During the course of implementing support for password policy request/response controls, I had to extend BindAuthenticator. An extension of LdapTemplate needed to be used in method bindWithDn(String, String, String).
Method bindWithDn() is private, and the template cannot be injected, so currently I had to unnecessarily create a copy of the authenticate method, a copy of the inner class BindWithSpecificDnContextSource, and a modified copy of method bindWithDn.
If the LdapTemplate was injected as a bean dependency, then the class BindAuthenticator could be easily extended - only handleBindException needs to be special.
At least, method bindWithDn and the inner class should be made visible to subclasses.