ldap server require strong auth

The defines whether the ldap server requires ldap traffic to be signed or signed and encrypted (sealed). Possible values are no, allow_sasl_over_tls and yes.
A value of no allows simple and sasl binds over all transports.
A value of allow_sasl_over_tls allows simple and sasl binds (without sign or seal) over TLS encrypted connections. Unencrypted connections only allow sasl binds with sign or seal.
A value of yes allows only simple binds over TLS encrypted connections. Unencrypted connections only allow sasl binds with sign or seal.

Supported on: At least Microsoft Windows 7 or Windows Server 2008 family

ldap server require strong auth

Registry HiveHKEY_LOCAL_MACHINE
Registry PathSoftware\Policies\Samba\smb_conf\ldap server require strong auth
Value Nameldap server require strong auth
Value TypeREG_SZ
Default Valueyes

samba.admx

Administrative Templates (Computers)