Sites that allow anonymous binds and anonymous reads of the directory can use the following example to enable directory authorization without a service ID for LDAP (shown below), KRB5 and SPNEGO.
When the service bind is automatic, as shown in Using Service Binds, and the bind is anonymous because the LdapServiceFQDN and LdapServicePassword are not configured, you do not need to configure the LdapServiceBindRequired property.
<Mechanism Name="ldap"> <MechanismProperties ... LdapServiceBindRequired="yes" LdapServiceFQDN="" LdapServicePassword="" ... /> </Mechanism>