WalterH Does it means zcore communicate to addc only unencrypted? Because at ldap configuration I need to check STARTTLS to register to addc server. If I tried register without TLS I get error message:
LDAP bind failed (strongerAuthRequired). BindSimple. Transport encryption required.
I made some tests today and it seems zcore (?) even not try to connect to addc server. At samba log file there are only Administrator connections BUT NOT any user connections. Or other way when I check syslog at grommunio server with ldap error:
zcore[3279]: ldap_adaptor: search with base "dc=mydomain,dc=deu" filter "mail=username@mydomain.de": Can't contact LDAP server
zcore[3279]: Auth rejected for "username@mydomain.de": Authentication rejected
at the same time (or close this time) there is not any record at addc server log. Because of audit we log any (successful / unsuccessful) login try from all devices connected into addc. Therefore I think grommunio do not try to communicate with addc server to check user login credentials.
And this are grommunio log records from syslog which correspond with Administrator account at addc samba log:
http[2288]: ldap_adaptor: default host <10.0.1.1> +TLS, base <dc=mydomain,dc=deu>, #conn=8, mailattr=mail
midb[2219]: ldap_adaptor: default host <10.0.1.1> +TLS, base <dc=mydomain,dc=deu>, #conn=8, mailattr=mail
zcore[2207]: ldap_adaptor: default host <10.0.1.1> +TLS, base <dc=mydomain,dc=deu>, #conn=8, mailattr=mail
delivery-queue[2212]: ldap_adaptor: default host <10.0.1.1> +TLS, base <dc=mydomain,dc=deu>, #conn=8, mailattr=mail