On 3/25/20 4:44 AM, Ronald Wimmer via FreeIPA-users wrote:

On 25.02.20 17:26, Alexander Bokovoy via FreeIPA-users wrote:

[...]
Some people are panicking and want to switch everything to LDAPS.  For
those there is additional enhancement in works. For everyone else there
is no need to do anything.

As AD people in our organization start "panicking" we will need the additional enhancement very soon. Where can I find more about it?

I don't think there's any reason anyone needs to panic. Microsoft updated their ADV190023 a few weeks ago to add this: "The March 10, 2020 and updates in the foreseeable future will not make changes to LDAP signing or LDAP channel binding policies or their registry equivalent on new or existing domain controllers."

If you or they do still have questions, give me a call or email and I'll be happy to talk to you

AD guys do not stop to talk about "everything LDAPS" in our company. Is it possible that they switch domain controllers to LDAPS only from a technical point of view? Because if it is they will do so and IPA needs to be prepared for that. In that case I really need to know what is "in the works" and how to adapt our IPA servers to the new situation...

Cheers,
Ronald