I haven’t worked with the integrated remote auth yet, I still use SASL.. It is something that we have on the backburner to migrate to, if it works anything like SASL, you need a userPassword that had a directive,
like {SASL}user@domain But that is because it’s hijacking the HASHing process, form what I understand. If you have a link to the docs, I’ll take a look and see what I can find..
From: Dino Edwards <dino.edwards@mydirectmail.net>
Sent: Thursday, February 27, 2025 10:07 AM
To: Bradley T Gill <bgill@aep.com>; 'Quanah Gibson-Mount' <quanah@fast-mail.org>; openldap-technical@openldap.org
Subject: RE: [EXTERNAL] RE: OpenLDAP Pass-through Authentication
You probably need to delete the userPassword attribute? That was a good idea actually, but sadly it didn’t work either. Same behavior as before. There is absolutely
no indication it’s trying to perform remote authentication. > It won't work
That was a good idea actually, but sadly it didn’t work either. Same behavior as before. There is absolutely no indication it’s trying to perform remote authentication.
> It won't work as explicitly stated in the manual page: > "If the userPassword is present, authentication is performed locally" The userPassword field is absolutely
empty. I don't know why it shows the ": " column there, but Apache Directory