Ahhh okie you're right on. My bad.
Alex Karasulu wrote:Not true, per RFC 4512 :
You're supposed to allow annonymous binds to the RootDSE even when anon
binds are disabled. This is because RootDSE access is required always to
discover how to auth in the first place.
5.1. Server-Specific Data Requirements
These attributes are retrievable, *subject to access control* and other
restrictions, if a client performs a Search operation...