ldapclient man page does not document tls:none setting
Way back when we first deployed Solaris 10 and I was configuring the LDAP naming services integration, there didn't appear to be any way to connect with an anonymous bind using SSL, the authentication options were either "none" (anonymous bind over insecure channel) or "tls:simple" (authenticated bind over encrypted channel). The necessity of authenticating in order to see the required data is completely orthogonal to the desire to validate the server and make sure the right one is actually talking to you :), so I opened a support ticket. The response was basically "we don't support that, we'll open an RFE, go away" <sigh>, and despite my attempts to get it classified as a security issue it went into limbo...
So I went to add a new authentication type "tls:none" to illumos, and to my great surprise actually found it already there, but undocumented. I made a tiny update to the ldapclient man page to include it, and am creating this issue to have an issue # to submit with it to RTI.