I haven't worked with the integrated remote auth yet, I still use SASL.. It is something that we have on the backburner to migrate to, if it works anything like SASL, you need a userPassword that had a directive, like {SASL}user@domain But that is because it's hijacking the HASHing process, form what I understand. If you have a link to the docs, I'll take a look and see what I can find..
From: Dino Edwards dino.edwards@mydirectmail.net Sent: Thursday, February 27, 2025 10:07 AM To: Bradley T Gill bgill@aep.com; 'Quanah Gibson-Mount' quanah@fast-mail.org; openldap-technical@openldap.org Subject: RE: [EXTERNAL] RE: OpenLDAP Pass-through Authentication
You probably need to delete the userPassword attribute? That was a good idea actually, but sadly it didn't work either. Same behavior as before. There is absolutely no indication it's trying to perform remote authentication. > It won't work
* You probably need to delete the userPassword attribute?
That was a good idea actually, but sadly it didn't work either. Same behavior as before. There is absolutely no indication it's trying to perform remote authentication.
It won't work as explicitly stated in the manual page: > "If the userPassword is present, authentication is performed locally" The userPassword field is absolutely empty. I don't know why it shows the ":?" column there, but Apache Directory