It would be good to have anonymous bind ability to a ldapsam backend. At first
hear, it would sound crazy, but if you use ldapi:/// (LDAP over domain sockets)
URL to the LDAP server (where the LDAP server and the Samba PDC is on the same
machine - a common setup, I think), there's no need for authentication, since
the permissions controlled by the normal UNIX access control mechanisms.
So I think when the "ldap admin dn" option is missing, Samba should try an
descent idea but a little dangerous due to how Samba implemented
the ldapsam passdb backend. Marking for later if possible.
*** Bug 1041 has been marked as a duplicate of this bug. ***