Administration GuideSet Up AuthenticationBind Requests in a Distributed Environment › Example: Forward a Password Check to Another DSA

Previous Topic: Bind Requests in a Distributed Environment

Next Topic: Change the Allow check password Setting

Example: Forward a Password Check to Another DSA

In this example, the router DSA contains no entries. This means that the router DSA must delegate checks of user credentials to another DSA.

The Customers DSA contains the entries for the customers, including the credentials required during binds. The Allow check password setting for the Customers DSA is true.

The following diagram shows how the router DSA delegates a password check to the Customers DSA:

  1. The router DSA receives a bind request from a user whose credentials are stored in the Customers DSA. The router DSA cannot check the user's credentials, but it knows that the Customers DSA can.
  2. The router DSA checks the configuration of the Customers DSA to see whether it can trust the Customers DSA to authenticate a user. The Allow check password setting indicates that this is permissible.
  3. The router DSA requests the Customers DSA to authenticate the user.
  4. The Customers DSA responds with the user's authentication.
  5. The router DSA returns the bind confirmation to the client.