I haven’t worked with the integrated remote auth yet, I still use SASL.. It is something that we have on the backburner to migrate to, if it works anything like SASL, you need a userPassword that had a directive, like  {SASL}user@domain    But that is because it’s hijacking the HASHing process, form what I understand.  If you have a link to the docs, I’ll take a look and see what I can find..

 

From: Dino Edwards <dino.edwards@mydirectmail.net>
Sent: Thursday, February 27, 2025 10:07 AM
To: Bradley T Gill <bgill@aep.com>; 'Quanah Gibson-Mount' <quanah@fast-mail.org>; openldap-technical@openldap.org
Subject: RE: [EXTERNAL] RE: OpenLDAP Pass-through Authentication

 

You probably need to delete the userPassword attribute? That was a good idea actually, but sadly it didn’t work either. Same behavior as before. There is absolutely no indication it’s trying to perform remote authentication. > It won't work

 

 

That was a good idea actually, but sadly it didn’t work either. Same behavior as before. There is absolutely no indication it’s trying to perform remote authentication.

 

> It won't work as explicitly stated in the manual page: > "If the userPassword is present, authentication is performed locally" The userPassword field is absolutely empty. I don't know why it shows the ":" column there, but Apache Directory