Hi Jo, Am 18.11.2016 um 18:00 schrieb Jo L via samba: > 389 is standard LDAP, i.e. not encrypted That is not correct. If you client supports STARTTLS, you can of course use encrypted connections over 389/tcp. Regards, Marc