Previous Topic: How an SSL Connection Is Established

Next Topic: Bypass the Entry Check

How a Directory Connection Is Established

After an SSL connection has been established between a client and a DSA, the client can use that connection to request a bind to the directory.

In LDAP, this is known as SASL/EXTERNAL.

In a distributed or X.500 environment, the bind external procedure is used. This tells the directory to use the certificate from the link layer.

The directory connection is established over an existing SSL link as follows:

  1. The client sends a bind request to the directory.
  2. The DSA checks the directory entry named by the subject DN contained in the certificate.
  3. If the DN named in the subject DN of the certificate match those in the directory, then the DSA accepts the bind request.

Note: In a secure environment, you can choose to bypass the DSA check on the DN.


Copyright © 2009 CA. All rights reserved. Email CA about this topic