The ldap application we are working on has high security requirements, both in terms of "fine-grained"-policies we need to be able to implement as well as for the audit trail we must be able to provide.

For that, we should be able to distinguish/ensure/record in our authenticate() method
- whether the bind request was received unprotected or protected
- if with SSL protected, what session key was negotiated (if with 256+bit AES, client is entitled to see more than with 128 bit, let alone 40).
These give our application strong hints whether we must consider a credential (passwords in particular) compromised or not.

I assume this would either imply adding 1-2 more parameters to the method interface of
        LdapPrincipal org.apache.directory.server.core.authn.AbstractAuthenticator.authenticate(ServerContext ctx)
or extending the ServerContext object correspondingly.