Allow anonymous LDAP binds at startup
For initial connection to LDAP, some deployments may allow anonymous binds. We have scoped views that only provide limited tree/attr access for anonymous connections, but it does allow us to skip creating service accounts on some network segments where services only need access to the data in our limited scope.
The change f98e38b5 may be correct in asserting that there was a security hole at both locations where bind credentials were provided but bind strategy was not specified (I haven't tested to confirm this), however for initial bind I'd suggest specifying the SIMPLE strategy only when a binddn has been provided in the config, and binding anonymously otherwise.