Robin Helgelin wrote:
Hi,
I have a SASL pass-through authentication working when using a simple bind only on users that has a userPassword starting with {SASL}. When the users password contains {SASL}extraAuthInformation, the extraAuthInformation is passed on as username to the saslauthd and everything works as it should.
However, when using SASL/PLAIN all requests goes to the saslauthd, without passing the extra information found in userPassword. Another issue is that the username sent to saslauthd is the username entered by the user, not the dn found when rewriting the username with authz-regexp.
Is this by design or did I miss anything? Documentation states that pass-through should be working with SASL/PLAIN, but perhaps I misunderstood what it really meant?
That's by design. The authz-regexp mapping is only used when the target credentials are stored in slapd. Since you're using SASL/PLAIN to actually talk to saslauthd, nothing inside slapd is relevant.