From what I can read in cleartext communications between the client – > server:
It’s also looks like it wants to send a password in CRAM-MD5 and when it does send the hash of the AD’s administrator user it’s not the full DN it’s just “administrator” and the server replies back:
SASL(-13): user not found: no secret in database
Then the server responds with:
So the client again says CRAM-MD5 and the server says
SASL(0): successful result: security flags do not match required.0<email@example.com>
The client sends “administrator” and hash of password again and again the server responds with the SASL(-13) error and it repeats the whole process again.
So it sounds like the mac and OpenLDAP aren’t communicating properly and the mac is trying to do a simple password (despite my entering of the full DN of the administrator user) in the “security” section of the Directory Utility.
The DN I’m using is uid=administrator,cn=users,dc=mydomain,dc=org