An attacker can use the unrestricted LDAP queries to determine configuration entriesReferenceshttps://backstage.forgerock.com/knowledge/kb/article/a90639318https://backstage.forgerock.com/downloads/browse/am/featured
