Rake gitlab:ldap:check seems to do anonymous bind search

Summary

Rake gitlab:ldap:check seems to allow anonymous bind even when a bind_dn and password are provided.

Steps to reproduce

While debugging LDAP issues with a customer, we observed that a gitlab-rake gitlab:ldap:check would return 100 users easily. It gave no errors. However, every other attempt to use LDAP in GitLab failed - logins, manual searches in the Rails console, etc. All gave the error "Invalid credentials". The credentials we, in fact, invalid and things worked once we fixed that. The question remains, why did gitlab:ldap:check allow the query - it must have done an anonymous bind, which was allowed by this particular server.

The only difference I could nail down from looking at code is that the Rake task uses Gitlab::LDAP::Adapter.openand then does the user search. Most other places in GitLab simply create an adapter and do one query - such as adapter = Gitlab::LDAP::Adapter.new('ldapmain'); Gitlab::LDAP::Person.find_by_uid('foo', adapter). The former worked, the latter gave the error, when tried in the Rails console. What is this madness?

cc/ @jacobvosmaer-gitlab Any thoughts on why Gitlab::LDAP::Adapter#open + query inside a block would differ from Gitlab::LDAP::Adapter#new + query by passing the adapter? Both adapters should have the full connection details including bind_dnand password.