Is the ldap server configured for sasl? it would seem that the osx
client tries with sasl and only sasl when that does not work it unbinds
and does not try simple bind, it may see that the ldap server is showing
sasl as a available authentication method but it is not really
available, can you exec login into it?
As I found no other way to test it I moved
away my libcrammd5.so on my
389ds box and restarted dirsrv. CRAM-MD5 was no longer in the list of
I rebooted also my mac. My mac no longer issues a CRAM-MD5 SASL bind
that is the good news, but it does not switch over to a simple bind using
a binddn. It just does no bind anymore. What a mess.
Maybe I haven't found it but an option to enable/disable certain SASL
methods within 389ds would IMHO be good to have for other situations
where you can come into these needs.