How to enable SASL with LDAP authentication?

Hi, according to the documentation I should be able to use SASL with LDAP. Alas, the respective option doesn’t appear to be documented.

Quote (emphasis mine):

You should disable anonymous LDAP authentication and enable simple or SASL authentication.

Checking with tcpdump, I can see that encryption: 'plain' means exactly that and that the credentials go over the wire unencrypted to the LDAP server. Using ldapsearch, I can see that SASL works fine on port 389 of the same server.

According to this documentation we can see three types for encryption documented:

  encryption: 'plain' # "start_tls" or "simple_tls" or "plain

… so going back to the first referenced piece of documentation, how do I enable SASL?


PS: the use of omniauth also suggests that this should be possible.