ZF-8260: Interplay between Zend_Ldap and Zend_Auth_Adapter_Ldap causes issues with anonymous bind (or unbound) ldap connections.
When using Zend_Auth_Adapter_Ldap->setLdap() the adapter automatically loads the options as set for the given Zend_Ldap argument. However, this also returns username which may not have been explicitly set (and has thus defaulted to NULL), which then gets converted to the empty string ''. When the adapter then tries to authenticate, it passes a new options object with an empty string username, which Zend_Ldap interprets as a real username.
There are a few problems here: - Zend_Ldap->bind() checks whether $username === null, to my knowledge it would be more sane to replace this with empty($username), because an empty username (in whatever way specified) will always result in errors somewhere down the road, - Zend_Auth_Adapter_Ldap converts options to string (IIRC because it does trim() on them) even when not applicable, - Zend_Ldap->getOptions() returns all implicit options too.