Hello Quanah,
Thank you for your answer (and sorry for double-reply, I forgot to answer to all at first time).
The way that SASL passthrough works is that you put the value {SASL} for the userPassword. This tells slapd to pass the user authentication to SASL to handle. You don't set an actual password value in the userPassword attribute.
Actually, I did not set a real password, only, as I saw in examples : userPassword: {SASL}user@realm
(you don’t directly see it in the extracts I provided because the password there is base64 encoded).
I tried setting only, as you suggested : userPassword: {SASL}
but I don’t have any better result.
Regards,
Stéphane