[Date Prev][Date Next] [Chronological] [Thread] [Top]

SASL/PLAIN Passthrough auth

To: openldap-technical@openldap.org
Subject: SASL/PLAIN Passthrough auth
From: Robin Helgelin <lobbin@gmail.com>
Date: Fri, 8 Mar 2013 21:16:03 +0100
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:x-received:date:message-id:subject:from:to :content-type; bh=G4Zj4NK2xnU0MLCs7v2SLYJljBln5n0FRMnhCmSVrIU=; b=CMh/hu0sIQ+KUdkKiTxCVPNSCchaoNlc1fsDGQKOmDhaGlJAMK4Ly3NJmAjAEDNCFO FjdxwP5eDl/52tgeZXe6rKu0ceTa6O9oJ87/3NtNZxX8EafuuDM/LVTlnAAFabVbrFh5 46E9t9mlPxB/MoP1DoP0S++eyWDlRPl8G7vBu8ui9jcAtBKheHCUIDd8pDtQ8tYLm/MA ibguCWIJaMrRB2aZJ6RA3gqC12u3aRglaEbLfWRuz83vPlYCn/3Yvh25E4jb0w5u1iQh zuYMgj5p9r9axtQZUZOLvkcXq+D/dE592XtYdMr6rsQXDfSx29nWr++rQesBWz6+EhxV Nn2Q==

Hi,

I have a SASL pass-through authentication working when using a simple
bind only on users that has a userPassword starting with {SASL}. When
the users password contains {SASL}extraAuthInformation, the
extraAuthInformation is passed on as username to the saslauthd and
everything works as it should.

However, when using SASL/PLAIN all requests goes to the saslauthd,
without passing the extra information found in userPassword. Another
issue is that the username sent to saslauthd is the username entered
by the user, not the dn found when rewriting the username with
authz-regexp.

Is this by design or did I miss anything? Documentation states that
pass-through should be working with SASL/PLAIN, but perhaps I
misunderstood what it really meant?

-- 
        regards,
        Robin

Follow-Ups:
- Re: SASL/PLAIN Passthrough auth
  - From: Dan White <dwhite@olp.net>
- Re: SASL/PLAIN Passthrough auth
  - From: Howard Chu <hyc@symas.com>

Prev by Date: Server is unwilling to perform
Next by Date: Re: SASL/PLAIN Passthrough auth
Index(es):
- Chronological
- Thread