When running the Test Settings function within Foldr Settings, authentication may fail with the following error:
“Your domain requires strong authentication, consider using LDAPS.”
This is due to LDAP Signing being required on the Windows Domain Controller (DC) and as a result it rejects the LDAP Simple Bind being sent by Foldr. There are two solutions to this issue:
- Disable the LDAP Signing requirement on the DC
or - Enable LDAPS on the DC to allow Foldr to connect using LDAP over SSL
To disable LDAP Signing:
- On the Domain Controller – Click Start > Run > gpedit.msc
- In the Group Policy Object Editor, select the relevant GPO (usually Default Domain Controllers Policy) >> Right Click >> Edit and navigate to the following section:
Computer Configuration > Windows Settings > Security Settings > Local Policies > Security Options - Select the following entries:
- Domain Controller: LDAP Server signing requirements.
- Network security: LDAP Client signing requirements
- Set the above as follows:
- Domain controller: LDAP server signing requirements = None (This is the default value)
- Network security: LDAP client signing requirements = Negotiate (This is the default value)
The recommended action in this scenario would be to leave the settings as-is and enable LDAPS on the Domain Controller to allow Foldr to securely authenticate using port 636. Click here for more information