client ldap sasl wrapping

The defines whether ldap traffic will be signed or signed and encrypted (sealed). Possible values are plain, sign and seal.
The values sign and seal are only available if Samba has been compiled against a modern OpenLDAP version (2.3.x or higher). This option is needed in the case of Domain Controllers enforcing the usage of signed LDAP connections (e.g. Windows 2000 SP3 or higher). LDAP sign and seal can be controlled with the registry key "HKLM\System\CurrentControlSet\Services\ NTDS\Parameters\LDAPServerIntegrity" on the Windows server side.
Depending on the used KRB5 library (MIT and older Heimdal versions) it is possible that the message "integrity only" is not supported. In this case, sign is just an alias for seal.
The default value is sign. That implies synchronizing the time with the KDC in the case of using Kerberos.

Supported on: At least Microsoft Windows 7 or Windows Server 2008 family

client ldap sasl wrapping

Registry HiveHKEY_LOCAL_MACHINE
Registry PathSoftware\Policies\Samba\smb_conf\client ldap sasl wrapping
Value Nameclient ldap sasl wrapping
Value TypeREG_SZ
Default Valuesign

samba.admx

Administrative Templates (Computers)