Thanks for your response! But who is doing the comunication with saslauthd, the slap daemon process or the ldapsearch process ?
Thanks once more! On Sun, Jul 10, 2011 at 5:41 PM, Dan White <[email protected]> wrote: > On 10/07/11 17:08 -0300, Friedrich Locke wrote: >> >> Hi, >> >> i have installed and configured openldap and so far, so good. But i >> have a simple doubt. >> >> Up to now, all users i have added to the ldap server have a field: >> >> userPassword: {SASL}user@domain >> >> I am connecting to retrieve the entry attributes with the following >> command: >> >> ldapsearch -x -w PASSWORD -D uid=user,ou=people,dc=my,dc=domain -b >> uid=user,ou=people,dc=my,dc=domain >> >> And everyting works ok. >> My doubt is: >> >> who is performing the password checking? The openldap server >> daemon (slapd) ou the ldapsearch ? > > When userPassword is configured with '{SASL}user@domain', you are using > SASL pass-through authentication. See section 14.5 (Pass-Through > authentication) of the OpenLDAP Administrator's Guide for documentation. > > In such a scenario, authentication is ultimately handled by the libsasl2 > glue layer, and is controlled by the configuration of your sasl slapd.conf > file, which is typically found in /usr/lib/sasl2/slapd.conf. > > Presumably you've configured pass-through authentication because of a need > to authenticate against a saslauthd daemon (pwcheck_method: saslauthd). > > -- > Dan White >
