--On Sunday, July 10, 2022 12:02 PM +0200 Stéphane Veyret <[email protected]> wrote:
Hello Quanah, Thank you for your answer (and sorry for double-reply, I forgot to answer to all at first time).The way that SASL passthrough works is that you put the value {SASL} for the userPassword. This tells slapd to pass the user authentication to SASL to handle. You don't set an actual password value in the userPassword attribute.Actually, I did not set a real password, only, as I saw in examples : userPassword: {SASL}user@realm (you don't directly see it in the extracts I provided because the password there is base64 encoded). I tried setting only, as you suggested : userPassword: {SASL} but I don't have any better result.
Yeah sorry, you're correct {SASL}user@realm is the correct format. It wasn't clear in your initial email, it looked like you were just setting a local password.
Do the logs from saslauthd show that LDAP is actually forwarding the requests to it?
--Quanah
