Configuration of Binding to an LDAP server

Last Updated : Apr 17, 2026 |
Prolog information
Metadata
Keywords:
When a user selects an LDAP server as a contact search source, the server authentication occurs through a bind operation. Binding allows users to access LDAP servers based on their client privileges.
LDAPv3 (RFC 2251) supports three types of authentication requests:
  • Anonymous
  • Simple Authentication
  • Simple Authentication and Security layer (SASL)
When a client sends a request without a bind, and the DIRUSERNAME parameter has a null value, the LDAP server treats the request as anonymous. Some global servers support only authenticated requests using a username and a password.
The DIRAUTHTYPE parameter defines the binding type. There are several configuration scenarios:
  • Simple binding
  • SASL authentication

Simple binding

In this binding type, the DIRAUTHTYPE parameter is set to 0. DIRUSERNAME is DN of a record and DIRPASSWORD is the userPassword attribute of a record. The selected LDAP server is configured for read-only access for any user. In this case, when a user presses the Search soft key, the phone attempts a simple binding operation and displays the search results if the operation is successful.

SASL authentication

In this binding type, the DIRAUTHTYPE parameter is set to 1. The selected LDAP server is configured for SASL authentification and has DIGEST-MD5 and PLAIN in the supportedSaslMechanisms configuration attribute. If DIRUSERNAME and DIRPASSWORD parameter values are correct, when a user presses the Search soft key, the phone successfully binds to the LDAP server and sends a search request. If DIRUSERNAME and DIRPASSWORD are incorrect, the phone displays the following error message: LDAP search unsuccessful due to server error. return code =23108
DIRAUTHTYPE is set to 1. DIRUSERNAME and DIRPASSWORD parameter values are correct. The LDAP server does not have DIGEST-MD5 but only PLAIN in the supportedSaslMechanisms configuration attribute. If TLS is enabled, when a user presses the Search soft key, and the phone attempts to bind to the LDAP server using the PLAIN mechanism. If this operation is successful, the phone sends a search request. If the binding fails, the phone displays an error message: LDAP search unsuccessful due to server error. return code =23108.
DIRAUTHTYPE is set to 1. DIRUSERNAME and DIRPASSWORD are correct. The LDAP server does not have DIGEST-MD5 but only PLAIN in the supportedSaslMechanisms configuration attribute. If TLS is enabled, when a user presses the Search soft key, the phone does not attempt to bind, but displays the following error message: LDAP search unsuccessful due to server error. return code =23108.
Related information
LDAP Directory