4.1. Authentication
Chapter content
- 4.1.1 - Simple authentication
- 4.1.2 - SASL authentication
- 4.1.3 - Kerberos authentication
- 4.1.4 - Client authentication through certificates
LDAP is a connected protocol. That means you should create a session before being able to fetch some data from the server. This session is created through an authentication process.
There are two different types of authentication on LDAP :
- Simple
- SASL
We will describe those two kind of authentication, and will also describe how this can be leveraged by some specific authentication mechanisms, like Kerberos or based on certificates.
Last, not least, the Anonymous authentication will be explain in a separate chapter, even if it’s a part of the Simple authentication mechanism.
Authentication and LDAP Session
An authentication will result in the creation of a LDAP session, which will exist as long as the authenticated user does not physically disconnect from the server.
A Session can have his status changed all alog its life : we can switch from an Authenticated state to an Anonymous state, and back to a SASL authenticated state. The session is created the first time the user connects on the server, and its status changes when the user authenticates.