ADV190023 | LDAP channel binding support

Andrew Walker awalker at
Tue Feb 18 17:31:37 UTC 2020

On Tue, Feb 18, 2020 at 11:07 AM Isaac Boukris via samba-technical <
samba-technical at> wrote:

> Hi,
> I tested net-ads-search from a joined machine configured with "ldap
> ssl ads = yes", and it works once I also set "client ldap sasl
> wrapping = plain".

This is part is I believe expected. MS-ADTS states:
"While Active Directory permits SASL binds to be performed on an
SSL/TLS-protected connection, it does not permit the use of SASL-layer
confidentiality/integrity protection mechanisms on such a connection."

More information about the samba-technical mailing list