In an LDAP authentication flow, who requests the user credentials?

In a Zscaler LDAP authentication flow, the Zscaler service is the component that actually prompts the user for credentials. The user’s browser is redirected to a Zscaler-hosted login page where the username and password are entered. Zscaler then acts as the LDAP client: it takes those credentials and performs an LDAP bind against the organization’s directory (for example, Microsoft Active Directory) to verify them.

Active Directory (or another LDAP directory) is therefore the authentication authority, but it does not directly “request” credentials from the user; it simply evaluates the bind request received from Zscaler and returns success or failure. The NSS Server is a Nanolog Streaming Service used for log export, and it is not part of the user authentication path. Similarly, a SAML Identity Provider is used for SAML-based SSO flows, not for direct LDAP authentication.

Because Zscaler owns the login page and collects the credentials before passing them securely to the LDAP directory for validation, the correct answer is that Zscaler is the component that requests the user credentials.

===========