Created attachment 12518 [details] source4/ldap_server/ldap_bind.c patch If a client successfully binds to the LDAP server using SASL GSSAPI and then attempts to bind again using the same connection, the server reports error: SASL:[GSSAPI]: Sign or Seal are required. This error is misleading as the server is refusing to renegotiate the security context over already existing encrypted channel. Examining the relevant segment of code, a small reorganization will obtain the right error code. Patch attached. Once patched, server signals: SASL:[GSSAPI]: Sign or Seal are not allowed if SASL encryption has already been set up