whose responsability

Hi,

i have installed and configured openldap and so far, so good. But i have a simple doubt.

Up to now, all users i have added to the ldap server have a field:

userPassword: {SASL}user@domain

I am connecting to retrieve the entry attributes with the following command:

ldapsearch -x -w PASSWORD -D uid=user,ou=people,dc=my,dc=domain -b uid=user,ou=people,dc=my,dc=domain

And everyting works ok. My doubt is:

who is performing the password checking? The openldap server daemon (slapd) ou the ldapsearch ?

Thanks in advance.

Regards,

Friedrich