If you are using a Microsoft AD Implementation of LDAP, it order to query the directory from an external source does the BIND user need to be in the user search base or can it live outside of the search base and still be able to auth users?

Hi user5309,

Active Directory Lightweight Directory Services (AD LDS) does not accept anonymous bind requests by default. You can use this procedure to enable anonymous Lightweight Directory Access Protocol (LDAP) operations in AD LDS. However, you must set the seventh character of the dsHeuristics value to 2. In addition, assign permissions so that anonymous users have access to the appropriate objects in the directory. To grant the Read permission on all objects in a given directory partition to anonymous users, you can simply add the built-in security principal Anonymous (from the local computer) to the Readers group on that directory partition.

More information:

Anonymous LDAP operations to Active Directory are disabled on Windows Server 2003 domain controllers

https://support2.microsoft.com/default.aspx?scid=kb;EN-US;326690

Allow Anonymous LDAP Binding to an AD LDS Instance

https://technet.microsoft.com/en-us/library/cc816788%28v=ws.10%29.aspx?f=255&MSPPError=-2147217396

Understanding LDAP Security Processing

http://blogs.technet.com/b/askds/archive/2009/09/21/understanding-ldap-security-processing.aspx

Im glad to be of help to you!