[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: OLC permissions - general beginner question

Ferenc Wagner wrote:
> You do not "logon", you use external authentication, which means there's
> no separate BIND step,

Strictly speaking this is not correct because indeed a separate SASL/EXTERNAL
bind request is sent by the client.

> External authenication is not done by slapd (hence its name; it's done by
> the kernel in the above case), thus slapd can't fail it.

slapd indeed extracts the Unix peer credentials, which are provided by the OS,
only in case it receives a SASL/EXTERNAL bind request over LDAPI.

In summary that's probably what you meant but let us be more precise because
it makes a difference when looking at LDAP client support.

Ciao, Michael.

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature