Comment 12 for bug 1987992

A further security improvement of this patch let's OpenLDAP libldap negotiate and choose the most safe available SASL authentication mechanism:

Settings in /etc/autofs_ldap_auth.conf:
<?xml version="1.0" ?>
<!--
This files contains a single entry with multiple attributes tied to it.
See autofs_ldap_auth.conf(5) for more information.
-->

<autofs_ldap_sasl_conf
        usetls="yes"
        tlsrequired="no"
        authrequired="autodetect"
        <email address hidden>"
        authtype="DIGEST-MD5"
        secret="my_secret"
/>

$ automount -f -v -d
Starting automounter version 5.1.8, master map auto.master
using kernel protocol version 5.05
lookup_nss_read_master: reading master ldap auto.master
parse_server_string: lookup(ldap): Attempting to parse LDAP information from string "auto.master".
parse_server_string: lookup(ldap): mapname auto.master
parse_ldap_config: lookup(ldap): ldap authentication configured with the following options:
parse_ldap_config: lookup(ldap): use_tls: 1, tls_required: 0, auth_required: 4, sasl_mech: DIGEST-MD5
parse_ldap_config: lookup(ldap): user: <email address hidden>, secret: specified, client principal: (null) credential cache: (null)
do_init: parse(sun): init gathered global options: (null)
find_server: trying server uri ldap://server.example.com
do_bind: lookup(ldap): auth_required: 4, sasl_mech DIGEST-MD5
do_bind: Attempting sasl bind with mechanism DIGEST-MD5
do_bind: SASL username: <email address hidden>
do_bind: SASL authcid: root
do_bind: sasl bind with mechanism SCRAM-SHA-1 succeeded