Can someone explain the various LDAP Bind restrictions in eDirectory? The docs do a horrible job of this and there are naming inconsistencies between the documentation and the actual iManager plugins.

You can Disallow Anonymous Simple Bind, Local Bind, and/or Unauthenticated Bind.

The eDir docs refer to something called Non-Anonymous Simple Bind, which is not listed in iManager at all. Is this the same as what the plugins call Local Bind?

Now I think I know what Anonymous Simple Bind is, that is a Bind with a zero length DN and a zero length password (at least I think that is what it is).

I'm not sure what a Non-Anonymous Simple Bind and/or Local Bind are. Is that a bind with a DN value but a zero length password? Or what?

And I assume an Unauthenticated Bind is one with no user ID or password? But then how is that different from an Anonymous Simple Bind?

I'm very confused by this terminology. Plus you can Disallow any combination of the 3 in the LDAP Server settings.

Can someone make sense of all this for me? Thanks!

Matt

P.S. For reference, here is the latest bind restrictions list in the plugins:

None
Disallow anonymous simple bind
Disallow local bind
Disallow anonymous simple bind and local bind
Disallow unauthenticated bind
Disallow anonymous and unauthenticated bind
Disallow local and unauthenticated bind
Disallow anonymous, local and unauthenticated bind