...
- Connecting to LDAP is referred to as binding.
- You can bind to LDAP anonymously (without using any credentials)
- This only gets you public information for faculty and staff. No students.
- This is the only time you should connect in cleartext to port 389
- You can bind to LDAP using a special DN
- You must request a special DN if you wish to access students or other non-public information
- Always bind using secure LDAP over port 636.
UNIX LDAP commands (e.g. ldapsearch) may not print an error message if you provide an incorrect special DN or password. These commands will continue working as if you had bound anonymously, and this is misleading. You may think you are using your special DN, but in reality, you are only able to get at public information (e.g. you can't search for students)
...