When a user binds with a user name and password, the system checks the password supplied with the bind against the password in the datastore for the specified user.
By default CA Directory will not allow binds using aliases. To enable aliases to be used on binds, use set dereference-alias-on-bind = true.
If you have set CA Directory to allow alias on bind and the user name is an alias, the system checks the password against the password in the entry to which the alias points, but the user name associated with the bind is the alias name.
This means that a user can bind with more than one user name, and each user name can have different access controls associated with it.
Copyright © 2011 CA. All rights reserved. | Email CA Technologies about this topic |