> Is the ldap server configured for sasl? it would seem that the osx
> client tries with sasl and only sasl when that does not work it unbinds
> and does not try simple bind, it may see that the ldap server is showing
> sasl as a available authentication method but it is not really
> available, can you exec login into it?

As I found no other way to test it I moved away my libcrammd5.so on my
389ds box and restarted dirsrv. CRAM-MD5 was no longer in the list of
supported methods.

I rebooted also my mac. My mac no longer issues a CRAM-MD5 SASL bind
that is the good news, but it does not switch over to a simple bind using
a binddn. It just does no bind anymore. What a mess.

Maybe I haven't found it but an option to enable/disable certain SASL
methods within 389ds would IMHO be good to have for other situations
where you can come into these needs.