问题 1- 以上过程是否完全正确

question 1- Is the above process exactly correct

是的.

问题 2- 我想知道绑定帐户需要什么?

question 2- I wonder what is the need of binding account?

是的.需要搜索目录才能找到用户DN，不希望一般未经认证的公众也能搜索到目录.

Yes. You need to search the directory to find the user DN, and you don't want the general unauthenticated public to be able to search the directory.

如果我直接尝试用用户的凭据绑定ldap服务器并且成功，那么我可以给他访问权限吗?

if directly I try to bind the ldap server with user's credential and if it is successful, then can I give him the access?

您没有用户的凭据.你有他的登录名，或电子邮件地址，或 CN，或他用来标识自己的东西，但这只是某个条目的一个属性.您需要找到该条目并获取其 DN 以进行身份​​验证.

You don't have the user's credentials to start with. You have his login name, or email address, or CN, or something that he uses to identity himself, but which is only an attribute of some entry. You need to find that entry and get its DN for authentication.

我有 jexplorer 工具，我可以在其中使用我自己组织的凭据连接到 LDAP 服务器.所以我在想首先使用其他帐户绑定到 LDAP 服务器需要什么?

I have jexplorer tool in which I am able to connect to LDAP server with my own organization's credentials. So i was thinking what is the need of first binding to LDAP server with some other account?

见上.您不希望用户像使用 JXplorer 那样记住他的整个 DN.

See above. You don't want the user to have to remember his entire DN the way you do with JXplorer.