Disable Simple LDAPΒΆ

Final step is to disable simple LDAP on domain controller and require LDAP server signing. The steps are described in the following Microsoft article https://learn.microsoft.com/en-us/troubleshoot/windows-server/active-directory/enable-ldap-signing-in-windows-server

You would need to use Group Policy to enable LDAP signing, navigate to Default Domain Controller Policy > Computer Configuration > Policies > Windows Settings > Security Settings > Local Policies, then select Security Options.


Right-click Domain controller: LDAP server signing requirements, select Properties and configure the LDAP server signing requirements as shown on the following screenshot.


Click OK and reboot your domain controller to take effect.

From now on any attemp to bind to LDAP server using simple LDAP will fail with the following error ( Strong(er) authentication required ).

ERROR: Connection to 1st LDAP server failed: cannot bind to LDAP host with user
name 'squid@example.lan', error 8, error_str Strong(er) authentication required