Ref T3208. This adds a flag which acts like the old "Search First" flag did, more or less, probably. LDAP?
Specifically, the issue at heart here is that some LDAP servers require totally uncredentialed binds, some require "anonymous" binds (not sure if this is a term of art or if whoever contributed the first LDAP patch made it up), and some require full DN binds. This flag lets us distinguish between the "full DN" and "completely uncredentialed" use cases, both of which have no "anonymous" credentials.