Environment
Novell SecureLogin
Situation
When NSL is installed in credential manager mode, an LDAP trace reveals that 2 identical LDAP transactions take place between the client machine and the LDAP server.
Resolution
Working as designed.
After the initial Windows authentication has taken place, the credentials are passed from either the Novell Client or Windows itself to perform NSL's authentication and validation. Once the Windows session has started, the NSL client re-binds to the directory to get the user handle. That handle will be used to fetch the user's data from the directory and other SecureLogin operations.
This is required as NSL cannot start until the desktop opens and the user wants the NSL authentication to be complete before the desktop starts. So, the initial bind is for authentication and validation, and the second bind is for NSL's use.
After the initial Windows authentication has taken place, the credentials are passed from either the Novell Client or Windows itself to perform NSL's authentication and validation. Once the Windows session has started, the NSL client re-binds to the directory to get the user handle. That handle will be used to fetch the user's data from the directory and other SecureLogin operations.
This is required as NSL cannot start until the desktop opens and the user wants the NSL authentication to be complete before the desktop starts. So, the initial bind is for authentication and validation, and the second bind is for NSL's use.