As an App Volumes administrator, you can choose to connect to Active Directory over a secure or insecure LDAP connection.

• Secure LDAP (LDAPS) - Connect to Active Directory over a dedicated LDAPS port. The default port number for LDAPS is 636. If you choose to validate the root certificate of the domain, you must have already downloaded the CA certificate. App Volumes uses this certificate to trust the connection.
• LDAP over TLS - Connect to Active Directory over TLS. The default port number is 636. If you choose to validate the root certificate of the domain, you must have already downloaded the CA certificate. App Volumes uses this certificate to trust the connection.
  Note: You can use LDAP channel binding with secure LDAP connections: LDAPS and LDAP over TLS. When LDAP Channel Binding is enabled in Active Directory, this security feature enables and enforces checks for the presence of channel binding information during LDAP authentication performed for the secure LDAP connections. For information about LDAP Channel binding and setting the registry key for this security feature, see the relevant Microsoft documentation.
• LDAP (insecure) - Connect to Active Directory over an insecure connection over plain LDAP. The default port number is 389.

  The initial binding however, occurs over GSS-SPNEGO.

  Note: Currently, App Volumes Manager does not support LDAP Signing. To use LDAP insecure, LDAP Signing must be disabled in the Active Directory. To disable LDAP Signing, the LDAPServerIntegrity registry key value must be set to 1 in Active Directory. For information about setting the registry key, see the relevant Microsoft documentation.