I should maybe add the following detail: Channel binding, from all I can tell, is only available via TLS (even conceptually). That is, the issue mentioned in the bug report only happens when using ldaps.
In certain cases, it is therefore possible to work around the lack of channel binding by _not using TLS_. Typically, you'll have to set minssf to >=1 if TLS is not used, due to security settings of the LDAP server (AD DC). -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1912256 Title: Missing channel binding prevents authentication to ActiveDirectory To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openldap/+bug/1912256/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs