Previous Topic: Configure Distributed User Authentication

Next Topic: Example: Forward a Password Check to Another DSA

Bind Requests in a Distributed Environment

DXmanager lets you define how much each DSA should trust another. By default, security is tight. The settings let you selectively relax security between DSAs.

In a distributed network of DSAs, users can bind to one DSA when their entries are held on a second DSA. When the initial bind is made, the DSA can forward the password compare check to a second DSA if certain authentication parameters are set.

To allow users to bind to a local DSA when their details are held on a remote DSA, the Allow check password value must be set to true in DXmanager. This is set to true by default.

When a bind is requested, the local DSA forwards a Password Compare request to the remote DSA. If this returns a Compare Confirm with the assertion true, the local DSA returns a Bind Confirm message to the user.

A request can include a chaining-prohibited control. CA Directory ignores this control.


Copyright © 2009 CA. All rights reserved. Email CA about this topic