Lightweight Directory Access Protocol (LDAP) is an Internet protocol for querying and modifying directory services. The LDAP authentication server keeps information about users, including authentication information such as user properties and authentication scripts, in special-purpose databases termed as Directories. When a connection request arrives at the Forefront Unified Access Gateway (UAG), the user name and password are authenticated against the LDAP Directory.

Forefront UAG implements the following LDAP authentication schemes:

The supported LDAP authentication schemes are capable of the following:

LDAP authentication flow

The following figure illustrates the authentication process for users when the LDAP authentication scheme is implemented with one authentication server.

The flow allows for three login attempts, after which login failure is final. The number of login attempts users are allowed is configurable.

LDAP Authentication Flow