What is LDAP anonymous binding?

What is anonymous binding? And, why do I need to use anonymous binding when the user provides his/her credentials for authentication?

Why do I need to bind to the ldap server an开发者_Python百科onymously and then use the credentials provided by the user for authentication?

In LDAP your full DN (needed to bind) could be anything, and often can change. A name change (since AD defaults to Full Name mapped to CN in the DN) or a move could change it. So expecting people to login with a full DN is not going to work.

So the backend system logs in anon, searches for some unique tidbit. Like email, or username or something, finds the proper DN, and then tries to login with the provided password.

Or else you use a service account for your backend system instead of anonymous binds.