LDAP servers expect connections only from LDAP users; therefore, DXlink must make the X.500 backbone look like an ordinary LDAP user.
A complication arises with name and password security (simple credentials). In DSP, a single link between DSAs can support any number of users, because user information is passed with each DSP request. However, in LDAP, links cannot be shared, so the CA Directory DSA must set up separate links for every LDAP user.
When the DSA is acting as a direct pass-through from a user to an LDAP server and the user's name is on the LDAP server, the DSA sets up a separate link for that user and uses their credentials in that link.
Copyright © 2009 CA. All rights reserved. | Email CA about this topic |