[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: OLC permissions - general beginner question



Michael Ströder <michael@stroeder.com> writes:

> Ferenc Wagner wrote:
>
>> You do not "logon", you use external authentication, which means there's
>> no separate BIND step,
>
> Strictly speaking this is not correct because indeed a separate SASL/EXTERNAL
> bind request is sent by the client.
>
>> External authenication is not done by slapd (hence its name; it's done by
>> the kernel in the above case), thus slapd can't fail it.
>
> slapd indeed extracts the Unix peer credentials, which are provided by the OS,
> only in case it receives a SASL/EXTERNAL bind request over LDAPI.
>
> In summary that's probably what you meant but let us be more precise because
> it makes a difference when looking at LDAP client support.

Actually I didn't know these details, thanks for spelling them out.
-- 
Regards,
Feri.