The UnboundID LDAP SDK for Java supports LDAP simple authentication, as well as a number of SASL mechanisms, including ANONYMOUS, CRAM-MD5, DIGEST-MD5, EXTERNAL, GSSAPI, and PLAIN. Basically, look at subclasses of com.unboundid.ldap.sdk.BindRequest, and many of them have examples that demonstrate their use.
But since you mentioned that you're building a mobile application, it's important to note that CRAM-MD5, DIGEST-MD5, and GSSAPI are not supported on Android because they depend on a Java SE feature that isn't available in Android's Java implementation.
As far as encryption methods that are supported, the LDAP SDK supports encrypting all communication with SSL/TLS, as well as securing an existing unencrypted connection via the StartTLS extended operation. If you're using DIGEST-MD5 or GSSAPI authentication and the server supports it, then you may also be able to use the SASL integrity or confidentiality QoP mechanisms.
Also, CRAM-MD5, DIGEST-MD5, and GSSAPI allow you to authenticate over an insecure connection without divulging the credentials because they provide their own mechanism for protecting the credentials in flight. However, I would probably recommend using a mechanism that protects all communication since bind credentials probably aren't the only kinds of sensitive information that might be sent over LDAP, and those mechanisms also don't support protecting credentials when used outside of a bind (e.g., when changing a password or retrieving them in a search result entry).
