This needs to allow anon access to RootDSE for it to work as authentication backend for SSSd in CoreOS etc.

When you use SSSd it fails as it is not allowed to do an anon binding on the RootDSE