--On Sunday, July 10, 2022 12:02 PM +0200 Stéphane Veyret sveyret@gmail.com wrote:
Hello Quanah,
Thank you for your answer (and sorry for double-reply, I forgot to answer to all at first time).
The way that SASL passthrough works is that you put the value {SASL} for the userPassword. This tells slapd to pass the user authentication to SASL to handle. You don't set an actual password value in the userPassword attribute.
Actually, I did not set a real password, only, as I saw in examples : userPassword: {SASL}user@realm
(you don't directly see it in the extracts I provided because the password there is base64 encoded).
I tried setting only, as you suggested : userPassword: {SASL}
but I don't have any better result.
Yeah sorry, you're correct {SASL}user@realm is the correct format. It wasn't clear in your initial email, it looked like you were just setting a local password.
Do the logs from saslauthd show that LDAP is actually forwarding the requests to it?
--Quanah