Ferenc Wagner wrote: > You do not "logon", you use external authentication, which means there's > no separate BIND step, Strictly speaking this is not correct because indeed a separate SASL/EXTERNAL bind request is sent by the client. > External authenication is not done by slapd (hence its name; it's done by > the kernel in the above case), thus slapd can't fail it. slapd indeed extracts the Unix peer credentials, which are provided by the OS, only in case it receives a SASL/EXTERNAL bind request over LDAPI. In summary that's probably what you meant but let us be more precise because it makes a difference when looking at LDAP client support. Ciao, Michael.
Attachment:
smime.p7s
Description: S/MIME Cryptographic Signature