This page serves as a record of the testing done, and remaining, for eliminating the use of unsigned protocols or plaint text LDAP from macOS computers to using resources from an Active Directory domain.
References:
- Microsoft
- Joe Schiffman's solution guide
- Apple
Text of EventCode 2889:
The following client performed a SASL (Negotiate/Kerberos/NTLM/Digest) LDAP bind without requesting signing (integrity verification), or performed a simple bind over a clear text (non-SSL/TLS-encrypted) LDAP connection.