4.1.1.3 - Unauthenticated Authentication

The Unauthenticated Authentication mechanism is a bit specific. First of all, none all the LDAP servers support such a mechanism. In fact, the default behavior is for server to return a unwillingToPerform result code when someone tries to bind using a null password.

We won’t go any deeper into this ‘feature’, those interested in the rational behind it and the associated drawbacks can read the following links :

RFC 4513, Unauthenticated Authentication Mechanism of Simple Bind and RFC 4513, Unauthenticated Mechanism Security Considerations