This rule flags instances where a connection to an LDAP server is attempted without providing a password. Binding without a password can lead to anonymous access, which may expose sensitive directory information or allow unauthorized modifications.
To comply with this rule, always supply a valid password when calling ldap_bind. For example, use ldap_bind($server, $dn, $password); where $password is a non-empty string containing the correct credentials. If anonymous binding is necessary, ensure that it is a conscious decision backed by appropriate safeguards and documented accordingly.
