The Samba AD DC administration tool, when operating against a remote LDAP server, will by default send new or reset passwords over a signed-only connection. https://nvd.nist.gov/vuln/detail/CVE-2023-0922