diff --git a/db/changes/10240-allSaints/00-role_syncPrivileges.sql b/db/changes/10240-allSaints/00-role_syncPrivileges.sql
index 0e3b0d55b..88f1779e1 100644
--- a/db/changes/10240-allSaints/00-role_syncPrivileges.sql
+++ b/db/changes/10240-allSaints/00-role_syncPrivileges.sql
@@ -202,7 +202,8 @@ BEGIN
 					JSON_OBJECT(
 						'mysql_old_password', JSON_VALUE(t.`Priv`, '$.mysql_old_password'),
 						'mysql_native_password', JSON_VALUE(t.`Priv`, '$.mysql_native_password'),
-						'authentication_string', JSON_VALUE(t.`Priv`, '$.authentication_string')
+						'authentication_string', JSON_VALUE(t.`Priv`, '$.authentication_string'),
+						'ssl_type', JSON_VALUE(t.`Priv`, '$.ssl_type')
 					)
 				)
 				FROM tRole r
diff --git a/modules/account/back/util/sync-ldap.js b/modules/account/back/util/sync-ldap.js
index 3f98633d9..b763cf14d 100644
--- a/modules/account/back/util/sync-ldap.js
+++ b/modules/account/back/util/sync-ldap.js
@@ -226,7 +226,7 @@ class SyncLdap extends SyncConnector {
         // Recreate roles
 
         let roles = await $.Role.find({
-            fields: ['id', 'name']
+            fields: ['id', 'name', 'description']
         });
         let roleRoles = await $.RoleRole.find({
             fields: ['role', 'inheritsFrom']
@@ -251,13 +251,12 @@ class SyncLdap extends SyncConnector {
             return {key: user.roleFk, val: user.name};
         });
 
-        console.log;
-
         reqs = [];
         for (let role of roles) {
             let newEntry = {
                 objectClass: ['top', 'posixGroup'],
                 cn: role.name,
+                description: role.description,
                 gidNumber: accountConfig.idBase + role.id
             };
 
diff --git a/modules/account/back/util/sync-samba.js b/modules/account/back/util/sync-samba.js
index 6e5ef9d5a..e81fc927b 100644
--- a/modules/account/back/util/sync-samba.js
+++ b/modules/account/back/util/sync-samba.js
@@ -28,6 +28,7 @@ class SyncSamba extends SyncConnector {
             url: `ldaps://${sambaConfig.host}:636`,
             tlsOptions: {rejectUnauthorized: false}
         });
+        await adClient.bind(sambaConfig.adUser, sambaConfig.adPassword);
 
         Object.assign(this, {
             sambaConfig,
@@ -98,8 +99,6 @@ class SyncSamba extends SyncConnector {
             adClient
         } = this;
 
-        await adClient.bind(sambaConfig.adUser, sambaConfig.adPassword);
-
         let opts = {
             scope: 'sub',
             attributes: ['sAMAccountName'],