The DIGEST-MD5 authentication protocol used by LDAP is deprecated. Teradata strongly recommends you use simple binding with TLS protection, and stop using DIGEST-MD5.
Although Teradata provides SSL/TLS protection options mainly for systems that use simple binding, protection is also be beneficial for systems that use the default DIGEST-MD5 binding, and have an SASL SSF setting of 0. On these systems, SSL/TLS protects user credentials against man-in-the-middle attacks by obfuscating user credentials instead of transmitting them across the network in plain text.
SSL and TLS do not protect stored passwords, which systems that use DIGEST-MD5 binding store in plain text.