Michael Ströder <[email protected]> writes: > Ferenc Wagner wrote: > >> You do not "logon", you use external authentication, which means there's >> no separate BIND step, > > Strictly speaking this is not correct because indeed a separate SASL/EXTERNAL > bind request is sent by the client. > >> External authenication is not done by slapd (hence its name; it's done by >> the kernel in the above case), thus slapd can't fail it. > > slapd indeed extracts the Unix peer credentials, which are provided by the OS, > only in case it receives a SASL/EXTERNAL bind request over LDAPI. > > In summary that's probably what you meant but let us be more precise because > it makes a difference when looking at LDAP client support.
Actually I didn't know these details, thanks for spelling them out. -- Regards, Feri.
