Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 

LDAP Request Life Cycle

 

Steel-Belted Radius Carrier performs these steps in response to an LDAP authentication request for both scripted and non-scripted configurations.

  1. At the beginning of each LDAP authentication request, Steel-Belted Radius Carrier creates a variable table to map RADIUS access-request attributes to LDAP attributes for use in LDAP Bind, Base, and Search strings. The [Request] section of the LDAP plug-in configuration file is used to select which attributes are extracted from the incoming request and placed in the variable table.

  2. Steel-Belted Radius Carrier performs one or more LDAP searches. Parameters for each search are given in the Search/name] sections of the configuration file. After a search is performed, selected attributes are copied from the LDAP response and placed in the variable table.

  3. Steel-Belted Radius Carrier uses the [Response] section to select information from the variable table to be returned to the RADIUS client in the RADIUS response packet.

Figure 277 shows how the LDAP variable table is populated with information coming from a RADIUS access-request message, default values, and the results of LDAP Bind, Base, and Search requests. The information in the variable table is then used to format the access-response packet that is returned to the RADIUS client.

Figure 277: Role of the Variable Table in LDAP Authentication
Role of the Variable Table in LDAP Authentication