Comment 2 for bug 1762587

Anonymous bind is indeed a common pattern in LDAP architectures and it allows for increased security by not storing any credentials on the server, utilizing end user provided credentials for all operations.

It has been supported by the upstream OpenStack Keystone LDAP driver in the past.

For this to have merit we would need to verify that this still works and that it plays nicely with other non-authentication operations Keystone might attempt to do. (Admin listing of users, filtering etc)