实际上你说的那种方式使客户端用的。

而在服务段，实际上就是用登记一个单独的pre-operation plugin的方式来实现的。。

看看sun得文档里的描述，虽然这文档说的是Netscape Directory Server 3.0 ，但我想实现的方式应该是一样的。

Supporting SASL on the Server
If you are running Netscape Directory Server 3.0 or later, you can write your own server plug-in to handle SASL authentication.

This pre-operation bind plug-in uses a registered SASL mechanism to


get information from a SASL bind request

create and send a SASL bind response back to the client.
This response can take the form of a challenge requiring an answer from the client, an error message, or a success message indicating that authentication is complete.

For more information on how to write this plug-in, see "Defining Functions for Authentication" in the Netscape Directory Server Plug-In Programmer's Guide.

For more information on SASL mechanisms, see "For More Information" at the end of this chapter.