-An anonymous bind results in an {{anonymous}} authorization.
-Anonymous bind mechanism is enabled by default, but can be disabled
-by specifying "{{EX:disallow bind_anon}}" in {{slapd.conf}}(5).
-
-An unauthenticated bind results in an {{anonymous}} authorization.
-Unauthenticated bind mechanism is disabled by default, but can be
-enabled by specifying "{{EX:allow bind_anon_cred}}" in {{slapd.conf}}(5).
-As a number of LDAP applications mistakenly generate unauthenticated
-bind request when authenticated access was intended (that is, they
-do not ensure a password was provided), this mechanism should
-generally not be enabled.
-
-A successful authenticated bind results in a user authorization
-identity, the provided name, being associated with the session.
-Authenticated bind is enabled by default. However, as this mechanism
-offers no evesdropping protection (e.g., the password is set in the
-clear), it is generally recommended that it be used only in tightly
-controlled systems or when the LDAP session is protected by other
-means (e.g., TLS, {{TERM:IPSEC}}). Where the administrator relies
-on TLS to protect the password, it is recommended that unprotected
-authentication be disabled. This is done by setting "{{EX:disallow
-bind_simple_unprotected}} in {{slapd.conf}}(5). The authenticated
-bind mechanism can be completely disabled by setting "{{EX:disallow
-bind_simple}}".
+An anonymous bind results in an {{anonymous}} authorization
+association. Anonymous bind mechanism is enabled by default, but
+can be disabled by specifying "{{EX:disallow bind_anon}}" in
+{{slapd.conf}}(5).
+
+An unauthenticated bind also results in an {{anonymous}} authorization
+association. Unauthenticated bind mechanism is disabled by default,
+but can be enabled by specifying "{{EX:allow bind_anon_cred}}" in
+{{slapd.conf}}(5). As a number of LDAP applications mistakenly
+generate unauthenticated bind request when authenticated access was
+intended (that is, they do not ensure a password was provided),
+this mechanism should generally remain disabled.
+
+A successful user/password authenticated bind results in a user
+authorization identity, the provided name, being associated with
+the session. User/password authenticated bind is enabled by default.
+However, as this mechanism itself offers no evesdropping protection
+(e.g., the password is set in the clear), it is recommended that
+it be used only in tightly controlled systems or when the LDAP
+session is protected by other means (e.g., TLS, {{TERM:IPSEC}}).
+Where the administrator relies on TLS to protect the password, it
+is recommended that unprotected authentication be disabled. This
+is done by setting "{{EX:disallow bind_simple_unprotected}}" in
+{{slapd.conf}}(5). The {{EX:security}} directive's {{EX:simple_bind}}
+option provides fine grain control over the level of confidential
+protection to require for {{simple}} user/password authentication.
+
+The user/password authenticated bind mechanism can be completely
+disabled by setting "{{EX:disallow bind_simple}}".