When the ProxySG performs LDAP authentication, how often does it send a bind request with the search user DN?

In the context of LDAP authentication within the ProxySG, the system sends a bind request with the search user Distinguished Name (DN) during the initial authentication process for that particular realm. This means that when a user attempts to authenticate, the ProxySG will establish a connection to the LDAP directory and utilize the bind request to authenticate the search user against the directory.

By sending the bind request the first time an authentication request is made, the ProxySG can gain access to the LDAP server and subsequently perform user validation and authorization using that connection. This process ensures that the credentials of the search user are validated properly before any user-specific lookups are made.

Subsequent user connections do not trigger new bind requests with the search user DN, as that would be inefficient and unnecessary once the initial connection is established. The ProxySG utilizes a caching mechanism to handle repeated user connections efficiently, which is why options mentioning sending bind requests every time a user connects or when credentials are updated are not applicable in this context. Hence, the overall process optimizes performance while maintaining security by only sending the bind request once per realm during the first authentication request.