LDAP must have a mandatory-to-implement strong authentication mechanism. That's DIGEST-MD5.
Implementations which support any form of authentication (other than anonymous) MUST implement the SASL DIGEST-MD5 mechanism [4], as described in 8.2. This provides client
Simon