As section 15.2.3 in said
"The server's copy of the shared-secret may be stored in Cyrus SASL's
own _sasldb_ database, in an external system accessed via
or in LDAP database itself"
How does slapd know where the secret is stored? Does slapd try each
place in a predefined sequence?
Slapd just asks SASL. You configure Cyrus SASL to know where it is,
instead of configuring slapd.