An LDAP client authenticates to an LDAP server with a "bind request" which provides, among other, a simple authentication method.
Simple authentication in LDAP can be used with three different mechanisms:
Anonymous binds and unauthenticated binds allow access to information in the LDAP directory without providing a password, their use is therefore strongly discouraged.
$ldapconn = ldap_connect("ldap.example.com");
if ($ldapconn) {
$ldapbind = ldap_bind($ldapconn); // Noncompliant; anonymous authentication, no user/password provided
}
$ldaprdn = 'uname';
$ldappass = 'password';
$ldapconn = ldap_connect("ldap.example.com");
if ($ldapconn) {
$ldapbind = ldap_bind($ldapconn, $ldaprdn, $ldappass); // Compliant
}