If no LDAP bind user has been specified, we currently attempt to perform LDAP authorization queries without binding as a user. Many LDAP servers will disallow anonymous binds. We may want to reattempt queries which fail for this reason, binding with the same user and password as the authentication user, which will likely be authorized to perform queries for its own groups.