection

This manual is related to the following products:

H3C S5560 Series Switches H3C WX6000 Series Access Controllers H3C WX5000 Series Access Controllers H3C WX3000 Series Unified Switches H3C LSWM1WCM10 Access Controller Module H3C LSWM1WCM20 Access Controller Module H3C LSQM1WCMB0 Access Controller Module H3C LSRM1WCM2A1 Access Controller Module H3C LSBM1WCM2A0 Access Controller Module H3C S9800 Series Switches H3C S5130 Series Switches H3C S5120 Series Switches