I’ve only just gotten started, and don’t have my system fully working yet, but when I was trying to get LDAP user authentication working, I noticed a limitation. The server does not seem to be able to authenticate using credentials of its own, and instead relies on querying the LDAP server anonymously. This is a problem for me (and I suspect others?) who severely restrict what resources anonymous users have access to on our LDAP servers. Binding as a user allows us to give services the permissions they need to properly authenticate users without exposing that information publicly.
It would also be beneficial if some information about the current LDAP settings could be added to the administration manual, since the current system seems unintuitive to me, especially as it relates to user permissions.