This configuration parameter specifies the LDAP encryption policy you use. For example, if your organization has a security policy that does not allow unencrypted LDAP traffic, you can use this parameter to specify that all connections to Active Directory are encrypted. If your organization isn’t concerned with the encryption of LDAP data and you want better performance, you can force all connections to be unencrypted.
The parameter value must be one of the following valid options:
- Allowed to allow both encrypted and unencrypted LDAP traffic.
- Disabled to prevent encrypted LDAP traffic.
- SignOnly to require all LDAP traffic to be signed to ensure packet integrity, but not encrypted.
- Required to require all LDAP traffic to be signed and encrypted. If you select this setting and a server doesn’t support encryption, the connection will be refused.
If this parameter is not defined in the configuration file, its default value is Allowed.