If you want to connect to the LDAP server by using an SSL connection and the LDAP server certificate is not signed by a well-known CA, you must export the LDAP server CA certificate to a Base64-encoded file.
eDirectory: See Exporting an Organizational CA's Self-Signed Certificate.
To export an eDirectory CA certificate in iManager, the Novell Certificate Server plug-ins for iManager must be installed.
Active Directory: See How to enable LDAP over SSL with a third-party certification authority.
To perform LDAP authentication using anonymous search, you must enable anonymous search in the LDAP directory. By default, anonymous search is enabled in eDirectory and is disabled in Active Directory.
eDirectory: See ldapBindRestrictions in section Attributes on the LDAP Server Object.
Active Directory: Enabling anonymous binds for Active Directory requires two steps. These steps are the same for both Windows 2003 and Windows 2008 Active Directory.
Enable Anonymous LDAP Operations: By default, anonymous LDAP operations are disabled in Active Directory. You must enable anonymous LDAP operations in Active Directory by setting the dsHeuristics attribute to an appropriate value.
For more information, see Enabling anonymous LDAP operations.
Assign Permissions to the ANONYMOUS LOGON User: The Read and List Contents permissions must be assigned to the ANONYMOUS LOGON user.
For more information, see Granting anonymous read access.