Support SASL binds in the LDAP driver
Currently, the LDAP authentication source only supports simple binds (using a bind DN and password).
It would be nice to support SASL binds as well, since SASL mechanisms (like GSSAPI/kerberos and TLS certificates) allow secure authentication with LDAP servers without having to hard-code a password. This is especially convenient for environments that already use Kerberos heavily.
The SASL mechanisms are generally configured using environment variables and OpenLDAP config files, so all that would be required is to swap the ldap_bind
function for ldap_sasl_bind
.