The bind function call in OpenLDAP C API is like the following manpage:

 int ldap_sasl_bind(LDAP *ld, const char *dn, const char *mechanism,
        struct berval *cred, LDAPControl *sctrls[],
        LDAPControl *cctrls[], int *msgidp);

 int ldap_sasl_bind_s(LDAP *ld, const char *dn, const char *mechanism,
        struct berval *cred, LDAPControl *sctrls[],
        LDAPControl *cctrls[], struct berval **servercredp);

The cred is calculated manually (like the DigestMD5BindRequest in this repo), or calculated by calling functions like sasl_client_step or sasl_client_start. Could this package expose similar API to make it possible for users to bind with a given cred, but don't need to calculate it automatically? I didn't find similar functions in this package. The DigestMD5BindRequest helps the user to encodes the MD5 message automatically, with the clear text user/password as input.

This is especially useful for the client/server applications which want to adopt the LDAP authentication mechanism, and don't want the users to transfer their password in clear text through network. For example, the MySQL LDAP implementation:

1. The mysql-client uses the sasl_client_start and sasl_client_step to create an encrypted (or hashed) cred, and pass it to the MySQL server.
2. The MySQL server encodes the cred into ber format and sends it to LDAP server (e.g. the implementation of ldap in percona server )
3. The authentication may have multiple steps, so the client and server continues similar process several times. Until they get LDAP_SUCCESS or SASL_OK.

This API is also helpful to unify SASL process of many different mechanisms, like DigestMD5Bind and SCRAM-xxx ...

I'd like to work on this issue and submit PR for it, but I'm not sure how to design a good API for similar interface in golang. Do you have any suggestion on the function interface?

I think this may be a useful feature, and I'd like to see some community engagement in designing the right API for this.