3.1.5.12 LDAP Client Connects to Directory Server Implementing Extension Bundle B

The task for an LDAP client to connect to a directory server implementing extension bundle B comprises the following sequence of protocol exchanges:

1. The LDAP client establishes a first TCP connection to the directory server.

2. If configured, the LDAP client negotiates SSL, as described in section 2.1 of this document.

3. If configured to use DIGEST-MD5, the LDAP client issues two requests. First it requests a baseObject Search of the root DSE requesting the attribute vendorVersion. It then requests a baseObject Search of the root DSE requesting the attribute ibm-sasldigestrealmname.

4. The LDAP client binds using either the simple authentication method or the DIGEST-MD5 authentication method as described in section 2.2.1 of this document.

5. If the LDAP client did not request retrieving the vendor version in step 3, the LDAP client requests a baseObject Search of the root DSE requesting the attribute vendorVersion.

6. If configured to not use SSL and not use DIGEST-MD5:

   1. The LDAP client establishes a second TCP connection to the directory server.

   2. The LDAP client binds using the simple authentication method on the second TCP connection, as described in section 2.2.1 of this document.

   3. The LDAP client requests on the second connection a baseObject Search of the root DSE requesting the attribute vendorVersion. This second connection is no longer used by the LDAP client until it is unbound and closed as described in section 3.1.5.5 of this document.