SASL PLAIN Authentication

The SASL PLAIN authentication is most certainly useless, as one can already authenticate using the Simple Bind. However, it’s still possible to issue a SASL PLAIN authentication on ApacheDS.

The difference with a Simple Bind is that the user’s name is not DN, but a meaningful value that is stored into one of the user’s entry Attributes.

When the server receives a SASL PLAIN bind request, it will look for the first entry which uid is equal to the provided value, starting from the server searchBaseDN position in the DIT.

ApacheDS expect the given name to be stored in the **UID** Attribute. This is not configurable in this version of the server.
ApacheDS does not yet support the authorization identity parameter.