Using ldap port 389, the connection’s Test Connect Error reads:
"The server requires binds to turn on integrity checking if SSL\TLS are not already active on the connection"
Using ldap port 389, Sync run error reads:
> Ldap_bind: Strong Authentication Required
> Ldap_bind: additional info:00002028:ldapERR:DSID-0C090169,comment:
> The server requires binds to turn on the integrity checking if SSL/TLS are not already active on the connection, data 0, vece
These errors indicate your LDAP server is set to Require Signing.
SimpleSync does not perform data signing. With this requirement set
on the LDAP directory, SimpleSync fails to bind to the server and returns the error shown above.
Per a Microsoft TechNet article:
Domain controller: LDAP server signing requirements
This security setting determines whether the LDAP server requires signing to be negotiated with LDAP clients, as follows:
None: Data signing is not required in order to bind with the
server. If the client requests data signing, the server supports it.
Require signature: Unless TLS\SSL is being used, the LDAP data signing option must be negotiated.
Default: Not defined, which has the same effect as None.
Per the TechNet article, if you connect using SSL, then the data signing is
not required.
Ask your AD Admin if SSL is enabled on the AD server. You can test with the SSL LDAP port of 636 (instead of the
standard ldap port of 389) to see if that resolves the problem.
If SSL is disabled, you will need to reset the
Signing Requirements setting to NONE Then, using the standard ldap
port of 389, try the Test Connection again...With signing turned off,
the connection should be successful.
*For more info on the Signing Requirements, see the following Microsoft TechNet page*
http://www.microsoft.com/technet/prodtechnol/windowsserver2003/library/ServerHelp/56044016-3123-4859-8fd9-c5a461a1c5c8.mspx
|
