openldap-its@openldap.org wrote:
https://bugs.openldap.org/show_bug.cgi?id=10065
--- Comment #6 from Quanah Gibson-Mount quanah@openldap.org --- Ok, I was incorrect about SASL/EXTERNAL although I swear I was told at one point it doesn't require cyrus-sasl (which IMHO would be rather nice).
Generally, the gist here is that it would be useful for the SASL SSF to be propagated through to the end slapd server when haproxy protocol v2 is enabled.
I'd also note we use SASL/PLAIN at my current job, so Howard's definitely incorrect.
By default, slapd disallows use of SASL/PLAIN. So either your current job isn't using OpenLDAP, or you've explicitly weakened its security properties in your config.
Regardless, support of SASL/PLAIN is certainly not a priority.