Google Git
Sign in
apache / directory-site / 6230fd617378ee6404047f7caa0c297150fbc2ef / . / content / apacheds / advanced-ug / 4.1-authentication.mdtext
blob: 7a4473305973c225f24aeebf4beafe5257fa507a [file] [log] [blame]
Title: 4.1. Authentication
NavPrev: 4-authentication-and-authorization.html
NavPrevText: 4 - Authentication & Authorization
NavUp: 4-authentication-and-authorization.html
NavUpText: 4 - Authentication & Authorization
NavNext: 4.1.1-simple-authn.html
NavNextText: 4.1.1 - Simple authentication
Notice: Licensed to the Apache Software Foundation (ASF) under one
or more contributor license agreements. See the NOTICE file
distributed with this work for additional information
regarding copyright ownership. The ASF licenses this file
to you under the Apache License, Version 2.0 (the
"License"); you may not use this file except in compliance
with the License. You may obtain a copy of the License at
.
http://www.apache.org/licenses/LICENSE-2.0
.
Unless required by applicable law or agreed to in writing,
software distributed under the License is distributed on an
"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
KIND, either express or implied. See the License for the
specific language governing permissions and limitations
under the License.
# 4.1. Authentication
## Chapter content
* [4.1.1 - Simple authentication](4.1.1-simple-authn.html)
* [4.1.1.1 - Anonymous Authentication](4.1.1.1-anonymous-authn.html)
* [4.1.1.2 - Name/Password Authentication](4.1.1.2-name-password-authn.html)
* [4.1.1.3 - Unauthenticated Authentication](4.1.1.3-unauthenticated-authn.html)
* [4.1.2 - SASL authentication](4.1.2-sasl-authn.html)
* [4.1.2.1 - SASL PLAIN text Authentication](4.1.2.1-sasl-plain-text-authn.html)
* [4.1.2.2 - SASL CRAM-MD5 Authentication](4.1.2.2-sasl-cram-md5-authn.html)
* [4.1.2.3 - SASL DIGEST-MD5 Authentication](4.1.2.3-sasl-digest-md5-authn.html)
* [4.1.2.4 - SASL GSSAPI Authentication](4.1.2.4-sasl-gssapi-authn.html)
* [4.1.2.5 - SASL EXTERNAL Authentication](4.1.2.5-sasl-external-authn.html)
* [4.1.2.6 - SASL NTLM Authentication](4.1.2.6-sasl-ntlm-authn.html)
* [4.1.3 - Kerberos authentication](4.1.3-kerberos-authn.html)
* [4.1.4 - Client authentication through certificates](4.1.4-certificate-authn.html)
**LDAP** is a connected protocol. That means you should create a session before being able to fetch some data from the server. This session is created through an authentication process.
There are two different types of authentication on LDAP :
* Simple
* SASL
We will describe those two kind of authentication, and will also describe how this can be leveraged by some specific authentication mechanisms, like Kerberos or based on certificates.
Last, not least, the **Anonymous** authentication will be explain in a separate chapter, even if it's a part of the Simple authentication mechanism.
## Authentication and LDAP Session
An authentication will result in the creation of a LDAP session, which will exist as long as the authenticated user does not physically disconnect from the server.
A Session can have his status changed all alog its life : we can switch from an Authenticated state to an Anonymous state, and back to a SASL authenticated state. The session is created the first time the user connects on the server, and its status changes when the user authenticates.