To access the LDAP service, you must authenticate to the service. That is, it must tell the LDAP server who is going to be accessing the data so that the server can decide what the client is allowed to see and what not. If the client authenticates successfully to the LDAP server and receives a request from the client, it checks whether the client is allowed to perform the request. This process is called access control.

In LDAP, authentication is supplied in the “bind” operation. The version 3 of Ldap also supports three types of authentication:

• Anonymous LDAP Authentication: A client that sends a LDAP request without doing a “bind” is treated as an anonymous client. 
• Simple LDAP Authentication: Simple authentication consists of sending the LDAP server the fully qualified DN of the client (user) and the client’s clear-text password. This mechanism has security problems because the password can be read from the network. To avoid exposing the password in this way, you can use the simple authentication mechanism within an encrypted channel (such as SSL), provided that this is supported by the LDAP server.
•  SASL LDAP Authentication: It specifies a challenge-response protocol in which data is exchanged between the client and the server for the purposes of authentication and establishment of a security layer on which to carry out subsequent communication. By using SASL, LDAP can support any type of authentication agreed upon by the LDAP client and server.