Hello list,
Sorry for barging into this discussion but I am using LDAP passthrough-auth to an AD and in order to do this with saslauthd on Ubuntu (which may work different in this regard as your Gentoo) you absolutely have to do:
usermod -a -G sasl openldap
in order for the mux socket of saslauthd to be available by openldap (assuming here that openLDAP runs under user openldap). Without this, openLDAP simply cannot talk with/use saslauthd. There also might be some apparmor/SELinux etc. relevant part on your system that prevents those two systems communicating with each other.
Basically, if tests with
testsaslauthd -u user@domain -p password
work correctly, then an {SASL}user@domain entry in the userPassword field should suffice for the passthrough authentication after having done the permission stuff above.
Hopefully this helps.
On 28.07.22 18:01, Stéphane Veyret wrote:
Could it be that the SASL global configuration (also given in first message) is wrong? I only set those 2 options:
olcSaslHost: localhost olcSaslSecProps: none